A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units

Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a lar...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Haichun Zhang, Yuqian Pan, Zhaojun Lu, Jie Wang, Zhenglin Liu
Formato: article
Lenguaje:EN
Publicado: IEEE 2021
Materias:
Acceso en línea:https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff400
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:dc918ec65dad4c3c892d4c12487ff400
record_format dspace
spelling oai:doaj.org-article:dc918ec65dad4c3c892d4c12487ff4002021-11-18T00:02:49ZA Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units2169-353610.1109/ACCESS.2021.3124565https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff4002021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9597523/https://doaj.org/toc/2169-3536Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway.Haichun ZhangYuqian PanZhaojun LuJie WangZhenglin LiuIEEEarticleIn-vehicle electrical control unitscyber security evaluation frameworkthreat analysisrisk assessmentElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 149690-149706 (2021)
institution DOAJ
collection DOAJ
language EN
topic In-vehicle electrical control units
cyber security evaluation framework
threat analysis
risk assessment
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
spellingShingle In-vehicle electrical control units
cyber security evaluation framework
threat analysis
risk assessment
Electrical engineering. Electronics. Nuclear engineering
TK1-9971
Haichun Zhang
Yuqian Pan
Zhaojun Lu
Jie Wang
Zhenglin Liu
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
description Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway.
format article
author Haichun Zhang
Yuqian Pan
Zhaojun Lu
Jie Wang
Zhenglin Liu
author_facet Haichun Zhang
Yuqian Pan
Zhaojun Lu
Jie Wang
Zhenglin Liu
author_sort Haichun Zhang
title A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
title_short A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
title_full A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
title_fullStr A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
title_full_unstemmed A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
title_sort cyber security evaluation framework for in-vehicle electrical control units
publisher IEEE
publishDate 2021
url https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff400
work_keys_str_mv AT haichunzhang acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT yuqianpan acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT zhaojunlu acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT jiewang acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT zhenglinliu acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT haichunzhang cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT yuqianpan cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT zhaojunlu cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT jiewang cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
AT zhenglinliu cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits
_version_ 1718425254177538048