Core Concepts
This paper proposes a flexible and configurable testing platform that enables easier access to test beds for efficient vehicle cybersecurity testing, including penetration testing, fuzz testing, and advanced security research.
Abstract
The paper presents a new testing platform called the Vehicle Security Engineering Cloud (VSEC) Test that aims to address several challenges in the automotive cybersecurity testing and research domains. The key features of the platform include:
Managed remote access via a web interface, allowing users to register and connect hardware test benches or vehicles to the cloud, which are then shared and managed centrally under an enterprise account.
A configurable CAN bus network system that supports multiple bus speeds, multiple ECUs from multiple OEMs, and the ability to switch on/off the power of each ECU on-demand.
Integration of measurement tools like oscilloscopes and logic analyzers, offering software control of these tools to enable advanced security testing.
The paper discusses several testing methodologies enabled by this platform, including:
Secure Development Lifecycle (SDL) testing, where the platform allows for continuous cybersecurity functional testing on components with over-the-air (OTA) update functionality.
Penetration testing, where the platform enables "Partner Pentesting" by allowing remote engineers to work with local test engineers to perform physical interactions and execute tests.
Research testing, where the platform provides a configurable environment for researchers to rapidly establish and experiment with numerous ECU networks to support their security research projects.
The authors demonstrate the usefulness of the platform by implementing and testing three different open-source research projects using a single bench of ECUs, showcasing the platform's ability to enable advanced automotive security research.
Stats
There are no key metrics or important figures used to support the author's key logics.
Quotes
There are no striking quotes supporting the author's key logics.