A Formal Model to Facilitate Security Testing in Modern Automotive Systems

Santos, Eduardo dos; Simpson, Andrew; Schoop, Dominik

doi:10.4204/eptcs.271.7

Cited by 13 publications

(4 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The model-based penetration testing method automatically generates test cases by utilizing the TOT [22]. This approach employs a formal language to represent automotive networks and bus systems [23], enabling testers to construct attack models using the same formal language. As a result of leveraging these attack models, researchers can generate cybersecurity test cases for in-vehicle networks and bus systems.…”

Section: Related Workmentioning

confidence: 99%

ICVTest: A Practical Black-Box Penetration Testing Framework for Evaluating Cybersecurity of Intelligent Connected Vehicles

Zhang,

Wang,

Wang

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

Intelligent connected vehicles (ICVs) are equipped with extensive electronic control units which offer convenience but also pose significant cybersecurity risks. Penetration testing, recommended in ISO/SAE 21434 “Road vehicles—Cybersecurity engineering”, is an effective approach to identify cybersecurity vulnerabilities in ICVs. However, there is limited research on vehicle penetration testing from a black-box perspective due to the complex architecture of ICVs. Additionally, no penetration testing framework has been proposed to guide security testers on conducting penetration testing for the whole vehicle. The lack of framework guidance results in the inexperienced security testers being uncertain about the processes to follow for conducting penetration testing. Moreover, the inexperienced security testers are unsure about which tests to perform in order to systematically evaluate the vehicle’s cybersecurity. To enhance the penetration testing efficiency of ICVs, this paper presents a black-box penetration testing framework, ICVTest. ICVTest proposes a standardized penetration testing process to facilitate step-by-step completion of the penetration testing, thereby addressing the issue of inexperienced testers lacking guidance on how to initiate work when confronted with ICV. Also, ICVTest includes 10 sets of test cases covering hardware and software security tests. Testers can select appropriate test cases based on the specific cybersecurity threats faced by the target object, thereby reducing the complexity of penetration testing tasks. Furthermore, we have developed a vehicle cybersecurity testing platform for ICVTest that seamlessly integrates various testing tools. The platform enables even novice testers to conduct vehicle black-box penetration testing in accordance with the given guidance which addresses the current industry’s challenge of an overwhelming number of testing tasks coupled with a shortage of skilled professionals. For the first time, we propose a comprehensive black-box penetration testing framework and implement the framework in the form of a cybersecurity testing platform. We apply ICVTest to evaluate an electric vehicle manufactured in 2021 for assessing the framework’s availability. With the aid of ICVTest, even testers with limited experience in automotive penetration can effectively evaluate the security risks of ICVs. In our experiments, numerous cybersecurity vulnerabilities were identified involving in-vehicle sensors, remote vehicle control systems, and in-vehicle controller area network (CAN) bus.

show abstract

Section: Related Workmentioning

confidence: 99%

ICVTest: A Practical Black-Box Penetration Testing Framework for Evaluating Cybersecurity of Intelligent Connected Vehicles

Zhang,

Wang,

Wang

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…The importance of creating generic testing frameworks or security testbeds to conduct automated security tests in automotive has already been highlighted in the past. More specifically, fuzz testing methods in accordance to industry-specific technologies such as the Controller Area Network (CAN bus) and the vehicle's electronic control unit (ECU) [7], [8], [9], [10] have been created.…”

Section: Related Workmentioning

confidence: 99%

“…Similarly, there are frameworks that address system atic methods of security testing for automotive Blue tooth, Vehicular Ad Hoc Networks (VANETS) in Intelli gent Transportation Systems (ITS) and road services [11], [12], [13]. Finally there are integrated security testing frameworks that improve the standardized methods [9], [14], [15], [16], [17]. All of these works, however, do not encompass a defined process for automated security testing of complete automotive systems in a holistic manner.…”

Section: Related Workmentioning

confidence: 99%

A Process to Facilitate Automated Automotive Cybersecurity Testing

Marksteiner

Marko

Smulders³

et al. 2021

2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring)

View full text Add to dashboard Cite

Modem vehicles become increasingly digital ized with advanced information technology-based solutions like advanced driving assistance systems and vehicle-to-x communications. These systems are complex and intercon nected. Rising complexity and increasing outside exposure has created a steadily rising demand for more cyber-secure systems. Thus, also standardization bodies and regulators issued standards and regulations to prescribe more secure development processes. This security, however, also has to be validated and verified. In order to keep pace with the need for more thorough, quicker and comparable testing, today's generally manual testing processes have to be structured and optimized. Based on existing and emerging standards for cybersecurity engineering, this paper therefore outlines a structured testing process for verifying and validating automotive cybersecurity, for which there is no standardized method so far. Despite presenting a commonly structured framework, the process is flexible in order to allow imple menters to utilize their own, accustomed toolsets.

show abstract

“…Some key features, such as integrity of the data, privacy, identification, and availability, should characterize a secure on-board communication system. However, a lot of security threats [46][47][48][49][50][51][52][53][54] characterize state-of-art technologies for on-board networking. The state-of-art is based on the use of CAN, and its evolutions time-triggered CAN (TTCAN) and flexible data-rate CAN (CAN-FD), as the backbone of the in-vehicle network.…”

Section: In-vehicle Cyber-security For New Gv Generations: Threats Anmentioning

confidence: 99%

Toward Green Vehicles Digitalization for the Next Generation of Connected and Electrified Transport Systems

Mihet‐Popa

Saponara

2018

Energies

View full text Add to dashboard Cite

This survey paper reviews recent trends in green vehicle electrification and digitalization, as part of a special section on “Energy Storage Systems and Power Conversion Electronics for E-Transportation and Smart Grid”, led by the authors. First, the energy demand and emissions of electric vehicles (EVs) are reviewed, including the analysis of the trends of battery technology and of the recharging issues considering the characteristics of the power grid. Solutions to integrate EV electricity demand in power grids are also proposed. Integrated electric/electronic (E/E) architectures for hybrid EVs (HEVs) and full EVs are discussed, detailing innovations emerging for all components (power converters, electric machines, batteries, and battery-management-systems). 48 V HEVs are emerging as the most promising solution for the short-term electrification of current vehicles based on internal combustion engines. The increased digitalization and connectivity of electrified cars is posing cyber-security issues that are discussed in detail, together with some countermeasures to mitigate them, thus tracing the path for future on-board computing and control platforms.

show abstract

A Formal Model to Facilitate Security Testing in Modern Automotive Systems

Cited by 13 publications

References 18 publications

ICVTest: A Practical Black-Box Penetration Testing Framework for Evaluating Cybersecurity of Intelligent Connected Vehicles

ICVTest: A Practical Black-Box Penetration Testing Framework for Evaluating Cybersecurity of Intelligent Connected Vehicles

A Process to Facilitate Automated Automotive Cybersecurity Testing

Toward Green Vehicles Digitalization for the Next Generation of Connected and Electrified Transport Systems

Contact Info

Product

Resources

About