Visible to the public Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis

TitlePractical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis
Publication TypeJournal Article
Year of Publication2020
AuthorsLee, Y., Woo, S., Song, Y., Lee, J., Lee, D. H.
JournalIEEE Access
Keywords5G mobile communication, 5g network, automobiles, automotive CVE, automotive cybersecurity, Automotive engineering, automotive industry, automotive security-risk analysis, automotive vehicles, autonomous driving, car-hacking studies, car-hacking techniques, Chained Attacks, common-vulnerabilities- exposure system, Computer crime, Cyber Kill Chain, cyber kill chain-based cyberattack analysis method, electronic control devices, formal vulnerability-analysis system, hyper-connected society, ICT environment, Industries, information security techniques, information sharing, mechanical devices, pubcrawl, ransomware, resilience, Resiliency, risk analysis, Scalability, security risk analysis, systematic security-risk-assessment, traffic engineering computing, vehicle-related cyberattacks, vulnerability-information-sharing architecture
AbstractEmerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.
Citation Keylee_practical_2020