CONNECTED VEHICLES’ CYBERSECURITY: VULNERABILITIES, MAJOR THREAT VECTORS, AND SOLUTIONS
Authors: Betre Yacob Getahun, Xiangdong Che
Affiliation: GameAbove College of Engineering and Technology; School of Information Security & Applied Computing, Eastern Michigan University
Category:
Keywords: Connected Vehicles, Embedded System, Threat Vectors, Vulnerability
ABSTRACT. The increasing complexity of embedded systems and Internet-facing communication interfaces in connected vehicles make such vehicles vulnerable to cyber-attacks. The vulnerabilities are critical and could have grave consequences, including loss of life. Most of these vulnerabilities are associated with underlying designs that are not developed with security in mind. This paper investigates these embedded system technologies from a security perspective. We identify the components/technologies used in modern vehicles that allow external connections and study the major threat vectors, vulnerabilities, related security risks, and most common attacks. We also discuss solutions that may help manufacturers to mitigate the risks.
References:
Alkhatib, Natasha, Hadi Ghauch, and Jean-Luc Danger. “SOME/IP Intrusion Detection Using Deep Learning-based Sequential Models in Automotive Ethernet Networks.” arXiv.org, August 4, 2021. https://arxiv.org/abs/2108.08262.
Beierle, Christof, Patrick Derbez, Gregor Leander, Gaëtan Leurent, Håvard Raddum, Yann Rotella, David Rupprecht, and Lukas Stennes. “Cryptanalysis of the GPRS Encryption Algorithms GEA-1 and GEA-2.” In Lecture Notes in Computer Science, 155–83, 2021. https://doi.org/10.1007/978-3-030-77886-6_6.
Bosch N, Baumann V (2019) Trust in autonomous cars. Paper presented at a seminar on social media and digital privacy. https://www.researchgate.net/publication/336315108_Trust_in_Autonomous_Cars. Accessed 10 Jun 2022.
Dey S, Chatterjee S, Chattopadhyay S, et al. (2022) A comprehensive study of cyber-security in connected vehicles. J Ambient Intell Humaniz Comput 13(1):819-845
Dibaei, Mahdi, Xi Zheng, Kun Jiang, Robert Abbas, Shigang Liu, Yuexin Zhang, Yang Xiang, and Shui Yu. “Attacks and Defences on Intelligent Connected Vehicles: A Survey.” Digital Communications and Networks 6, no. 4 (May 24, 2020): 399–421. https://doi.org/10.1016/j.dcan.2020.04.007
Elkhail, Abdulrahman Abu, Rafi Ud Daula Refat, Ricardo Habre, Azeem Hafeez, Anys Bacha, and Hafiz Malik. “Vehicle Security: A Survey of Security Issues and Vulnerabilities, Malware Attacks and Defenses.” IEEE Access 9 (January 1, 2021): 162401–37. https://doi.org/10.1109/access.2021.3130495
Gao, Guangyuan, Shengwang Meng, and Mario V. Wüthrich. “What Can We Learn From Telematics Car Driving Data: A Survey.” Insurance Mathematics and Economics 104 (March 1, 2022): 185–99. https://doi.org/10.1016/j.insmatheco.2022.02.004
Garrad, Phillip, and Shane Gilroy. “Developments in Connected Vehicles and the Requirement for Increased Cybersecurity.” arXiv.org, November 23, 2021. https://arxiv.org/abs/2111.11612.
Ghosal, Amrita, and Mauro Conti. “Security Issues and Challenges in V2X: A Survey.” Computer Networks 169 (January 6, 2020): 107093. https://doi.org/10.1016/j.comnet.2019.107093
Jedh, Mubark, Lotfi Ben Othmane, Noor Ahmed, and Bharat Bhargava. “Detection of Message Injection Attacks Onto the CAN Bus Using Similarities of Successive Messages-Sequence Graphs.” IEEE Transactions on Information Forensics and Security 16 (January 1, 2021): 4133–46. https://doi.org/10.1109/tifs.2021.3098162
Jeong, Hyera, and Jaewoo So. “Channel Correlation‐based Relay Attack Avoidance in Vehicle Keyless‐entry Systems.” Electronics Letters 54, no. 6 (January 25, 2018): 395–97. https://doi.org/10.1049/el.2017.4360
Khan, Shah Khalid, Nirajan Shiwakoti, and Peter Stasinopoulos. “A Conceptual System Dynamics Model for Cybersecurity Assessment of Connected and Autonomous Vehicles.” Accident Analysis & Prevention 165 (December 8, 2021): 106515. https://doi.org/10.1016/j.aap.2021.106515
Khan, Shah Khalid, Nirajan Shiwakoti, Peter Stasinopoulos, and Yilun Chen. “Cyber-attacks in the Next-generation Cars, Mitigation Techniques, Anticipated Readiness and Future Directions.” Accident Analysis & Prevention 148 (October 26, 2020): 105837. https://doi.org/10.1016/j.aap.2020.105837
Lin, Tong, and Luhai Chen. “Common Attacks Against Car Infotainment Systems,” July 2019. https://events19.linuxfoundation.org/wp-content/uploads/2018/07/ALS19-Common-Attacks-Against-Car-Infotainment-Systems.pdf.
Burkacky, Ondrej, Johannes Deichmann, Benjamin Klein, Klaus Pototzky, Gundbert Scherf, and McKinsey & Company, Inc. “Cybersecurity in Automotive,” March 2020. https://www.gsaglobal.org/wp-content/uploads/2020/03/Cybersecurity-in-automotive-Mastering-the-challenge.pdf
Morimoto S, Wang F, Zhang R, et al. (2017) Cybersecurity in autonomous vehicles. https://www.researchgate.net/publication/328107877_Cybersecurity_in_Autonomous_Vehicles?channel=doi&linkId=5bb7d64c299bf1049b70067e&showFulltext=true
Parkinson, Simon, Paul Ward, Kyle Wilson, and Jonathan Miller. “Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges.” IEEE Transactions on Intelligent Transportation Systems 18, no. 11 (March 6, 2017): 2898–2915. https://doi.org/10.1109/tits.2017.2665968
Pascale, Francesco, Ennio Andrea Adinolfi, Simone Coppola, and Emanuele Santonicola. “Cybersecurity in Automotive: An Intrusion Detection System in Connected Vehicles.” Electronics 10, no. 15 (July 23, 2021): 1765. https://doi.org/10.3390/electronics10151765
Payne, Bryson R. “Car Hacking: Accessing and Exploiting the CAN Bus Protocol.” Journal of Cybersecurity Education Research and Practice 2019, no. 1 (June 1, 2019). https://doi.org/10.62915/2472-2707.1045
Pham Minh and Kaiqi Xiong, “A Survey on Security Attacks and Defense Techniques for Connected and Autonomous Vehicles,” Computers & Security 109 (June 17, 2021): 102269, https://doi.org/10.1016/j.cose.2021.102269
Ramadan, Mohammed, Guohong Du, Fagen Li, and Chunxiang Xu. “A Survey of Public Key Infrastructure-Based Security for Mobile Communication Systems.” Symmetry 8, no. 9 (August 26, 2016): 85. https://doi.org/10.3390/sym8090085.
Rathore, Rajkumar Singh, Chaminda Hewage, Omprakash Kaiwartya, and Jaime Lloret. “In-Vehicle Communication Cyber Security: Challenges and Solutions.” Sensors 22, no. 17 (September 3, 2022): 6679. https://doi.org/10.3390/s22176679.
Rosenstatter Thomas (2021) On the secure and resilient design of connected vehicles: methods and guidelines. Dissertation, University of Technology Gothenburg
Sheikh, Muhammad Sameer, Jun Liang, and Wensong Wang. “Security and Privacy in Vehicular Ad Hoc Network and Vehicle Cloud Computing: A Survey.” Wireless Communications and Mobile Computing 2020 (January 17, 2020): 1–25. https://doi.org/10.1155/2020/5129620
Takahashi, Junko. “An Overview of Cyber Security for Connected Vehicles.” IEICE Transactions on Information and Systems E101.D, no. 11 (October 31, 2018): 2561–75. https://doi.org/10.1587/transinf.2017ici0001
Vellinga, Nynke E. “Connected and Vulnerable: Cybersecurity in Vehicles.” International Review of Law Computers & Technology 36, no. 2 (April 4, 2022): 161–80. https://doi.org/10.1080/13600869.2022.2060472. 27. Wang, Yafei, Shengqiang Han, Nan Zhang, and Peng Hu. “Study on Cybersecurity Attack-defense Visualization Method Based on Intelligent Connected Vehicle.” E3S Web of Conferences 268 (January 1, 2021): 01010. https://doi.org/10.1051/e3sconf/202126801010
Wang, Yafei, Shengqiang Han, Nan Zhang, and Peng Hu. “Study on Cybersecurity Attack-defense Visualization Method Based on Intelligent Connected Vehicle.” E3S Web of Conferences 268 (January 1, 2021): 01010. https://doi.org/10.1051/e3sconf/202126801010
Zelle, Daniel, Christian Plappert, Roland Rieke, Dirk Scheuermann, and Christoph Krauß. “ThreatSurf: A Method for Automated Threat Surface Assessment in Automotive Cybersecurity Engineering.” Microprocessors and Microsystems 90 (February 5, 2022): 104461. https://doi.org/10.1016/j.micpro.2022.104461
Zuo, Zheng, Shichun Yang, Bin Ma, Bosong Zou, Yaoguang Cao, Qiangwei Li, Sida Zhou, and Jichong Li. “Design of a CANFD to SOME/IP Gateway Considering Security for In-Vehicle Networks.” Sensors 21, no. 23 (November 27, 2021): 7917. https://doi.org/10.3390/s21237917
NIST (2018) NVD - CVE-2018-18203. In: nvd.nist.gov. https://nvd.nist.gov/vuln/detail/CVE-2018-18203.
Hassan, Shaikh Shahriar, Soumik Das Bibon, Md Shohrab Hossain, and Mohammed Atiquzzaman. “Security Threats in Bluetooth Technology.” Computers & Security 74 (March 18, 2017): 308–22. https://doi.org/10.1016/j.cose.2017.03.008
Shrestha, Sunny, Esa Irby, Raghav Thapa, and Sanchari Das. “SoK: A Systematic Literature Review of Bluetooth Security Threats and Mitigation Measures.” In Communications in Computer and Information Science, 108–27, 2022. https://doi.org/10.1007/978-3-030-93956-4_7
Seri, Ben, Gregory Vishnepolsky, and ARMIS, INC. “The Dangers of Bluetooth Implementations: Unveiling Zero Day Vulnerabilities and Security Flaws in Modern Bluetooth Stacks.” Report, 2023. https://info.armis.com/rs/645-PDC-047/images/BlueBorne%20Technical%20White%20Paper_20171130.pdf
Tschirschnitz Von, Maximilian, Ludwig Peuckert, Fabian Franzen, and Jens Grossklags. “Method Confusion Attack on Bluetooth Pairing.” 2022 IEEE Symposium on Security and Privacy (SP), May 1, 2021, 1332–47. https://doi.org/10.1109/sp40001.2021.00013
Renganathan, Vishnu, Ekim Yurtsever, Qadeer Ahmed, and Aylin Yener. “Valet Attack on Privacy: A Cybersecurity Threat in Automotive Bluetooth Infotainment Systems.” Cybersecurity 5, no. 1 (October 4, 2022). https://doi.org/10.1186/s42400-022-00132-x.
Vanhoef M, Piessens F (2017) Denial of Service Attacks Against the 4-Way Wi-Fi Handshake. Computer Science & Information Technology (CS & IT). https://doi.org/10.5121/csit.2017.71508
Sanders, Christian, and Yongqiang Wang. “Localizing Spoofing Attacks on Vehicular GPS Using Vehicle-to-Vehicle Communications.” IEEE Transactions on Vehicular Technology 69, no. 12 (October 16, 2020): 15656–67. https://doi.org/10.1109/tvt.2020.3031576
Troja E, Debello J, Yadav N, et al (2023) Mitigating Autonomous Vehicle GPS Spoofing Attacks through Scene Text Observations. In: 56th Hawaii International Conference on System Sciences
Jafarnia-Jahromi, Ali, Ali Broumandan, John Nielsen, and Gérard Lachapelle. “GPS Vulnerability to Spoofing Threats and a Review of Antispoofing Techniques.” International Journal of Navigation and Observation 2012 (July 18, 2012): 1–16. https://doi.org/10.1155/2012/127072
Menu