Systematic Risk Characterisation of Hardware Threats to Automotive System

Abstract

The increasing dependence of modern automotive systems on electronics and software poses cybersecurity risks previously not factored into design and engineering of such systems. Attacks on hardware components, communication modules and embedded software – many of which are purposefully designed for automotive control and communications – are the key focus of this paper. We adopt a novel approach to characterise such attacks using Gajski-Kuhn Y-charts to represent attack manipulation across behavioural, structural and physical domains. Our selection of attacks is evidence-driven demonstrating threats that have been demonstrated to be feasible in the real-world. We then risk assess impact of such threats using the recently adopted ISO/SAE 21434 standard for automotive cybersecurity risk assessment, including mitigations for potential adoption. Our work serves to provide unique insights into the complex dynamic of hardware vulnerabilities and how the industry may address system-level security and protection of modern automotive platforms.