Skip to main content
SpringerLink
Log in

An Open Software-Based Framework for Automotive Cybersecurity Testing

  • Conference paper
  • First Online:
Systems, Software and Services Process Improvement (EuroSPI 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1890))

Included in the following conference series:

Abstract

With the rise of cyberattacks in the last years, cybersecurity is of high importance in the context of the automotive domain [10, 22]. As current cars are more connected and reliant on embedded system technologies, the need for security engineering has tremendously accelerated. While ISO/SAE 21434 is available as a security engineering standard for the domain, frameworks and tools for cybersecurity training and testing of concepts are scarce.

Automotive cybersecurity testbeds provide a specified and controlled environment for testing, evaluating, and learning cybersecurity solutions for vehicles, allowing researchers and engineers to be trained and upskill faster.

Therefore, this work focuses on an embedded automotive systems framework for cybersecurity testing. The presented framework simulates a CAN controller network and allows researchers and engineers to test attack vectors and mitigation methods in a simulated environment, providing also basic implementations for the most common attack types. The presented framework is extendable for training and testing purposes with series controllers and real-world demonstrators.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Miller, C., Valasek, C.: Remote Exploitation of an Unaltered Passenger Vehicle. Technical report, Black Hat 2015 (2015)

    Google Scholar 

  2. Dobaj, J., Ekert, D., Stolfa, J., Stolfa, S., Macher, G., Messnarz, R.: Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: a case study. JUCS – J. Univ. Comput. Sci. 27(8), 830–849 (2021). https://doi.org/10.3897/jucs.72367

    Article  Google Scholar 

  3. Dobaj, J., Macher, G., Ekert, D., Riel, A., Messnarz, R.: Towards a security-driven automotive development lifecycle. J. Softw. Evol. Process., e2407 (2021). https://doi.org/10.1002/smr.2407

  4. Faschang, T., Heinz, R.: Penne github repository (2023). https://github.com/AstroTV/PENNE

  5. Luo, F., et al.: Cybersecurity testing for automotive domain: a survey. Sensors 22(23), 9211 (2022). https://doi.org/10.3390/s22239211

    Article  Google Scholar 

  6. Fowler, D.S., Cheah, M., Shaikh, S.A., Bryans, J.: Towards a testbed for automotive cybersecurity. In: 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST), pp. 540–541. IEEE, Tokyo (2017). https://doi.org/10.1109/ICST.2017.62

  7. Intel: Safety First for Automated Driving (2019)

    Google Scholar 

  8. ISO - International Organization for Standardization: ISO/SAE 21434 Road Vehicles - Cybersecurity engineering (2021)

    Google Scholar 

  9. Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Softw. Evol. Process 24(5), 525–540 (2012)

    Article  Google Scholar 

  10. Levy, Y.: Global Automotive Cybersecurity Report. Technical report, Upstream Security Ltd. (2022)

    Google Scholar 

  11. Macher, G., Veledar, O.: Balancing exploration and exploitation through open innovation in the automotive domain – focus on smes. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 336–348. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_22

    Chapter  Google Scholar 

  12. MeticulousResearch: Automotive Cybersecurity Market - Global Opportunity Analysis and Industry Forecast (2023–2030). Technical report, Meticulous Research (2023)

    Google Scholar 

  13. Miller, C., Valasek, C.: Car Hacking: For Poories (2014)

    Google Scholar 

  14. Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle (2015)

    Google Scholar 

  15. Oruganti, P.S., Appel, M., Ahmed, Q.: Hardware-in-loop based automotive embedded systems cybersecurity evaluation testbed. In: Proceedings of the ACM Workshop on Automotive Cybersecurity, pp. 41–44. ACM, Richardson (2019). https://doi.org/10.1145/3309171.3309173

  16. Ring, M., Durrwang, J., Sommer, F., Kriesten, R.: Survey on vehicular attacks - building a vulnerability database. In: 2015 IEEE International Conference on Vehicular Electronics and Safety (ICVES), pp. 208–212. IEEE, Yokohama (2015)

    Google Scholar 

  17. Schmittner, C., Wieland, K., Macher, G.: Cooperative and distributed cybersecurity analysis for the automotive domain. In: AmE 2022 - Automotive Meets ELECTRONICS, GMM-Symposium, vol. 13, pp. 1–5 (2022)

    Google Scholar 

  18. Shi, D., Kou, L., Huo, C., Wu, T.: A CAN bus security testbed framework for automotive cyber-physical systems. Wirel. Commun. Mob. Comput. 2022, 1–11 (2022). https://doi.org/10.1155/2022/7176194

    Article  Google Scholar 

  19. Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14

    Chapter  Google Scholar 

  20. Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S., Tauber, M., Delsing, J.: Connected cars — threats, vulnerabilities and their impact. In: 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 375–380. IEEE, St. Petersburg (2018)

    Google Scholar 

  21. Toyama, T., Yoshida, T., Oguma, H., Matsumoto, T.: PASTA: Portable Automotive Security Testbed with Adaptability (2018)

    Google Scholar 

  22. Umawing, J.: TikTok car theft challenge: Hyundai, Kia fix flaw (2023). https://www.malwarebytes.com/blog/news/2023/02/tiktok-car-theft-challenge-hyundai-kia-fix-flaw

  23. Zheng, X., Pan, L., Chen, H., Di Pietro, R., Batten, L.: A testbed for security analysis of modern vehicle systems. In: 2017 IEEE Trust- com/BigDataSE/ICESS, pp. 1090–1095. IEEE, Sydney (2017). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.357

Download references

Acknowledgments

This work was supported by TEACHING, a project funded by the EU Horizon 2020 research and innovation programme under GA n. 871385 - www.teaching-h2020.eu, and the ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector project (CYBERENG), which is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020-1-CZ01-KA203-078494. This work is partially supported by Grants of SGS No. SP2021/87, VSB - Technical University of Ostrava, Czech Republic.

Author information

Authors and Affiliations

  1. Graz University of Technology, 8010, Graz, Austria

    Thomas Faschang & Georg Macher

Authors
  1. Thomas Faschang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Georg Macher
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Faschang .

Editor information

Editors and Affiliations

  1. Gazi University, Ankara, Türkiye

    Murat Yilmaz

  2. Dublin City University, Dublin, Ireland

    Paul Clarke

  3. Grenoble Alpes University, Grenoble, France

    Andreas Riel

  4. I.S.C.N. GesmbH, Graz, Austria

    Richard Messnarz

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Faschang, T., Macher, G. (2023). An Open Software-Based Framework for Automotive Cybersecurity Testing. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2023. Communications in Computer and Information Science, vol 1890. Springer, Cham. https://doi.org/10.1007/978-3-031-42307-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42307-9_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42306-2

  • Online ISBN: 978-3-031-42307-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation