Abstract
In order to effectively evaluate the information security level for an intelligent and connected vehicle, a novel Intelligent Connected Vehicle (ICV) Information Security Attack and Defense (ICV-ISAD) test evaluation method is proposed in this paper. ICV-ISAD test method is based on long-term large number of real vehicle test experiments. It mainly consists of security threat and risk analysis, test strategy design, test tool call, test point mapping, test procedure execution, and remediation measures mapping. Using ICV-ISAD test method, we conducted test experiments to In-vehicle Network, Telematics Box, Engine Control Unit, In-Vehicle Infotainment, Mobile Application, Radio and Telematics Service Provider for different types of vehicle. The results show that some vulnerabilities exist in ICV’s system, such as gateway filtering vulnerability, high-risk port opening, Cross Site Scripting (XSS), Structured Query Language (SQL) injection, weak password, and cleartext network traffic (HTTP). Besides, ICV-ISAD test method could map some remediation measures or recommendations for these vulnerabilities. It denotes that ICV-ISAD test method can effectively test and evaluate the information security of ICV.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Li, Y.: Big wave of the intelligent connected vehicles. China Commun. 13(2), 27–41 (2016)
Kuang, X.: Intelligent connected vehicles: the industrial practices and impacts on automotive value-chains in China. Asia Pac. Bus. Rev. 24(1), 1–21 (2018)
China prepares to issue temporary 5G licenses to operators. https://technode.com/2019/01/11/chinese-grant-temporary-5g-licence/. Accessed 17 Jan 2019
Bécsi, T.: Security issues and vulnerabilities in connected car systems. In: 2015 International Conference on Models and Technologies for Intelligent Transportation Systems (MT-ITS), Denver, pp. 3–5. IEEE (2015)
Parkinson, S.: Cyber threats facing autonomous and connected vehicles: future challenges. IEEE Trans. Intell. Transp. Syst. 18(11), 2898–2915 (2017)
Sadek, A.: Special issue on cyber transportation systems and connected vehicle research. J. Intell. Transp. Syst. 20(1), 1–3 (2016)
Luo, Q.: Wireless telematics systems in emerging intelligent and connected vehicles: threats and solutions. IEEE Wirel. Commun. 25(6), 113–119 (2018)
Mccluskey, B.: Connected cars - the security challenge [Connected Cars Cyber Security]. Eng. Technol. 12(2), 54–57 (2017)
Tesla Model S hacked from 12 miles away. https://www.welivesecurity.com/2016/09/21/tesla-model-s-hack/. Accessed 17 Jan 2019
New Car Hacking Research: 2017, Remote Attack Tesla Motors Again. https://keenlab.tencent.com/en/2017/07/27/New-Car-Hacking-Research-2017-Remote-Attack-Tesla-Motors-Again/. Accessed 16 Jan 2019
Researchers hack BMW cars, discover 14 vulnerabilities. https://www.helpnetsecurity.com/2018/05/23/hack-bmw-cars/. Accessed 17 Jan 2019
Arbabzadeh, N.: A data-driven approach for driving safety risk prediction using driver behavior and roadway information data. IEEE Trans. Intell. Transp. Syst. 19(2), 446–460 (2018)
Jesper, C., Christophe, B.: Nonlinear Optimization of Vehicle Safety Structures: Modeling of Structures Subjected to Large Deformations, 1st edn. Butterworth-Heinemann, Waltham (2015)
Siegel, J.E.: A survey of the connected vehicle landscape-architectures, enabling technologies, applications, and development areas. IEEE Trans. Intell. Transp. Syst. 19(8), 2391–2406 (2018)
Sandor, P.: Security and safety risk analysis of vision guided autonomous vehicles. In: 1st IEEE International Conference on Industrial Cyber-Physical Systems (ICPS-2018), Saint-Petersburg, pp. 193–198. IEEE (2018)
Li, X.: Connected vehicles’ security from the perspective of the in-vehicle network. IEEE Network 32(3), 58–63 (2018)
Hijacking FM Radio with a Raspberry Pi & Wire. https://null-byte.wonderhowto.com/how-to/hack-radio-frequencies-hijacking-fm-radio-with-raspberry-pi-wire-0177007/. Accessed 18 Jan 2019
China Automotive Vulnerability Database (CAVD). https://cavd.org.cn/. Accessed 21 Jan 2019
CAN Bus Standard Vulnerability. https://ics-cert.us-cert.gov/alerts/ICS-ALERT-17-209-01. Accessed 18 Jan 2019
Acknowledgments
The work described in this article has been supported by Automotive Data Center of China Automotive Technology and Research Center Co., Ltd. that provides the laboratory, all the cars, test tools and support required to carry out this research successfully.
The work in this article concerning CAVD has been supported by China Automotive Technology and Research Center Co., Ltd. through the project “Development of Automobile Information Security Vulnerability Database and Emergency Response Platform” under Contract No. 18190122.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Zhang, Y., Han, S., Zhong, S., Shi, P., Shao, X. (2019). Research on Information Security Test Evaluation Method Based on Intelligent Connected Vehicle. In: Li, J., Liu, Z., Peng, H. (eds) Security and Privacy in New Computing Environments. SPNCE 2019. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 284. Springer, Cham. https://doi.org/10.1007/978-3-030-21373-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-21373-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21372-5
Online ISBN: 978-3-030-21373-2
eBook Packages: Computer ScienceComputer Science (R0)