This content is not included in
your SAE MOBILUS subscription, or you are not logged in.
Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN-R155 Attack Vectors and Beyond
Technical Paper
2022-01-0116
ISSN: 0148-7191, e-ISSN: 2688-3627
Annotation ability available
Sector:
Language:
English
Abstract
The UN working group WP.29 published UN Regulation No. 155, the “Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management systems,” which became a binding resolution on January 22nd, 2021 with expectations that at least 54 countries will mandate it starting July 2022. The regulation lists 69 attack vectors directly affecting vehicle cyber security. Car manufacturers, suppliers, government organizations, etc. all stakeholder’s cooperation and efforts are necessary for the successful implementation of the published regulation. The first course of action is to sort these attack vectors according to their expected threat severity levels, so stakeholders can determine the order in which to tackle mitigating said threats. In this paper, using the industry standard DREAD threat modelling, we calculated the severity levels of the attack vectors listed in the WP.29 UN-R155 cyber security regulation. Additionally, we go beyond the attack vectors listed in UN-R155 - using our own analysis, experience and insights, we explored other attack vectors that will also affect vehicle cybersecurity.
Recommended Content
Citation
Huq, N. and Vosseler, R., "Identifying Cybersecurity Focus Areas in Connected Cars Based on WP.29 UN-R155 Attack Vectors and Beyond," SAE Technical Paper 2022-01-0116, 2022, https://doi.org/10.4271/2022-01-0116.Also In
References
- UNECE https://unece.org/wp29-introduction
- UNECE 24 June 2020 https://unece.org/transport/events/virtual-meeting-wp29-world-forum-harmonization-vehicle-regulations-181st-session
- UNECE 4 March 2021 .
- O’Donnell , B. 28 June 2016 https://www.usatoday.com/story/tech/columnist/2016/06/28/your-average-car-lot-more-code-driven-than-you-think/86437052/.
- Cusimano , J. 2011 https://scadahacker.com/howto/howto-threatmodeling.html
- WP.29 23 June 2020 https://unece.org/fileadmin/DAM/trans/doc/2020/wp29grva/ECE-TRA NS-WP29-2020-079-Revised.pdf
- Microsoft June 2003 https://msdn.microsoft.com/en-us/library/aa302419.aspx
- Czagan , D. 21 May 2014 http://resources.infosecinstitute.com/qualitative-risk-analysis-dread-model/
- Huq , N. , Vosseler , R. , and Swimmer , M. 24 October 2017 https://documents.trendmicro.com/assets/white_papers/wp-cyberattacks-against-intelligent-transportation-systems.pdf
- Huq , N. , Gibson , C. , Kropotov , V. , Vosseler , R. 16 February 2021 https://documents.trendmicro.com/assets/white_papers/wp-cybersecurity-for-connected-cars-exploring-risks-in-5g-cloud-and-other-connected-technologies.pdf
- Internet of Business 2020 https://internetofbusiness.com/worldwide-connected-car-market-to-top-125-million-by-2022/
- Michell , N. 5 December 2016 https://cities-today.com/self-driving-car-production-reach-14-5-million-2025-says-new-study/
- German Sharabok 1 September 2020 https://towardsdatascience.com/why-tesla-wont-use-lidar-57c325ae2ed5
- Morgulis , N. , Kreines , A. , Mendelowitz , S. , and Weisglass , Y. 2019 https://arxiv.org/ftp/arxiv/papers/1907/1907.00374.pdf
- Gitlin , J.M. 1 September 2017 https://arstechnica.com/cars/2017/09/hacking-street-signs-with-stickers-could-confuse-self-driving-cars/
- Trend Micro 2021 https://www.trendmicro.com/vinfo/us/security/definition/social-engineering
- Promon 23 November 2016 https://promon.co/security-news/hacking-tesla-app-stolen-car/
- iPodHacks142 17 July 2019 https://www.ipodhacks142.com/how-to-use-any-app-with-apple-carplay/
- Grobelny , T. https://opensource.com/article/20/12/android-auto-open-source
- Sky-Go Aug 2020 https://i.blackhat.com/USA-20/Thursday/us-20-Yan-Security-Research-On-Mercedes-Benz-From-Hardware-To-Car-Control-wp.pdf
- Hamad , M. , Nolte , M. , and Prevelakis , V. ST 2016 https://www.researchgate.net/publication/311102084_Towards_Comprehensive_Threat_Modeling_for_Vehicles
- Hao , J. and Han , G. November 2020 https://www.mdpi.com/1999-5903/12/11/198/htm
- Knight , A. September 2018 https://alissaknight.medium.com/threat-modeling-of-connected-cars-using-stride-e8184764eb0a
- Tyrrell , J. July 2020 https://www.securecav.com/threat-modelling-connected-and-autonomous-vehicle-cybersecurity-an-overview-of-available-tools/
- Lewis , M. July 2016 https://research.nccgroup.com/2016/07/20/the-automotive-threat-modeling-template/
- Ruddle , A. March 2010 https://www.evita-project.org/Publications/Rud10.pdf
- Pesé , M. , Schmidt , K. , and Zweck , H. Hardware/Software Co-Design of an Automotive Embedded Firewall SAE Technical Paper 2017-01-1659 2017 https://doi.org/10.4271/2017-01-1659