Litcius/Paper detail

A taxonomy of attack mechanisms in the automotive domain

Irdin Pekaric, Clemens Sauerwein, Stefan Haselwanter, Michael Felderer

2021Computer Standards & Interfaces53 citationsDOIOpen Access PDF

Abstract

In the last decade, the automotive industry incorporated multiple electronic components into vehicles introducing various capabilities for adversaries to generate diverse types of attacks. In comparison to older types of vehicles, where the biggest concern was physical security, modern vehicles might be targeted remotely. As a result, multiple attack vectors aiming to disrupt different vehicle components emerged. Research and practice lack a comprehensive attack taxonomy for the automotive domain. In this regard, we conduct a systematic literature study, wherein 48 different attacks were identified and classified according to the proposed taxonomy of attack mechanisms. The taxonomy can be utilized by penetration testers in the automotive domain as well as to develop more sophisticated attacks by chaining multiple attack vectors together. In addition, we classify the identified attack vectors based on the following five dimensions: (1) AUTOSAR layers, (2) attack domains, (3) information security principles, (4) attack surfaces, and (5) attacker profile. The results indicate that the most applied attack vectors identified in literature are GPS spoofing, message injection, node impersonation, sybil, and wormhole attack, which are mostly applied to application and services layers of the AUTOSAR architecture.

Topics & Concepts

Computer scienceAUTOSARComputer securitySpoofing attackTaxonomy (biology)Attack surfaceAutomotive industryDomain (mathematical analysis)SoftwareEngineeringOperating systemBotanyMathematicsMathematical analysisAerospace engineeringBiologyVehicular Ad Hoc Networks (VANETs)Advanced Malware Detection TechniquesUser Authentication and Security Systems
A taxonomy of attack mechanisms in the automotive domain | Litcius