Approaching the Automation of Cyber Security Testing of Connected Vehicles

TL;DR

This paper proposes an architecture for semi-automating cybersecurity testing in connected vehicles to address the increasing complexity and demand for efficient, large-scale security assessments in automotive systems.

Contribution

It introduces a novel architecture that enables semi-automated cybersecurity testing, reducing time and costs compared to manual penetration testing methods.

Findings

Automated testing architecture improves efficiency in cybersecurity assessments.

Semi-automation reduces testing time and costs.

Supports large-scale testing for connected and autonomous vehicles.

Abstract

The advancing digitalization of vehicles and automotive systems bears many advantages for creating and enhancing comfort and safety-related systems ranging from drive-by-wire, inclusion of advanced displays, entertainment systems up to sophisticated driving assistance and autonomous driving. It, however, also contains the inherent risk of being used for purposes that are not intended for, raging from small non-authorized customizations to the possibility of full-scale cyberattacks that affect several vehicles to whole fleets and vital systems such as steering and engine control. To prevent such conditions and mitigate cybersecurity risks from affecting the safety of road traffic, testing cybersecurity must be adopted into automotive testing at a large scale. Currently, the manual penetration testing processes cannot uphold the increasing demand due to time and cost to test complex systems. We propose an approach for an architecture that (semi-)automates automotive cybersecurity test, allowing for more economic testing and therefore keeping up to the rising demand induced by new vehicle functions as well as the development towards connected and autonomous vehicles.