R & D
Automotive systems has been becoming more and more automated and intelligent, and with that, related regulations and standards became stricter too. There is a growing need from the manufacturers’ side for proper security testing of these cyber-physical systems. Recently, we participated in a R&D project on vehicle cybersecurity in collaboration with the Budapest University of Technology and Economics, and we decided to make part of the technology documents (methodologies) available to the public.
The need for a cybersecurity testing methodology was created by recent developments in the automotive industry:
Although the above mentioned regulation and standard set out cybersecurity requirements for vehicle manufacturers and type-approval authorities, the methods for verifying whether vehicles meet those requirements is out of their scope. Consequently, there seems to be a lack of methods and tools to assess cybersecurity characteristics of vehicles. Our methodology can address this problem by providing vehicle manufacturers, type approval authorities and independent certification organisations with conceptual and technical guidance for the design and implementation of security tests that can help them to assess the security posture of vehicles.
The MASPoV (Methodologies for the Assessment of Security Posture of Vehicles) project aimed to develop methodologies to assess the level of protection provided by road vehicles and their electronic control units (ECUs) against different types of cyber-attacks and to systematically identify the cyber-security vulnerabilities of ECUs.
Content of the documents
The first document describes the general methodology for testing vehicles. It discusses in detail the prerequisites, requirements and environment for testing. This testing-based approach consists of the specification and execution of different test cases, and the analysis and evaluation of the test outcomes. In our vision, this testing-based cybersecurity assessment should be similar to the safety testing of vehicles, notably the EuroNCAP crash testing. The general idea is that prespecified cyberattack scenarios are executed on the vehicle while it is in use in various situations and under various environmental conditions, with the goal of studying how the vehicle behaves under attack in the given situations and under the given conditions. In addition, if the vehicle implements security countermeasures against cyberattacks, then this type of testing can also be used to verify if those countermeasures are indeed effective.
This methodology is created to guide both the customer and the tester team through an automotive penetration testing project. The Methodology focuses on the hardware, software and wireless interfaces of an automotive ECU running an operating system. It provides test cases (Test Cards) to properly test these components from a security point of view. Using this methodology a capable tester team can examine the security of an automotive subsystem (ECU running an operating system, IVI, head unit) in-depth, covering the most frequent and important attack vectors and attack techniques.
This methodology document provides a systematic approach and a collection of testing methods for the assessment of the effectiveness of security functions implemented by ECUs. Services and protocols running on ECUs have a primary function, and in addition, they typically also have some security functions or features, which aim at protecting the primary function in some way or another. Our methodology is focused on the assessment of the effectiveness of these secondary, security functions, such as partner authentication, authorization, replay protection, or various key management functions. We propose to define test cases that aim at checking if the algorithms and protocols implementing the security functions on an ECU work as expected, use parameters of acceptable quality, and are configured properly.
This document provides a methodology on how to conduct fuzz-testing of an automotive ECU without an operating system. It details the main parts of a fuzz-testing project and presents the necessary steps the tester team should perform and follow during one such test. The basic idea of fuzz-testing is to send random messages to the the System Under Test (SUT) to trigger vulnerabilities, it is the best approach to perform a black-box security test of a device. These devices directly execute a firmware image, communicate on various interfaces, and are responsible on handling a single task (e.g.: Engine Control Unit, Speed Control Unit). The document also contains the structure of test cards and vulnerability cards.
The works presented in these documents were carried out within the MASPOV Project (KTI_KVIG_4-1_2021), which has been implemented with support provided by the Government of Hungary in the context of the Innovative Mobility Program of KTI.
Copyright 2023 Ukatemi Technologies Plc.