Abstract
With the rise of cyberattacks in the last years, cybersecurity is of high importance in the context of the automotive domain [10, 22]. As current cars are more connected and reliant on embedded system technologies, the need for security engineering has tremendously accelerated. While ISO/SAE 21434 is available as a security engineering standard for the domain, frameworks and tools for cybersecurity training and testing of concepts are scarce.
Automotive cybersecurity testbeds provide a specified and controlled environment for testing, evaluating, and learning cybersecurity solutions for vehicles, allowing researchers and engineers to be trained and upskill faster.
Therefore, this work focuses on an embedded automotive systems framework for cybersecurity testing. The presented framework simulates a CAN controller network and allows researchers and engineers to test attack vectors and mitigation methods in a simulated environment, providing also basic implementations for the most common attack types. The presented framework is extendable for training and testing purposes with series controllers and real-world demonstrators.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Miller, C., Valasek, C.: Remote Exploitation of an Unaltered Passenger Vehicle. Technical report, Black Hat 2015 (2015)
Dobaj, J., Ekert, D., Stolfa, J., Stolfa, S., Macher, G., Messnarz, R.: Cybersecurity threat analysis, risk assessment and design patterns for automotive networked embedded systems: a case study. JUCS – J. Univ. Comput. Sci. 27(8), 830–849 (2021). https://doi.org/10.3897/jucs.72367
Dobaj, J., Macher, G., Ekert, D., Riel, A., Messnarz, R.: Towards a security-driven automotive development lifecycle. J. Softw. Evol. Process., e2407 (2021). https://doi.org/10.1002/smr.2407
Faschang, T., Heinz, R.: Penne github repository (2023). https://github.com/AstroTV/PENNE
Luo, F., et al.: Cybersecurity testing for automotive domain: a survey. Sensors 22(23), 9211 (2022). https://doi.org/10.3390/s22239211
Fowler, D.S., Cheah, M., Shaikh, S.A., Bryans, J.: Towards a testbed for automotive cybersecurity. In: 2017 IEEE International Conference on Software Testing, Verification and Validation (ICST), pp. 540–541. IEEE, Tokyo (2017). https://doi.org/10.1109/ICST.2017.62
Intel: Safety First for Automated Driving (2019)
ISO - International Organization for Standardization: ISO/SAE 21434 Road Vehicles - Cybersecurity engineering (2021)
Korsaa, M., et al.: The SPI manifesto and the ECQA SPI manager certification scheme. J. Softw. Evol. Process 24(5), 525–540 (2012)
Levy, Y.: Global Automotive Cybersecurity Report. Technical report, Upstream Security Ltd. (2022)
Macher, G., Veledar, O.: Balancing exploration and exploitation through open innovation in the automotive domain – focus on smes. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 336–348. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_22
MeticulousResearch: Automotive Cybersecurity Market - Global Opportunity Analysis and Industry Forecast (2023–2030). Technical report, Meticulous Research (2023)
Miller, C., Valasek, C.: Car Hacking: For Poories (2014)
Miller, C., Valasek, C.: Remote exploitation of an unaltered passenger vehicle (2015)
Oruganti, P.S., Appel, M., Ahmed, Q.: Hardware-in-loop based automotive embedded systems cybersecurity evaluation testbed. In: Proceedings of the ACM Workshop on Automotive Cybersecurity, pp. 41–44. ACM, Richardson (2019). https://doi.org/10.1145/3309171.3309173
Ring, M., Durrwang, J., Sommer, F., Kriesten, R.: Survey on vehicular attacks - building a vulnerability database. In: 2015 IEEE International Conference on Vehicular Electronics and Safety (ICVES), pp. 208–212. IEEE, Yokohama (2015)
Schmittner, C., Wieland, K., Macher, G.: Cooperative and distributed cybersecurity analysis for the automotive domain. In: AmE 2022 - Automotive Meets ELECTRONICS, GMM-Symposium, vol. 13, pp. 1–5 (2022)
Shi, D., Kou, L., Huo, C., Wu, T.: A CAN bus security testbed framework for automotive cyber-physical systems. Wirel. Commun. Mob. Comput. 2022, 1–11 (2022). https://doi.org/10.1155/2022/7176194
Schmittner, C., et al.: Automotive cybersecurity - training the future. In: Yilmaz, M., Clarke, P., Messnarz, R., Reiner, M. (eds.) EuroSPI 2021. CCIS, vol. 1442, pp. 211–219. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-85521-5_14
Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S., Tauber, M., Delsing, J.: Connected cars — threats, vulnerabilities and their impact. In: 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 375–380. IEEE, St. Petersburg (2018)
Toyama, T., Yoshida, T., Oguma, H., Matsumoto, T.: PASTA: Portable Automotive Security Testbed with Adaptability (2018)
Umawing, J.: TikTok car theft challenge: Hyundai, Kia fix flaw (2023). https://www.malwarebytes.com/blog/news/2023/02/tiktok-car-theft-challenge-hyundai-kia-fix-flaw
Zheng, X., Pan, L., Chen, H., Di Pietro, R., Batten, L.: A testbed for security analysis of modern vehicle systems. In: 2017 IEEE Trust- com/BigDataSE/ICESS, pp. 1090–1095. IEEE, Sydney (2017). https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.357
Acknowledgments
This work was supported by TEACHING, a project funded by the EU Horizon 2020 research and innovation programme under GA n. 871385 - www.teaching-h2020.eu, and the ECQA Certified Cybersecurity Engineer and Manager – Automotive Sector project (CYBERENG), which is co-funded by the Erasmus+ Call 2020 Round 1 KA203 Programme of the European Union under the agreement 2020-1-CZ01-KA203-078494. This work is partially supported by Grants of SGS No. SP2021/87, VSB - Technical University of Ostrava, Czech Republic.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Faschang, T., Macher, G. (2023). An Open Software-Based Framework for Automotive Cybersecurity Testing. In: Yilmaz, M., Clarke, P., Riel, A., Messnarz, R. (eds) Systems, Software and Services Process Improvement. EuroSPI 2023. Communications in Computer and Information Science, vol 1890. Springer, Cham. https://doi.org/10.1007/978-3-031-42307-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-031-42307-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-42306-2
Online ISBN: 978-3-031-42307-9
eBook Packages: Computer ScienceComputer Science (R0)