TY - JOUR
T1 - Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis
AU - Lee, Yousik
AU - Woo, Samuel
AU - Song, Yunkeun
AU - Lee, Jungho
AU - Lee, Dong Hoon
N1 - Funding Information:
This work was supported by the Institute for Information and Communications Technology Promotion (IITP) funded by the Korea Government (MSIT) (Developing Technologies to Predict, Detect, Respond, and Automatically Diagnose Security Threats to Automotive Ethernet-Based Vehicle) under Grant 2018-0-00312.
Publisher Copyright:
© 2013 IEEE.
PY - 2020
Y1 - 2020
N2 - Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.
AB - Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.
KW - Automotive cybersecurity
KW - automotive CVE
KW - cyber kill chain
KW - information sharing
KW - security risk analysis
UR - http://www.scopus.com/inward/record.url?scp=85088112063&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2020.3004661
DO - 10.1109/ACCESS.2020.3004661
M3 - Article
AN - SCOPUS:85088112063
SN - 2169-3536
VL - 8
SP - 120009
EP - 120018
JO - IEEE Access
JF - IEEE Access
M1 - 9123897
ER -