Skip to main content
main-content
Top

Hint

Swipe to navigate through the chapters of this book

2016 | OriginalPaper | Chapter

Automotive Security Testing—The Digital Crash Test

Authors: Stephanie Bayer, Thomas Enderle, Dennis-Kengo Oka, Marko Wolf

Published in: Energy Consumption and Autonomous Driving

Publisher: Springer International Publishing

share
SHARE

Abstract

Modern vehicles consist of many interconnected, software-based IT components which are tested very carefully for correct functional behavior to avoid safety problems, e.g. the brakes suddenly stop working. However, in contrast to safety testing systematic testing against potential security gaps is not yet a common procedure within the automotive domain. This however could eventually enable a malicious entity to be able to attack a safety-critical IT component or even the whole vehicle. Several real-world demonstrations have already shown that this risk is not only academic theory [1]. Facing this challenge, the paper at hand will first introduce some potential automotive security attacks and some important automotive security threats. It then explains in more detail how to identify and evaluate potential security threats for automotive IT components based on theoretical security analyses and practical security testing.
Literature
1.
go back to reference Miller C, Valasek C (2013) Adventures in automotive networks and control units. In: DEFCON 21 Hacking Conference Miller C, Valasek C (2013) Adventures in automotive networks and control units. In: DEFCON 21 Hacking Conference
2.
go back to reference Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H (2010) Experimental security analysis of a modern automobile. In: 2010 IEEE symposium on security and privacy (SP) Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H (2010) Experimental security analysis of a modern automobile. In: 2010 IEEE symposium on security and privacy (SP)
3.
go back to reference Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohno T (2011) Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security, San Francisco, CA, USA Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohno T (2011) Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security, San Francisco, CA, USA
4.
go back to reference Markey E (2013) As wireless technology becomes standard, Markey queries car companies about security, privacy. In: Press release of the US senator for Massachusetts, Massachusetts, USA, 23 Dec 2013 Markey E (2013) As wireless technology becomes standard, Markey queries car companies about security, privacy. In: Press release of the US senator for Massachusetts, Massachusetts, USA, 23 Dec 2013
5.
go back to reference Miler C, Valasek C (2014) A survey of remote automotive attack surfaces. In: Blackhat Miler C, Valasek C (2014) A survey of remote automotive attack surfaces. In: Blackhat
6.
go back to reference Thiemel AV, Janke M, Steurich B (2013) Speedometer manipulation—putting a stop to fraud. ATZ elektronik worldwide Edition, 2013–02 Thiemel AV, Janke M, Steurich B (2013) Speedometer manipulation—putting a stop to fraud. ATZ elektronik worldwide Edition, 2013–02
9.
go back to reference Wolf M, Scheibel M (2012) A systematic approach to a quantified security risk analysis for vehicular IT systems. In: Automotive—safety & security, Karlsruhe Wolf M, Scheibel M (2012) A systematic approach to a quantified security risk analysis for vehicular IT systems. In: Automotive—safety & security, Karlsruhe
11.
go back to reference SAFECode (2011) Fundamental practices for secure software development SAFECode (2011) Fundamental practices for secure software development
14.
go back to reference M. I. S. R. Association and M. I. S. R. A. Staff (2013) MISRA C: 2012: Guidelines for the use of the C language in critical systems, Motor Industry Research Association, 2013 M. I. S. R. Association and M. I. S. R. A. Staff (2013) MISRA C: 2012: Guidelines for the use of the C language in critical systems, Motor Industry Research Association, 2013
18.
go back to reference Wolf M (2009) Security engineering for vehicular IT systems—improving trustworthiness and dependability of automotive IT applications, Vieweg+Teubner Verlag Wolf M (2009) Security engineering for vehicular IT systems—improving trustworthiness and dependability of automotive IT applications, Vieweg+Teubner Verlag
Metadata
Title
Automotive Security Testing—The Digital Crash Test
Authors
Stephanie Bayer
Thomas Enderle
Dennis-Kengo Oka
Marko Wolf
Copyright Year
2016
DOI
https://doi.org/10.1007/978-3-319-19818-7_2

Premium Partner