Abstract
Modern vehicles consist of many interconnected, software-based IT components which are tested very carefully for correct functional behavior to avoid safety problems, e.g. the brakes suddenly stop working. However, in contrast to safety testing systematic testing against potential security gaps is not yet a common procedure within the automotive domain. This however could eventually enable a malicious entity to be able to attack a safety-critical IT component or even the whole vehicle. Several real-world demonstrations have already shown that this risk is not only academic theory [1]. Facing this challenge, the paper at hand will first introduce some potential automotive security attacks and some important automotive security threats. It then explains in more detail how to identify and evaluate potential security threats for automotive IT components based on theoretical security analyses and practical security testing.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Miller C, Valasek C (2013) Adventures in automotive networks and control units. In: DEFCON 21 Hacking Conference
Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H (2010) Experimental security analysis of a modern automobile. In: 2010 IEEE symposium on security and privacy (SP)
Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S, Koscher K, Czeskis A, Roesner F, Kohno T (2011) Comprehensive experimental analyses of automotive attack surfaces. In: USENIX security, San Francisco, CA, USA
Markey E (2013) As wireless technology becomes standard, Markey queries car companies about security, privacy. In: Press release of the US senator for Massachusetts, Massachusetts, USA, 23 Dec 2013
Miler C, Valasek C (2014) A survey of remote automotive attack surfaces. In: Blackhat
Thiemel AV, Janke M, Steurich B (2013) Speedometer manipulation—putting a stop to fraud. ATZ elektronik worldwide Edition, 2013–02
ExtremeTech, Hack the diagnostics connector, steal yourself a BMW in 3 min.http://www.extremetech.com/extreme/132526-hack-the-diagnostics-connector-steal-yourself-a-bmw-in-3-minutes
ExtremeTech, Hackers can unlock cars via SMS. http://www.extremetech.com/extreme/91306-hackers-can-unlock-cars-and-meddle-with-traffic-control-systems-via-sms
Wolf M, Scheibel M (2012) A systematic approach to a quantified security risk analysis for vehicular IT systems. In: Automotive—safety & security, Karlsruhe
CERT Secure Coding Standards. http://www.cert.org/secure-coding/research/secure-coding-standards.cfm?
SAFECode (2011) Fundamental practices for secure software development
Alliance of Automobile Manufacturers (2014) Auto cyber-security: continual testing, checks and balances. http://www.autoalliance.org/auto-innovation/cyber-security
The OpenSSL Project. https://www.openssl.org/
M. I. S. R. Association and M. I. S. R. A. Staff (2013) MISRA C: 2012: Guidelines for the use of the C language in critical systems, Motor Industry Research Association, 2013
OpenVAS—Open Vulnerability Assessment System. http://www.openvas.org
DEJA VU SECURITY (2014) Peach Fuzzer platform. http://peachfuzzer.com/products
The Heartbleed Bug (2014) http://heartbleed.com/
Wolf M (2009) Security engineering for vehicular IT systems—improving trustworthiness and dependability of automotive IT applications, Vieweg+Teubner Verlag
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Bayer, S., Enderle, T., Oka, DK., Wolf, M. (2016). Automotive Security Testing—The Digital Crash Test. In: Langheim, J. (eds) Energy Consumption and Autonomous Driving. Lecture Notes in Mobility. Springer, Cham. https://doi.org/10.1007/978-3-319-19818-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-19818-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-19817-0
Online ISBN: 978-3-319-19818-7
eBook Packages: EnergyEnergy (R0)