IT-Forensic Automotive Investigations on the Example of Route Reconstruction on Automotive System and Communication Data

Hoppe, Tobias; Kuhlmann, Sven; Kiltz, Stefan; Dittmann, Jana

doi:10.1007/978-3-642-33678-2_11

Cited by 10 publications

(5 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The algorithm executes in an automated manner and saves time compared to other manual approaches. Further, they consider a hit-and-run accident as stated by Hoppe et al [88], where some suspects without alibi claim their innocence. A route reconstruction within proximity to the incident area is suggested for the involved vehicles to absolve innocent suspects.…”

Section: B Categorization Of Papersmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection

Strandberg

Nowdehi

Olovsson

2023

IEEE Trans. Intell. Veh.

View full text Add to dashboard Cite

A modern vehicle has a complex internal architecture and is wirelessly connected to the Internet, other vehicles, and the infrastructure. The risk of cyber attacks and other criminal incidents along with recent road accidents caused by autonomous vehicles calls for more research on automotive digital forensics. Failures in automated driving functions can be caused by hardware and software failures and cyber security issues. Thus, it is imperative to be able to determine and investigate the cause of these failures, something which requires trustable data. However, automotive digital forensics is a relatively new field for the automotive where most existing self-monitoring and diagnostic systems in vehicles only monitor safety-related events. To the best of our knowledge, our work is the first systematic literature review on the current research within this field. We identify and assess over 300 papers published between 2006 -2021 and further map the relevant papers to different categories based on identified focus areas to give a comprehensive overview of the forensics field and the related research activities. Moreover, we identify forensically relevant data from the literature, link the data to categories, and further map them to required security properties and potential stakeholders. Our categorization makes it easy for practitioners and researchers to quickly find relevant work within a particular sub-field of digital forensics. We believe our contributions can guide digital forensic investigations in automotive and similar areas, such as cyber-physical systems and smart cities, facilitate further research, and serve as a guideline for engineers implementing forensics mechanisms.

show abstract

Section: B Categorization Of Papersmentioning

confidence: 99%

“…In [88], T. Hoppe et al introduce an overview of the digital forensics process and put this into an automotive context. They suggest using a data recorder that securely logs existing navigation data transmitted over the CAN bus.…”

Section: B Categorization Of Papersmentioning

confidence: 99%

A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection

Strandberg

Nowdehi

Olovsson

2023

IEEE Trans. Intell. Veh.

View full text Add to dashboard Cite

show abstract

“…For a replay attack, attackers can carefully observe message sequences during a specific time interval and save the observed message sequences [36]. Then, all or part of these legitimate message sequences are injected.…”

Section: Replay Attackmentioning

confidence: 99%

A Comprehensive Analysis of Datasets for Automotive Intrusion Detection Systems

Lee,

Choi,

Kim

et al. 2023

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Recently, automotive intrusion detection systems (IDSs) have emerged as promising defense approaches to counter attacks on in-vehicle networks (IVNs). However, the effectiveness of IDSs relies heavily on the quality of the datasets used for training and evaluation. Despite the availability of several datasets for automotive IDSs, there has been a lack of comprehensive analysis focusing on assessing these datasets. This paper aims to address the need for dataset assessment in the context of automotive IDSs. It proposes qualitative and quantitative metrics that are independent of specific automotive IDSs, to evaluate the quality of datasets. These metrics take into consideration various aspects such as dataset description, collection environment, and attack complexity. This paper evaluates eight commonly used datasets for automotive IDSs using the proposed metrics. The evaluation reveals biases in the datasets, particularly in terms of limited contexts and lack of diversity. Additionally, it highlights that the attacks in the datasets were mostly injected without considering normal behaviors, which poses challenges for training and evaluating machine learning-based IDSs. This paper emphasizes the importance of addressing the identified limitations in existing datasets to improve the performance and adaptability of automotive IDSs. The proposed metrics can serve as valuable guidelines for researchers and practitioners in selecting and constructing high-quality datasets for automotive security applications. Finally, this paper presents the requirements for high-quality datasets, including the need for representativeness, diversity, and balance.

show abstract

“…Between these attack paths, the first path imposes more threat because it is scalable to other vehicles, and it does not require physical access to the vehicle as malicious code injection could occur remotely [4,5]. As an example of the first attack path, the authors of [6] injected a code that monitors vehicle behavior, and if a specified condition occurs, it sends a CAN message containing an open window command to open the window. In [4], a personal computer (PC) attached to a powertrain network was used to demonstrate the danger of interfering with the CAN bus.…”

Section: Can Bus Attacksmentioning

confidence: 99%

Prevention of Controller Area Network (CAN) Attacks on Electric Autonomous Vehicles

Adly,

Moro,

Hammad

et al. 2023

Applied Sciences

View full text Add to dashboard Cite

The importance of vehicle security has increased in recent years in the automotive field, drawing the attention of both the industry and academia. This is due to the rise in cybersecurity threats caused by (1) the increase in vehicle connectivity schemes, such as the Internet of Things, vehicle-to-x communication, and over-the-air updates, and (2) the increased impact of such threats because of the added functionalities that are controlled by vehicle software. These causes and threats are further amplified in autonomous vehicles, which are generally equipped with more electronic control units (ECUs) that are connected through controller area networks (CANs). Due to the holistic nature of CANs, attacks on the networks can affect the functionality of all vehicle ECUs and the whole system. This can lead to a breach of privacy, denial of services, alteration of vehicle performance, and exposure to safety threats. Although cryptographic encryption and authentication algorithms and intrusion detection systems (IDS) are currently being used to detect and prevent CAN bus attacks, they have certain limitations. Therefore, this study proposed a mitigation scheme that can detect and prevent such attacks at the ECU level, which could address the limitations of existing algorithms. This study proposed the usage of a secure boot scheme to detect and prevent the execution of malicious codes, as the presence of one or more ECUs with a malicious code is the root cause of most CAN bus attacks. Secure boot schemes apply cryptographic data integrity algorithms to ensure that only authentic and untampered software can run on the vehicle’s ECUs. The selection of an appropriate cryptographic algorithm is important because it affects the secure boot schemes’ security level and performance. Therefore, this study also tested and compared the performance of the proposed secure boot scheme with five different data security algorithms implemented using the hardware security module (HSM) of the TC399 32-bit AURIX™ TriCore™ microcontroller through an electric autonomous vehicle’s control unit. The tests showed that the two most favorable schemes with the selected hardware are the secure boot scheme with the cipher-based message authentication code (CMAC), because it possesses the highest performance with an execution rate of 26.07 (ms/MB), and the secure boot scheme with the elliptic curve digital signature algorithm (ECDSA), because it provides a higher security level with an acceptable compromise in speed. This study also introduced and tested a novel variation of the ECDSA algorithm based on the CMAC algorithm, which was found to have a 19% performance gain over the standard ECDSA-based secure boot scheme.

show abstract

IT-Forensic Automotive Investigations on the Example of Route Reconstruction on Automotive System and Communication Data

Cited by 10 publications

References 2 publications

A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection

A Systematic Literature Review on Automotive Digital Forensics: Challenges, Technical Solutions and Data Collection

A Comprehensive Analysis of Datasets for Automotive Intrusion Detection Systems

Prevention of Controller Area Network (CAN) Attacks on Electric Autonomous Vehicles

Contact Info

Product

Resources

About