Security and Communication Networks

Research Article

A Systematic Approach for Cybersecurity Design of In-Vehicle Network Systems with Trade-Off Considerations

Risk assessment results.


Attack objective	Severity	Attack method	RL	CAP	Attack scenario no.	AP

[1] Install malicious firmware to DCU	S_S = 3	[1.1] No authentication	R_S = R5	P_[1.1] = P_[1.1.1] = 5	[1.1.1]	5
	S_P = 0		R_F = R5
	S_F = 3	[1.2] Bogus authentication	R_S = R3	P_[1.2] = P_[1.2.1] = 3	[1.2.1]	3
	S_O = 0		R_F = R3
		[1.3] Take over control after authorization	R_S = R3	P_[1.3] = P_[1.2.1] = 3	[1.3.1]	3
		[1.3] Take over control after authorization	R_F = R3	P_[1.3] = P_[1.2.1] = 3	[1.3.1]	3

[2] Abort firmware update	S_S = 0	[2.1] Disable CGW routing	R_F = R4	P_[2.1] = min{P_[2.1.1], P_[2.1.1]} = 5	[2.1.1] and [2.1.2]	5
	S_P = 0		R_O = R5		[2.1.1] and [2.1.2]	5
	S_F = 2	[2.2] Disturb transmission on links	R_F = R4	P_[2.2] = max{ P_[2.2.1], min{P_[2.2.2], P_[2.2.3]}} = 5	[2.2.1] [2.2.2] and [2.2.3]	5
	S_O = 3		R_O = R5			5
	S_O = 3		R_O = R5			4

[3] Reverse engineering	S_S = 0	[3.1] Eavesdrop on link	R_P = R5	P_[3.1] = min{P_[3.1.1], P_[3.1.1]} = 5	[3.1.1] and [3.1.2]	5
	S_P = 3	[3.1] Eavesdrop on link	R_F = R5	P_[3.1] = min{P_[3.1.1], P_[3.1.1]} = 5	[3.1.1] and [3.1.2]	5
	S_F = 3	[3.2] Copy data to another port of the switch	R_P = R4	P_[3.2] = min{P_[3.2.1], P_[3.2.2]} = 4	[3.2.1] and [3.2.2]	4
	S_O = 0	[3.2] Copy data to another port of the switch	R_F = R4	P_[3.2] = min{P_[3.2.1], P_[3.2.2]} = 4	[3.2.1] and [3.2.2]	5