Research on Cybersecurity Testing for In-vehicle Network

The development of technologies such as Information Communication Technology (ICT), Internet of Vehicles (IoVs), and industrial intelligence has made automotive cybersecurity issues more prominent. Cybersecurity issues have gradually attracted widespread attention in the field of Intelligent Connected Vehicles (ICV). Cybersecurity testing is an effective means to ensure the cybersecurity of Cyber-Physical Systems (CPS). Fuzzing and penetration testing are both important methods of security testing. In SAE J3061 and the impending ISO/SAE 21434, it is clearly mentioned that fuzzing and penetration testing technologies should be applied in the development of automotive cybersecurity activities, but no specific testing details are involved. The WP.29 regulations also require security tests to verify the effectiveness of security measures when conducting type approval with regard to cybersecurity. There is neither a standardized method for how to conduct automotive cybersecurity testing, nor specific testing tools. In this paper, a brief overview of the applied security testing methods in the automotive domain is provided first. Then, we present a cybersecurity testing method, which extends the Penetration Testing Execution Standard (PTES) from the perspective of testing processes. Besides, we also design and develop a security testing tool for the in-vehicle network to assist security analysis. Finally, taking Controller Area Network with Flexible Data Rate (CAN FD) as an example, the proposed method is applied to the designed testbed.