Abstract
Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway.
Highlights
M ODERN vehicles are mechanical tools for transportation, and mobile smart devices for autonomous driving, audio-visual entertainment, and information sharing, etc [1]
The security framework focuses on ten security aspects of smart vehicles and in-vehicle Electrical Control Units (ECUs) at four levels, which regulates the scope of security evaluation
We proposed Cyber Security Evaluation Framework (CSEF) that can be applied to in-vehicle ECUs to evaluate the cyber security of in-vehicle ECUs.The CSEF is designed based on the ISO/SAE 21434 standard and is optimized to have richer security assessment details, which can be better applied to the field of automotive security
Summary
M ODERN vehicles are mechanical tools for transportation, and mobile smart devices for autonomous driving, audio-visual entertainment, and information sharing, etc [1]. Some critical in-vehicle ECUs, such as On-Board Unit (OBU)[5], Telematic Box(T-Box)[6], and vehicle central gateway, have more powerful computing capabilities and data storage capabilities to meet the requirements in complex scenarios. The framework can be applied to critical in-vehicle ECUs, such as the Telematics Box, the in-vehicle gateways, the infotainment systems, the navigation systems, the domain controllers, and the On-Board Unit (OBU), etc. It has a wide range of applications and good evaluation effect.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
