Research on Information Security Test Evaluation Method Based on Intelligent Connected Vehicle

In order to effectively evaluate the information security level for an intelligent and connected vehicle, a novel Intelligent Connected Vehicle (ICV) Information Security Attack and Defense (ICV-ISAD) test evaluation method is proposed in this paper. ICV-ISAD test method is based on long-term large number of real vehicle test experiments. It mainly consists of security threat and risk analysis, test strategy design, test tool call, test point mapping, test procedure execution, and remediation measures mapping. Using ICV-ISAD test method, we conducted test experiments to In-vehicle Network, Telematics Box, Engine Control Unit, In-Vehicle Infotainment, Mobile Application, Radio and Telematics Service Provider for different types of vehicle. The results show that some vulnerabilities exist in ICV’s system, such as gateway filtering vulnerability, high-risk port opening, Cross Site Scripting (XSS), Structured Query Language (SQL) injection, weak password, and cleartext network traffic (HTTP). Besides, ICV-ISAD test method could map some remediation measures or recommendations for these vulnerabilities. It denotes that ICV-ISAD test method can effectively test and evaluate the information security of ICV.