Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis

Yousik Lee, Samuel Woo, Yunkeun Song, Jungho Lee, Dong Hoon Lee

Research output: Contribution to journalArticle

Abstract

Emerging trends that are shaping the future of the automotive industry include electrification, autonomous driving, sharing, and connectivity, and these trends keep changing annually. Thus, the automotive industry is shifting from mechanical devices to electronic control devices, and is not moving to Internet of Things devices connected to 5G networks. Owing to the convergence of automobile-information and communication technology (ICT), the safety and convenience features of automobiles have improved significantly. However, cyberattacks that occur in the existing ICT environment and can occur in the upcoming 5G network are being replicated in the automobile environment. In a hyper-connected society where 5G networks are commercially available, automotive security is extremely important, as vehicles become the center of vehicle to everything (V2X) communication connected to everything around them. Designing, developing, and deploying information security techniques for vehicles require a systematic security-risk-assessment and management process throughout the vehicle's lifecycle. To do this, a security risk analysis (SRA) must be performed, which requires an analysis of cyber threats on automotive vehicles. In this study, we introduce a cyber kill chain-based cyberattack analysis method to create a formal vulnerability-analysis system. We can also analyze car-hacking studies that were conducted on real cars to identify the characteristics of the attack stages of existing car-hacking techniques and propose the minimum but essential measures for defense. Finally, we propose an automotive common-vulnerabilities-and-exposure system to manage and share evolving vehicle-related cyberattacks, threats, and vulnerabilities.

Original languageEnglish
Article number9123897
Pages (from-to)120009-120018
Number of pages10
JournalIEEE Access
Volume8
DOIs
Publication statusPublished - 2020

Keywords

  • automotive CVE
  • Automotive cybersecurity
  • cyber kill chain
  • information sharing
  • security risk analysis

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint Dive into the research topics of 'Practical Vulnerability-Information-Sharing Architecture for Automotive Security-Risk Analysis'. Together they form a unique fingerprint.

  • Cite this