Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.3.613

Analysis of Security Requirements for Secure Update of IVI(In-Vehicle-Infotainment) Using Threat Modeling and Common Criteria  

Kang, Soo-young (Center for Information Security Technologies(CIST), Korea University)
Kim, Seung-joo (Center for Information Security Technologies(CIST), Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.3, 2019 , pp. 613-628 More about this Journal
Abstract
In-Vehicle Infotainment provides navigation and various functions through the installation of the application. And infotainment is very important to control the entire vehicle by sending commands to the ECU. Infotainment supports a variety of wireless communication protocols to install and update applications. So Infotainment is becoming an attack surface through wireless communcation protocol for hacker's access. If malicious software is installed in infotainment, it can gain control of the vehicle and send a malicious purpose command to the ECU, affecting the life of the driver. Therefore, measures are needed to verify the security and reliability of infotainment software updates, and security requirements must be derived and verified. It must be developed in accordance with SDL to provide security and reliability, and systematic security requirements must be derived by applying threat modeling. Therefore, this paper conducts threat modeling to derive infotainment update security requirements. Also, the security requirements are mapped to the Common Criteria to provide criteria for updating infotainment software.
Keywords
Threat Modeling; STRIDE; IVI(In-Vehicle-Infotainment); SOTA(Security Over-The-Air); CC(Common Criteria);
Citations & Related Records
연도 인용수 순위
  • Reference
1 CrySyS Lab(Laboratory of Cryptography and System Security), "sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex malware for targeted attacks," May. 2012.
2 Craig Smith, "THE CAR HACKER'S HANDBOOK," http://opengarages.org/handbook/ebook/, Jan. 2016.
3 Paul Ammann, Jeff Offut, "INTRODUCTION TO SOFTWARE TESTING Edition 2," https://cs.gmu.edu/-offutt/softwaretest/, Dec. 2016.
4 Charlie Miller, Chris Valasek, "Remote Exploitation of an Unaltered Passenger Vehicle", Black Hat USA 2015, Aug. 2015.
5 Keen Security Lab of Tencent, "FREE-FALL: TESLA HACKING 2016", Black Hat USA 2016, Aug. 2016.
6 GENIVI Alliance, https://www.genivi.org/, Mar. 2019.
7 Martin Klimke, Klaus Scheibert, Axel Freiwald, Bjorn Steurich, "Secure and seamless integration of Software Over The Air (SOTA) update in modern car board net architectures," ESCAR Europe 2015, Nov. 2015.
8 IHS(Information Handling Services), "Over-the-air Software Updates to Create Boon for Automotive Market," Sep. 2015.
9 Common Criteria, "CC v3.1 Release 5," https://www.commoncriteriaportal.org/cc/, Jun. 2019.
10 NIST, "FIPS 140-2 Level 3 Security Policy", https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1275.pdf, Mar. 2014.
11 Adam Shostack, "Threat Modeling: Designing for Security," https://adam.shostack.org/blog/category/threat-modeling/, Jun. 2019.
12 Marco Steger, Carlo Boano, Michael Karner, Joachim Hillebrand, Werner Rom, Kay Romer, "SecUp: Secure and Efficient Wireless Software Updates for Vehicles," 2016 Euromicro Conference on Digital System Design, Aug. 2016.
13 Kirill Nikitin, Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ismail Khoffi, Justin Cappos, Bryan Ford, "Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds," USENIX Security 2017, Aug. 2017.
14 Marco Steger, Ali Dorri, Salil S. Kanhere, Kay Romer, "Secure Wireless Automotive Software Updates using Blockchains," Advanced Microsystems for Automotive Applications 2017, pp 137-149, Jan. 2018.
15 DistriNet Research Group, "LINDDUN: Privacy Threat Modeling," https://linddun.org/, Jun. 2019.
16 Trike, http://www.octotrike.org/, Jun. 2019.
17 GENIVI Infotainment Architecture, https://at.projects.genivi.org/wiki/display/GRK/2_Reference+Architecture+and+Compliance+Specification, Jun. 2018.
18 MITRE CWE, https://cwe.mitre.org/, Jun. 2019.
19 Bruce Schneier, "Attack Tree," Dr. Dobb's journal, Aug. 1999.
20 MITRE CVE, https://cve.mitre.org/, Jun. 2019.
21 MITRE CAPEC, https://capec.mitre.org/, Jun. 2019.
22 OWASP, https://www.owasp.org/index.php/OWASP_Embedded_Application_Security, Jun. 2019.
23 Alex Omar, "The Car Hacker's Handbook A Guide for the Penetration Tester," Feb. 2016.
24 ITU-T, "Secure software update capability for intelligent transportation system communication devices," Mar. 2017.
25 Sen Nie, Ling Liu, Yuefeng Du, Wenkai Zhang, "OVER-THE-AIR: HOW WE REMOTELY COMPROMISED THE GATEWAY, BCM, AND AUTOPILOT ECUS OF TESLA CARS", Black Hat 2017, Aug. 2017.
26 Bjoern M. Luettmann, Adam C. Bender, "Man-in-the-Middle Attacks on Auto-Updating Software", Bell Labs Technical Journal, pp 131-138, May. 2007.
27 Ang Cui, Michael Costello, Salvatore J. Stolfo, "When Firmware Modifications Attack: A Case Study of Embedded Exploitation," NDSS Symposium 2013, Apr. 2013.
28 K. Chen, "Reversing and Exploiting an Apple Firmware Update," Black Hat USA 2009, Jul. 2009.
29 New York University (Laboratory of Secure Systems), "The Update Framework," https://theupdateframework.github.io/, Jun. 2019.
30 WONDER HOWTO, "How to Hijack Software Updates to Install a Rootkit for Backdoor Access," https://null-byte.wonderhowto.com/how-to/hack-like-pro-hijack-software-updates-install-rootkit-for-backdoor-access-0149225/, , Jun. 2019.
31 Institute for Defence Studies and Anlayses, "THE PETYA CYBER ATTACK," http://cert-mu.govmu.org/, Jun. 2019.