Practical
Methodology for In-Vehicle CAN Security Evaluation 1Korea Automotive Technology
Institute, Cheonan,
Korea {hbpark, kimye, jsjeon,
hsmoon}@katech.re.kr 2Electronics and
Telecommunications Research Institute, Daejeon, Korea samuelwoo@etri.re.kr
Abstract Modern vehicles are equipped
with a variety of Electrical and Electronic (E/E) systems for the convenience
of a driver. However, with the increasing use of Electronic Control Units
(ECU) to mount vehicular E/E systems, the cyber threats are also increasing.
Vehicular security is a very important function which is directly connected
to lives of drivers and passengers. Hence, modern vehicles should be provided
with an information security function. In case that autonomous vehicles are
commercialized in the future, an evaluation methodology will be needed to
check if vehicles are normally provided with an information security
function. In this paper, we propose a security evaluation methodology and
tool that can analyze the security level of In-vehicle network without the
information provided by the vehicle manufacturer. The proposed evaluation
methodology is designed based on four types of attacks that can be performed
on In-vehicle Controller Area Network (CAN). In addition, we design and
develop the evaluation tool that can measure changes in vehicle conditions
using various sensors. Finally, we conduct experiments using actual vehicles
to evaluate the effectiveness and accuracy of the proposed method. The
proposed methodology and tool enable us to analyze security level of
In-vehicle network very easily and fast. Keywords: in-vehicle CAN
security, security evaluation, automotive security, in-vehicle CAN penetration
test +: Corresponding author: Samuel Woo
Journal
of Internet Services and Information Security
(JISIS), 9(2): 42-56, May 2019 DOI: 10.22667/JISIS.2019.05.31.042 [pdf] |