A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units
Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a lar...
Guardado en:
| Autores principales: | , , , , |
|---|---|
| Formato: | article |
| Lenguaje: | EN |
| Publicado: |
IEEE
2021
|
| Materias: | |
| Acceso en línea: | https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff400 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| id |
oai:doaj.org-article:dc918ec65dad4c3c892d4c12487ff400 |
|---|---|
| record_format |
dspace |
| spelling |
oai:doaj.org-article:dc918ec65dad4c3c892d4c12487ff4002021-11-18T00:02:49ZA Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units2169-353610.1109/ACCESS.2021.3124565https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff4002021-01-01T00:00:00Zhttps://ieeexplore.ieee.org/document/9597523/https://doaj.org/toc/2169-3536Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway.Haichun ZhangYuqian PanZhaojun LuJie WangZhenglin LiuIEEEarticleIn-vehicle electrical control unitscyber security evaluation frameworkthreat analysisrisk assessmentElectrical engineering. Electronics. Nuclear engineeringTK1-9971ENIEEE Access, Vol 9, Pp 149690-149706 (2021) |
| institution |
DOAJ |
| collection |
DOAJ |
| language |
EN |
| topic |
In-vehicle electrical control units cyber security evaluation framework threat analysis risk assessment Electrical engineering. Electronics. Nuclear engineering TK1-9971 |
| spellingShingle |
In-vehicle electrical control units cyber security evaluation framework threat analysis risk assessment Electrical engineering. Electronics. Nuclear engineering TK1-9971 Haichun Zhang Yuqian Pan Zhaojun Lu Jie Wang Zhenglin Liu A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| description |
Modern vehicles are equipped with more than 100 Electrical Control Units (ECUs) with over 2500 signals to transmit internally. The application of advanced electronics and communication techniques helps a vehicle transform from an information island into a powerful distribution center. However, a large number of ECUs have introduced a wider range of security threats for vehicles. The attackers can compromise a vehicle remotely through a vulnerable ECU. How to evaluate the cyber security of in-vehicle ECUs has become an important issue. Current Threat Analysis and Risk Assessment (TARA) only carries out theoretical analysis on the potential threats and risks faced by the vehicle in the conceptual design phase of the lifecycle, but lacks the details of actual security evaluation. In this paper, we proposed a Cyber Security Evaluation Framework (CSEF) to independently evaluate the security of the in-vehicle ECUs, which is composed of the asset identification, the threat analysis, the risk assessment, and the security test. The proposed CSEF is applied to a pre-installed On-Bord Unit (OBU) to provide a use case. The use case show that the proposed CSEF is able to figure out assets, threats, risks behind threats, and vulnerabilities of OBU, playing an important role in guiding others to conduct security evaluation. Moreover, CSEF can be extended to evaluate the cyber security of other critical ECUs, such as the Telematic Box, the infotainment units, and the gateway. |
| format |
article |
| author |
Haichun Zhang Yuqian Pan Zhaojun Lu Jie Wang Zhenglin Liu |
| author_facet |
Haichun Zhang Yuqian Pan Zhaojun Lu Jie Wang Zhenglin Liu |
| author_sort |
Haichun Zhang |
| title |
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| title_short |
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| title_full |
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| title_fullStr |
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| title_full_unstemmed |
A Cyber Security Evaluation Framework for In-Vehicle Electrical Control Units |
| title_sort |
cyber security evaluation framework for in-vehicle electrical control units |
| publisher |
IEEE |
| publishDate |
2021 |
| url |
https://doaj.org/article/dc918ec65dad4c3c892d4c12487ff400 |
| work_keys_str_mv |
AT haichunzhang acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT yuqianpan acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT zhaojunlu acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT jiewang acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT zhenglinliu acybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT haichunzhang cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT yuqianpan cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT zhaojunlu cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT jiewang cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits AT zhenglinliu cybersecurityevaluationframeworkforinvehicleelectricalcontrolunits |
| _version_ |
1718425254177538048 |