Abstract
Automotive software grows exponentially in size. In premium vehicles, the size can reach over 100 million lines of code. One of the challenges in such a large software is how it is architecturally designed and whether this design leads to security vulnerabilities. In this paper, we report on a design science research study aimed at understanding the vulnerabilities of modern premium vehicles. We used machine learning to identify and reconstruct signals within the vehicle’s communication networks. The results show that the distributed software architectures can have security vulnerabilities due to the high connectivity of modern vehicles; and that the security needs to be seen holistically – both when constructing the vehicle’s software and when designing communication channels with cloud services. The paper proposed a number of measures that can help to address the identified vulnerabilities.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For ethical reasons and the safety of passengers, we do not provide any details about the used hardware or software. Details can be obtained upon request (and approval by the industrial partner) by contacting the authors.
- 2.
For ethical reasons, and the safety of passengers, we do not provide details about the equipment used to make intrusions.
References
Staron, M.: Automotive Software Architectures. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-65939-4
Sagstetter, F., et al.: Security challenges in automotive hardware/software architecture design. In: 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 458–463. IEEE (2013)
Bayer, S., Enderle, T., Oka, D.-K., Wolf, M.: Automotive security testing—the digital crash test. In: Langheim, J. (ed.) Energy Consumption and Autonomous Driving. LNM, pp. 13–22. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-19818-7_2
Rana, R., et al.: Evaluation of standard reliability growth models in the context of automotive software systems. In: Heidrich, J., Oivo, M., Jedlitschka, A., Baldassarre, M.T. (eds.) PROFES 2013. LNCS, vol. 7983, pp. 324–329. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39259-7_26
Sommer, F., Dürrwang, J., Kriesten, R.: Survey and classification of automotive security attacks. Information 10(4), 148 (2019)
Koscher, K., et al.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy, July 2010. https://doi.org/10.1109/sp.2010.34
Buttigieg, R., Farrugia, M., Meli, C.: Security issues in controller area networks in automobiles. In: 2017 18th International Conference on Sciences and Techniques of Automatic Control and Computer Engineering (STA), pp. 93–98, 2017. https://doi.org/10.1109/STA.2017.8314877
Nowdehi, N., Lautenbach, A., Olovsson, T.: In-vehicle can message authentication: an evaluation based on industrial criteria. In: 2017 IEEE 86th Vehicular Technology Conference (VTC-Fall), pp. 1–7 (2017). https://doi.org/10.1109/VTCFall.2017.8288327
Kiravuo, T., Sarela, M., Manner, J.: A survey of ethernet LAN security. IEEE Commun. Surv. Tutor. 15(3), 1477–1491 (2013). https://doi.org/10.1109/SURV.2012.121112.00190
Corbett, C., Schoch, E., Kargl, F., Preussner, F.: Automotive ethernet: Security opportunity or challenge? Sicherheit 2016 - Sicherheit, Schutz und Zuverlässigkeit (2016)
Staron, M.: Action Research in Software Engineering. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-32610-4
Hevner, A., March, S., Park, J., Ram, S.: Design science in information systems research. Manag. Inf. Syst. Q. 28(1), 75–105 (2004)
Staron, M., Meding, W.: Software Development Measurement Programs. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-91836-5
INTERNET PROTOCOL. RFC 791, University of Southern California, September 1981. https://tools.ietf.org/html/rfc791.html
Popescu-Zeletin, R.: Implementing the ISO-OSI reference model. ACM SIGCOMM Comput. Commun. Rev. 13(4), 56–66 (1983)
Use private wi-fi addresses in ios 14, ipados 14 and watchos 7. https://web.archive.org/web/20210424120018/support.apple.com/en-gb/HT211227
Differences between tls 1.2 and tls 1.3. https://web.archive.org/web/20190919000200/www.wolfssl.com/differences-between-tls-12-and-tls-13-9/
Acknowledgment
The authors would like to thank our industrial partner for their ability to do the study and for their help and support. We would like to thank the engineers from the company for their dedication in helping us conduct the study.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Alkoutli, A. et al. (2023). Assessing Security of Internal Vehicle Networks. In: Batista, T., Bureš, T., Raibulet, C., Muccini, H. (eds) Software Architecture. ECSA 2022 Tracks and Workshops. ECSA 2022. Lecture Notes in Computer Science, vol 13928. Springer, Cham. https://doi.org/10.1007/978-3-031-36889-9_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-36889-9_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-36888-2
Online ISBN: 978-3-031-36889-9
eBook Packages: Computer ScienceComputer Science (R0)