Skip to main content
SpringerLink
Log in

Vehicle Network Security Metrics

  • Chapter
  • First Online:
Advances in Cybersecurity Management

Abstract

The emergence of connected and autonomous vehicles at an unprecedented pace ushered several state-sponsored initiatives to start planning and building a transportation information network that utilizes intelligent sensors and sophisticated communication systems. Peripheral sensors that are used to assist the human operator in lane changing, obstacle avoidance, and parking are slowly being integrated in modern automotive vehicles. Although this newly found convenience is a boon to the society, both socially and economically, it presents security challenges that are endemic to connected technologies. These challenges underscore the need to look closely at the state of automotive vehicle network security. Consequently, security metrics must be developed in order to measure the state of vehicle network security. As a major component of continuous improvement, quantitative and qualitative measures must be devised to be able to make a full appreciation of the process. This chapter describes vehicle network security metrics and derives sample attack calculations to illustrate their applicability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Gemalto. (2018). Securing vehicle to everything. Retrieved April 13, 2020, from https://www.gemalto.com/brochures-site/download-site/Documents/auto-V2X.pdf

  2. Karahasanovic, A. (2016). Automotive cyber security. Gotehnburg: Chalmers University of Technology University of Gothenburg.

    Google Scholar 

  3. Maggi, F. (2017, July). A vulnerability in modern automotive standards and how we exploited it. Retrieved November 2018, from https://documents.trendmicro.com/assets/A-Vulnerability-In-Modern-Automotive-Standards-and-How-We-Exploited-It.pdf

  4. Francia, G. A., & Francia, X. P. (2015). Critical infrastructure protection and security benchmarks. In Encyclopedia of information science and technology (3rd ed., pp. 4267–4278). Hershey, PA: IGI Global.

    Chapter  Google Scholar 

  5. Francia, G. A., III, & El-Sheikh, E. (2021). Applied machine learning to vehicle security. In Y. Maleh, M. Shojafar, M. Alazab, & Y. Baddi (Eds.), Machine intelligence and big data analytics for cybersecurity applications (pp. 423–442). Cham: Springer Nature Switzerland AG.

    Chapter  Google Scholar 

  6. Francia, G. A. (2020). Connected vehicle security. In 15th International Conference on Cyber Warfare and Security (ICCWS 2020), (pp. 173–181). Norfolk, VA.

    Google Scholar 

  7. SAE International. (1998, August 1). CAN specification 2.0: Protocol and implementations. Retrieved October 13, 2019, from SAE Mobilus: https://www.sae.org/publications/technical-papers/content/921603/

  8. CSS Electronics. (2019). A Simple Intro to LIN bus. Retrieved October 2019, from CSS Electronics: https://www.csselectronics.com/screen/page/lin-bus-protocol-intro-basics/language/en

  9. National Instruments. (2019, May 28). FlexRay automotive communication bus overview. Retrieved October 13, 2019, from National Instruments: https://www.ni.com/en-us/innovations/white-papers/06/flexray-automotive-communication-bus-overview.html

  10. Vector Informatik GmbH. (2020). Media Oriented Systems Transport (MOST). Retrieved November 5, 2020, from Vector: https://www.vector.com/int/en/know-how/technologies/networks/most/#c21313

  11. Keysight. (2019, February 28). From standard ethernet to automotive Ethernet. Retrieved November 6, 2020, from Keysight: https://www.keysight.com/us/en/assets/7018-06530/flyers/5992-3742.pdf

  12. Zhou, A., Li, Z., & Shen, Y. (2019). Anomaly detection of CAN bus messages using a deep neural network for autonomous vehicles. Applied Sciences, 9, 3174.

    Article  Google Scholar 

  13. Vasistha, D. K. (2017, August). Detecting anomalies in Controller Area Network (CAN) for automobiles. Retrieved April 13, 2020, from http://cesg.tamu.edu/wp-content/uploads/2012/01/VASISTHA-THESIS-2017.pdf

  14. Upstream Security Ltd. (2020). ISO/SAE 21434: Setting the standard for automotive cybersecurity. Retrieved November 5, 2020, from Upstream: https://info.upstream.auto/hubfs/White_papers/Upstream_Security_Setting_the_Standard_for_Automotive_Cybersecurity_WP.pdf?_hsmi= 87208721&_hsenc=p2ANqtz-8ke_6RWU7hkISDBzRoHFeUhfbaRRQ7E9-Z2bvc4YMlP3JNvc42_oh1ZxJ5jtWQOUlTehUaSmp7MfNDcwzbzUWoZjrGHw

  15. Schmittner, C., Griessnig, G., & Ma, Z. (2018). Status of the development of ISO/SAE 21434. In Proc of the 25th European Conference, EuroSPI 2018. Bilbao, Spain.

    Google Scholar 

  16. Pauli, D. (2016, September 16). Hackers Hijack Tesla model S from Afar, while the cars are moving. Retrieved October 2019, from The Register: https://www.theregister.co.uk/2016/09/20/tesla_model_s_hijacked_remotely/

  17. McCarthy, C., Harnett, K., & Carter, A. (2014b, September). Characterization of potential security threats in modern automobiles: A composite modeling approach. U.S. Department of Transportation, National Highway Traffic Safety Administration, Washington, DC.

    Google Scholar 

  18. Petit, J., Feiri, M., & Kargl, F. (2014). Revisiting attacker model for smart vehicles. In 2014 IEEE 6th International Symposium on Wireless Vehicular Communications, WiVec 2014 Proceedings (pp. 1–5).

    Google Scholar 

  19. Monteuuis, J.-P., Petit, J., Zhang, J., Labiod, H., Mafrica, S., & Servel, A. (2018). Attacker model for connected and automated vehicles. In ACM Computer Science in Cars Symposium (CSCS’18). Berlin, Germany: Association of Computing Machinery.

    Google Scholar 

  20. Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., et al. (2010). Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on Security and Privacy (pp. 447–462). Berkeley/Oakland, CA: IEEE.

    Google Scholar 

  21. Cho, K.-T., & Shin, K. (2016). Fingerprinting electronic control units for vehicle intrusion detection. In Proceedings of the 25th USENIX Security Symposium (USENIX Security 16). USENIX.

    Google Scholar 

  22. Wang, Q., & Sawhney, S. (2014). VeCure: A practical security framework to protect the CAN bus of vehicles. In International Conference on the Internet of Things (IOT) (pp. 13–18). Cambridge, MA.

    Google Scholar 

  23. Wolf, M., & Gendrullis, T. (2011). Design, implementation, and evaluation of a vehicular hardware security module. In 14th International Conference on Information Security and Cryptology. Seoul, South Korea.

    Google Scholar 

  24. Lokman, S., Othman, T., & Abu-Bakar, M. (2019). Intrusion detection system for automotive controller area network (CAN) bus system: A review. EURASIP Journal on Wireless Communications and Networking, 2019, 184.

    Article  Google Scholar 

  25. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, N., & Savage, S., et al. (2011). Comprehensive experimental analyses of automotive attack surfaces. In 20th USENIX Conference on Security (SEC’11) (p. 6). San Francisco, CA: USENIX Association.

    Google Scholar 

  26. EVITA Project. (2011, December 01). EVITA E-safety vehicle intrusion protected applications. Retrieved November 13, 2018, from https://www.evita-project.org/

  27. PRESERVE. (2015, June). About the Project. Retrieved October 12, 2019, from Preparing Secure Vehicle-to-X Communication Systems (PREPARE) Project: https://preserve-project.eu/about

  28. SeVeCom. (2008). Security on the road. Retrieved October 13, 2019, from SeveCom.eu: https://www.sevecom.eu/

  29. Society of Automotive Engineers (SAE). (2012, January 12). Cybersecurity guidebook for cyber-physical vehicle systems J3061. Retrieved Ocotober 13, 2019, from SAE Mobilus: https://www.sae.org/standards/content/j3061/

  30. Bauer, S., & Schartner, P. (2019). Reducing risk potential by evaluating specialized countermeasures for electronic control units. In 17th Escar Europe Conference 2019. Stuttgart, Germany: Embedded Security in Cars (ESCAR).

    Google Scholar 

  31. Government Accountability Office (GAO), United States. (2016). Vehicle cybersecurity: DOT and industry have efforts under way, but DOT needs to define its role in responding to a real-world attack. GAO Report 16–350. Retrieved November 14, 2018, from https://www.gao.gov/assets/680/676064.pdf

  32. McCarty, C., Harnett, K., & Carter, A. (2014, October). A Summary of Cybersecurity Best Practices. US Department of Transportation, National Highway Traffic Safety Administration, Washington, DC. Retrieved from https://www.nhtsa.gov/sites/nhtsa.dot.gov/files/812075_cybersecuritybestpractices.pdf

  33. Society of Automotive Engineers (SAE) International. (2020, February 10). Hardware protected security for ground vehicles. Retrieved November 12, 2020, from SAE Mobilus: https://www.sae.org/standards/content/j3101_202002/

  34. British Standard Institution. (2020). IATF 16949:2016 automotive quality management. Retrieved November 12, 2020, from BSI Group: https://www.bsigroup.com/en-US/iatf-16949-automotive/introduction-to-iatf-16949/

  35. American National Standards Institute (ANSI). (2020). ISO/IEC/IEEE 29119-1:2013. Retrieved November 12, 2020, from ANSI Webstore: https://webstore.ansi.org/Standards/ISO/ISOIECIEEE291192013?gclid=CjwKCAiA17P9BRB2EiwAMvwNyKt4mT9KW0hN-taVxEzZBa7nN5sfZQzDV6HdWGRQddq5dVFT6Pv8LxoCQrEQAvD_BwE

  36. Payne, S. (2006, June 19). A guide to security metrics. (SANS Institute). Retrieved from http://www.sans.org/readingroom/papers/5/55.pdf

  37. Kark, K., Stamp, P., Penn, J., Bernhardt, S., & Dill, A. (2007, May 16). Defining an effective security metrics program. Retrieved February 2020, from Forrester: https://www.forrester.com/report/Defining+An+Effective+Security+Metrics+Program/-/E-RES42354#

  38. Saydjari, S. (2006). Is risk a good security metric? In Proceedings of the 2nd ACM Workshop on Quality of Protection (pp. 59–60).

    Google Scholar 

  39. Schechter, S. (2005, January–February). Toward econometric models of security risk from remote attack. IEEE Security and Privacy, 40–44.

    Google Scholar 

  40. Manadhata, P., & Wing, J. (2005). An attack surface metric—CMU-CS-05-155. Pittsburgh, PA: Carnegie Mellon University.

    Book  Google Scholar 

  41. Francia, G. (2016). Baseline operational security metrics for industrial control systems. In International Conference on Security and Management (pp. 8–14). Las Vegas, NV: CSREA Press.

    Google Scholar 

  42. Moukahal, L., & Zulkernine, M. (2019). Security vulnerability metrics for connected vehicles. In 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C) (pp. 17–23). Sofia, Bulgaria.

    Google Scholar 

  43. McCarthy, C., Harnett, K., & Carter, A. (2014a, October). Characterization of potential security threats in modern automobiles: A composite modeling approach. Retrieved February 25, 2020, from https://rosap.ntl.bts.gov/view/dot/12119

  44. Sheehan, B., Murphy, F., Mullins, M., & Ryan, C. (2019). Connected and autonomous vehicles: A cyber-risk classification framework. Transportation Research Part A, 124, 523–536.

    Google Scholar 

  45. Forum of Incident Response and Security Teams (FIRST). (2019, June). Common vulnerability scoring system version 3.1: Specification document. Retrieved February 13, 2020, from https://www.first.org/cvss/specification-document

  46. National Institute of Standards and Technology. (2019, November 15). CVE-2019-13582 Detail. Retrieved February 13, 2020, from https://nvd.nist.gov/vuln/detail/CVE-2019-13582

  47. Common Vulnerabilities and Exposure. (2018, May 31). CVE-2018-9322. Retrieved February 13, 2020, from Common Vulnerabilities and Exposures: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9322

  48. MITRE Corporation. (2020, August 20). CWE-787: Out-of-bounds write. Retrieved from Common Weakness Enumeration: http://cwe.mitre.org/data/definitions/787.html

  49. Common Criteria Portal. (2017, April). Common criteria for information technology security evalaution. Retrieved February 24, 2020, from https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdf

  50. Francia, G. A., & Jarupathirun, S. (2009). Security metrics-review and research directions. In Proceedings of the 2009 International Conference on Security and Management (Vol. 2, pp. 441–445). Las Vegas, NV: CSREA Press.

    Google Scholar 

  51. Conti, G., Ahamad, M., & Stasko, J. (2005). Attacking information visualization system usability overloading and deceiving the human. In SOUPS 2005 (pp. 89–100). Pittsburgh, PA.

    Google Scholar 

  52. Hochheiser, H., & Schneiderman, B. (2001). Using interactive visualizations of WWW log data to characterize access patterns and inform site design. Journal of the American Society for Information Science and Technology, 52(4), 331–343.

    Article  Google Scholar 

  53. Kumar, S., Singh, K., Kumar, S., Kaiwartya, O., Cao, Y., & Zhao, H. (2019). Delimitated anti jammer scheme for internet of vehicle: Machine learning based security approach. IEEE Access, 7, 113311–113323.

    Article  Google Scholar 

Download references

Acknowledgments

This work is partially supported by the Florida Center for Cybersecurity, under grant number 3901-1009-00-A (2019 Collaborative SEED Program), the National Security Agency under grant number H98230-19-1-0333 and the Office of Naval Research (ONR) under grant number N00014-21-1-2025. The United States Government is authorized to reproduce and distribute reprints notwithstanding any copyright notation herein.

Author information

Authors and Affiliations

  1. Center for Cybersecurity, University of West Florida, Pensacola, FL, USA

    Guillermo A. Francia III III

Authors
  1. Guillermo A. Francia III III
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Guillermo A. Francia III III .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Ulster University, Newtownabbey, UK

    Cathryn Peoples

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Francia III, G.A. (2021). Vehicle Network Security Metrics. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71381-2_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71380-5

  • Online ISBN: 978-3-030-71381-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation