Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Towards a New Configurable and Practical Remote Automotive Security Testing Platform

Sekar Kulandaivel, Wenjuan Lu, Brandon Barry, Jorge Guajardo

TL;DR

Automotive cybersecurity testing faces regulatory demands and complex vehicle architectures that hinder scalable V&V and vulnerability testing. The authors propose the Vehicle Security Engineering Cloud (VSEC) Test platform, a configurable, cloud-based remote testing platform that unifies hardware access, network configurability, and multi-user collaboration for SDL testing, penetration testing, and security research. The platform emphasizes centralized test beds, remote access, realistic ECUs and networks, and integration with measurement tools, CARLA-based environment simulation, and Restbus traffic. This approach aims to lower hardware costs, broaden the talent pool, and enable ongoing testing and research, including bug bounty-style engagement.

Abstract

In the automotive security sector, the absence of a testing platform that is configurable, practical, and user-friendly presents considerable challenges. These difficulties are compounded by the intricate design of vehicle systems, the rapid evolution of attack vectors, and the absence of standardized testing methodologies. We propose a next-generation testing platform that addresses several challenges in vehicle cybersecurity testing and research domains. In this paper, we detail how the Vehicle Security Engineering Cloud (VSEC) Test platform enables easier access to test beds for efficient vehicle cybersecurity testing and advanced (e.g., penetration, fuzz) testing and how we extend such test beds to benefit automotive security research. We highlight methodology on how to use this platform for a variety of users and use cases with real implemented examples.

Towards a New Configurable and Practical Remote Automotive Security Testing Platform

TL;DR

Automotive cybersecurity testing faces regulatory demands and complex vehicle architectures that hinder scalable V&V and vulnerability testing. The authors propose the Vehicle Security Engineering Cloud (VSEC) Test platform, a configurable, cloud-based remote testing platform that unifies hardware access, network configurability, and multi-user collaboration for SDL testing, penetration testing, and security research. The platform emphasizes centralized test beds, remote access, realistic ECUs and networks, and integration with measurement tools, CARLA-based environment simulation, and Restbus traffic. This approach aims to lower hardware costs, broaden the talent pool, and enable ongoing testing and research, including bug bounty-style engagement.

Abstract

In the automotive security sector, the absence of a testing platform that is configurable, practical, and user-friendly presents considerable challenges. These difficulties are compounded by the intricate design of vehicle systems, the rapid evolution of attack vectors, and the absence of standardized testing methodologies. We propose a next-generation testing platform that addresses several challenges in vehicle cybersecurity testing and research domains. In this paper, we detail how the Vehicle Security Engineering Cloud (VSEC) Test platform enables easier access to test beds for efficient vehicle cybersecurity testing and advanced (e.g., penetration, fuzz) testing and how we extend such test beds to benefit automotive security research. We highlight methodology on how to use this platform for a variety of users and use cases with real implemented examples.
Paper Structure (28 sections, 2 figures, 1 table)

This paper contains 28 sections, 2 figures, 1 table.

Table of Contents

  1. Introduction
  2. Current Security Testing Platforms
  3. Challenges
  4. Recent progress
  5. Testing hardware
  6. Testing frameworks
  7. The ideal solution
  8. A New Testing Platform
  9. Testing platform roles
  10. Web-based remote access
  11. Managed remote access
  12. Testbed setup
  13. Sourcing ECUs
  14. Configurable network
  15. Network simulation
  16. ...and 13 more sections

Figures (2)

  • Figure 1: The entire physical network layout (left) can contain ECUs from a number of different original equipment manufacturers (OEMs). These ECUs may connect to CAN buses with different speeds, which ultimately connect to a PC via a CAN-USB interface. By powering off all other ECUs except those from OEM #1, we can construct a network consisting of ECUs from just OEM #1 (middle). Likewise, we can construct a network of ECUs from just OEM #2 (right) by powering off all other ECUs.
  • Figure 2: The remote test engineer can access either a fully remote testing platform with access to multiple test beds or work collaboratively with an in-lab (i.e., local to the lab) test engineer for tests that require hands-on support. This Partner Pentesting method enables the technical specialist to focus on their testing strategies while leaving the hardware setup and physical controls to the lab technician/local test engineer.