Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13–14, 2019, Proceedings

Research Article

Research on Information Security Test Evaluation Method Based on Intelligent Connected Vehicle

Download
202 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-21373-2_15,
        author={Yanan Zhang and Shengqiang Han and Stevenyin Zhong and Peiji Shi and Xuebin Shao},
        title={Research on Information Security Test Evaluation Method Based on Intelligent Connected Vehicle},
        proceedings={Security and Privacy in New Computing Environments. Second EAI International Conference, SPNCE 2019, Tianjin, China, April 13--14, 2019, Proceedings},
        proceedings_a={SPNCE},
        year={2019},
        month={6},
        keywords={Intelligent connected vehicle Information security Test evaluation Vulnerability Remediation measure},
        doi={10.1007/978-3-030-21373-2_15}
    }
    
  • Yanan Zhang
    Shengqiang Han
    Stevenyin Zhong
    Peiji Shi
    Xuebin Shao
    Year: 2019
    Research on Information Security Test Evaluation Method Based on Intelligent Connected Vehicle
    SPNCE
    Springer
    DOI: 10.1007/978-3-030-21373-2_15
Yanan Zhang1,*, Shengqiang Han1,*, Stevenyin Zhong1, Peiji Shi1, Xuebin Shao1
  • 1: China Automotive Technology and Research Center Co., Ltd.
*Contact email: zhangyanan@catarc.ac.cn, hanshengqiang@catarc.ac.cn

Abstract

In order to effectively evaluate the information security level for an intelligent and connected vehicle, a novel Intelligent Connected Vehicle (ICV) Information Security Attack and Defense (ICV-ISAD) test evaluation method is proposed in this paper. ICV-ISAD test method is based on long-term large number of real vehicle test experiments. It mainly consists of security threat and risk analysis, test strategy design, test tool call, test point mapping, test procedure execution, and remediation measures mapping. Using ICV-ISAD test method, we conducted test experiments to In-vehicle Network, Telematics Box, Engine Control Unit, In-Vehicle Infotainment, Mobile Application, Radio and Telematics Service Provider for different types of vehicle. The results show that some vulnerabilities exist in ICV’s system, such as gateway filtering vulnerability, high-risk port opening, Cross Site Scripting (XSS), Structured Query Language (SQL) injection, weak password, and cleartext network traffic (HTTP). Besides, ICV-ISAD test method could map some remediation measures or recommendations for these vulnerabilities. It denotes that ICV-ISAD test method can effectively test and evaluate the information security of ICV.