Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles
2. Related Work
2.1. Cyber Threats in the ACS Landscape
2.2. Assessments Based on the TARA from ISO/SAE 21434
2.3. Automotive Pentests
- Exploring the cybersecurity concerns of the ACS as a barely studied CAV model;
- Conducting the TARA method, which is compliant to ISO/SAE 21434 standard;
- Yielding real pentests over a highly automated vehicle of SAE L4.
3. Material & Methods
3.1. L4 Evaluation Vehicle
3.2. Risk Analysis
3.2.1. Asset Identification
3.2.2. Threat Scenario Identification
3.2.3. Impact Rating
3.2.4. Attack Path Analysis
3.2.5. Attack Feasibility Rating
- Elapsed time: how much time the attack execution requires (1 week/1 month/6 months/3 years/more than 3 years);
- Expertise: skill and experience required to execute the attack, as well as how many people are needed (Layman/Proficient/Expert/Multiple experts);
- Equipment: availability of the tools needed to perform the attack (Standard/Specialised/Bespoke/Multiple Bespoke);
- Knowledge of the item or component: how much information is needed to perform the attack (Public information/Restricted information/Confidential information/Strictly confidential information);
- Window of opportunity: ease of access and time limitation (Unlimited/Easy/Moderate/Difficult).
3.2.6. Risk Determination
3.3.1. Equipment and Tools
- BladeRF-cli : tool required to program the BladeRF.
- GNU radio : widely used open-source SDR software.
- GPS Test : GNSS app for phone and tablet.
- Gps-sdr-sim : generates custom GPS data streams.
- Gqrx : radio waves visualization tool.
- RfCat : Python library for easier programming of the BladeRF.
- Ubuntu : main operating system.
- YateBTS : allows the creation of one’s own GSM base station.
- Wireshark : open-source packet analyser.
3.3.2. GNSS Spoofing
- A measurement signal for position, speed, and timing.
- The ephemeris, which contains the precise positioning information of a single satellite and which has a maximum lifetime of 4 h. Each satellite broadcasts only its own ephemeris. It is sufficient for the receiver to know the position of four satellites to propose a position .
- The almanack, which contains less precise information from all the satellites as well as predictions of atmospheric conditions that could change the travel time or direction of the signal. Each satellite broadcasts the almanack for all satellites. It allows the receiver to obtain data on the position of all satellites by reading only one almanack .
3.3.3. GNSS Jamming
3.3.4. Rogue BTS
3.3.5. Downgrade Attack
4.1. The TARA Showcasing
4.1.1. High-Risk Scenarios
4.1.2. Medium-Risk Scenarios
4.1.3. Low-Risk Scenarios
4.2. Penetration Outcome
4.2.1. GNSS Spoofing
4.2.2. GNSS Jamming
4.2.3. Rogue BTS
4.2.4. Downgrade Attack
5. Discussion & Future Work
- Physical strengthening: where LiDARs, cameras, USB ports, and the on-board computer are unreachable and protected from any unwarranted access.
- Fully automated offline and resilient mode: providing high protection against jamming attacks and unjustified halt or vehicle stops at a complete connectivity loss.
- Confidentiality and integrity of communications: where Private Key Infrastructure (PKI) and digital signatures can be used to secure authentications in addition to HTTPS and IPSec tunnel mode (such as VPN) establishment.
- Hardening of the on-board computer: which relies on (i) protecting the BIOS through Root of Trust for Update (RTU) and Trusted Platform Module (TPM) usage during the firmware update , (ii) shielding the disk protection through Bitlocker , and (iii) adopting operating system best practices, such as the installation of a Host-based Intrusion Prevention System (HIPS) and applying restrictive policies on the listing of files and their modification.
- Security monitoring: where continuous and frequent assessments are conducted and risks are monitored using the integration of a Security Information and Event Management (SIEM), for example.
5.2. Research Questions Analyses
5.3. Limitations & Future Work
Data Availability Statement
Conflicts of Interest
|AAFL||Aggregated Attack Feasibility Level|
|ACS||Automated City Shuttle|
|BTS||Base Transceiver Station|
|CAN||Controller Area Network|
|CAV||Connected Automated Vehicle|
|CIA||Confidentiality, Integrity, Availability|
|CSMS||Cybersecurity Management System|
|CVE||Common Vulnerabilities and Exposure|
|ECU||Electronic Control Unit|
|GNSS||Global Navigation Satellite System|
|GPS||Differential Global Positioning Systems|
|HIPS||Host-based Intrusion Prevention System|
|L4V||L4 Evaluation Vehicle|
|LiDAR||Light Detection and Ranging|
|LIN||Local Interconnect Network|
|NASA||National Aeronautics and Space Administration|
|OEM||Original Equipment Manufacturer|
|PKI||Private Key Infrastructure|
|RTU||Root of Trust for Update|
|SAE||Society of Automotive Engineering|
|SDR||Software Defined Radio|
|SIEM||Security Information and Event Management|
|STRIDE||Spoofing, Tampering, Repudiation, Information disclosure, Denial-of-service and Elevation of privilege|
|SUMS||Software Update Management System|
|TARA||Threat Analysis and Risk Assessment|
|TPG||transports publics genevois|
|TPM||Trusted Platform Module|
|UNECE||United Nations Economic Commission for Europe|
|VPN||Virtual Private Network|
- Gruyer, D.; Orfila, O.; Glaser, S.; Hedhli, A.; Hautière, N.; Rakotonirainy, A. Are Connected and Automated Vehicles the Silver Bullet for Future Transportation Challenges? Benefits and Weaknesses on Safety, Consumption, and Traffic Congestion. Front. Sustain. Cities 2021, 2, 607054. [Google Scholar] [CrossRef]
- Deichmann, J.; Ebel, E.; Heineke, K.; Heuss, R.; Kellner, M.; Steiner, F. Autonomous Driving’s Future: Convenient and Connected; Technical Report; McKinsey: Atlanta, GA, USA, 2023. [Google Scholar]
- Simpson, C.; Ataii, E.; Kemp, E.; Zhang, Y. Mobility 2030: Transforming the Mobility Landscape; Technical Report; KPMG International: Zurich, Switzerland, 2019. [Google Scholar]
- Litman, T. Autonomous Vehicle Implementation Predictions; Technical Report; Victoria Transport Policy Institute: Victoria, BC, Canada, 2013. [Google Scholar]
- SAE. J3016B Taxonomy and Definitions for Terms Related to Driving Automation Systems for On-Road Motor Vehicles; Technical Report; SAE International: Warrendale, PA, USA, 2018. [Google Scholar]
- Benyahya, M.; Collen, A.; Kechagia, S.; Nijdam, N.A. Automated city shuttles: Mapping the key challenges in cybersecurity, privacy and standards to future developments. Comput. Secur. 2022, 122, 102904. [Google Scholar] [CrossRef]
- Khanam, S.; Ahmedy, I.B.; Idna Idris, M.Y.; Jaward, M.H.; Bin Md Sabri, A.Q. A Survey of Security Challenges, Attacks Taxonomy and Advanced Countermeasures in the Internet of Things. IEEE Access 2020, 8, 219709–219743. [Google Scholar] [CrossRef]
- Ainsalu, J.; Arffman, V.; Bellone, M.; Ellner, M.; Haapamäki, T.; Haavisto, N.; Josefson, E.; Ismailogullari, A.; Lee, B.; Madland, O.; et al. State of the art of automated buses. Sustainability 2018, 10, 3118. [Google Scholar] [CrossRef]
- NHTSA. Automated Vehicles for Safety; National Highway Traffic Safety Administration: Washington, DC, USA, 2022.
- Duarte, F.; Ratti, C. The Impact of Autonomous Vehicles on Cities: A Review. J. Urban Technol. 2018, 25, 3–18. [Google Scholar] [CrossRef]
- Al-Sabaawi, A.; Al-Dulaimi, K.; Foo, E.; Alazab, M. Addressing Malware Attacks on Connected and Autonomous Vehicles: Recent Techniques and Challenges. In Malware Analysis Using Artificial Intelligence and Deep Learning; Springer: Cham, Switzerland, 2020; pp. 97–119. [Google Scholar] [CrossRef]
- Iclodean, C.; Cordos, N.; Varga, B.O. Autonomous shuttle bus for public transportation: A review. Energies 2020, 13, 2917. [Google Scholar] [CrossRef]
- Bec, P.; Borzan, A.I.; Frunză, M.; Băldean, D.L.; Berindei, I. Study of vulnerabilities in designing and using automated vehicles based on SWOT method for chevrolet camaro. In Proceedings of the IOP Conference Series: Materials Science and Engineering, Oradea, Romania, 28–29 May 2020; Volume 898, p. 12008. [Google Scholar]
- Miller, C.; Valasek, C. Remote Exploitation of an Unaltered Passenger Vehicle. Defcon 23 2015, 2015, 1–91. [Google Scholar]
- Yan, C.; Xu, W.; Liu, J. Can You Trust Autonomous Vehicles: Contactless Attacks against Sensors of Self-driving Vehicle. DEFCON 2016, 24, 109. [Google Scholar]
- The Avenue Consortium. AVENUE—EU Funded Project Under Horizon 2020. 2022. Available online: https://h2020-avenue.eu/ (accessed on 29 November 2022).
- ISO/SAE 21434; Road Vehicles-Cybersecurity Engineering. ISO: Geneva, Switzerland; SAE International: Warrendale, PA, USA, 2021.
- R155; UN Regulation No. 155—Cyber Security and Cyber Security Management System. UNECE: Geneva, Switzerland, 2020.
- Fysarakis, K.; Askoxylakis, I.; Katos, V.; Ioannidis, S.; Marinos, L. Security Concerns in Cooperative Intelligent Transportation Systems; CRC Press: Boca Raton, FL, USA, 2017; pp. 487–522. [Google Scholar] [CrossRef]
- Marin-Plaza, P.; Yaguüe, D.; Royo, F.; de Miguel, M.A.; Moreno, F.M.; Ruiz-de-la Cuadra, A.; Viadero-Monasterio, F.; Garcia, J.; San Roman, J.L.; Armingol, J.M. Project ARES: Driverless Transportation System. Challenges and Approaches in an Unstructured Road. Electronics 2021, 10, 1753. [Google Scholar] [CrossRef]
- Islam, M.M.; Lautenbach, A.; Sandberg, C.; Olovsson, T. A risk assessment framework for automotive embedded systems. In Proceedings of the CPSS 2016—Proceedings of the 2nd ACM International Workshop on Cyber-Physical System Security, Co-Located with Asia CCS 2016, Xi’an China, 30 May 2016; pp. 3–14. [Google Scholar] [CrossRef]
- Wang, Y.; Wang, Y.; Qin, H.; Ji, H.; Zhang, Y.; Wang, J. A Systematic Risk Assessment Framework of Automotive Cybersecurity. Automot. Innov. 2021, 4, 253–261. [Google Scholar] [CrossRef]
- Lautenbach, A.; Almgren, M.; Olovsson, T. Proposing HEAVENS 2.0—An automotive risk assessment model. In Proceedings of the Proceedings—CSCS 2021: ACM Computer Science in Cars Symposium, Ingolstadt, Germany, 30 November 2021. [Google Scholar] [CrossRef]
- Vogt, T.; Spahovic, E.; Doms, T.; Seyer, R.; Weiskirchner, H.; Pollhammer, K.; Raab, T.; Rührup, S.; Latzenhofer, M.; Schmittner, C.; et al. A Comprehensive Risk Management Approach to Information Security in Intelligent Transport Systems. SAE Int. J. Transp. Cybersecur. Priv. 2021, 4, 39–58. [Google Scholar] [CrossRef]
- Cao, Y.; Bhupathiraju, S.H.; Naghavi, P.; Sugawara, T.; Mao, Z.M.; Rampazzi, S. You Can’t See Me: Physical Removal Attacks on LiDAR-based Autonomous Vehicles Driving Frameworks. arXiv 2022. [Google Scholar] [CrossRef]
- Petit, J.; Stottelaar, B.; Feiri, M.; Kargl, F. Remote Attacks on Automated Vehicles Sensors: Experiments on Camera and LiDAR; BlackHat Europe: Amesterdam, The Netherlands, 2015; pp. 1–13. [Google Scholar]
- Andersson, P. Penetration Testing of an In-Vehicle Infotainment System. Ph.D. Thesis, KTH Royal Institute of Technology, Stockholm, Sweeden, 2022. [Google Scholar]
- Moukahal, L.J.; Zulkernine, M.; Soukup, M. Vulnerability-Oriented Fuzz Testing for Connected Autonomous Vehicle Systems. IEEE Trans. Reliab. 2021, 70, 1422–1437. [Google Scholar] [CrossRef]
- Openpilot. Open Source Advanced Driver Assistance System. 2023. Available online: https://comma.ai/openpilot (accessed on 9 February 2023).
- Fowler, D.S.; Bryans, J.; Cheah, M.; Wooderson, P.; Shaikh, S.A. A Method for Constructing Automotive Cybersecurity Tests, a CAN Fuzz Testing Example. In Proceedings of the Companion of the 19th IEEE International Conference on Software Quality, Reliability and Security, QRS-C 2019, Sofia, Bulgaria, 22–26 July 2019; pp. 1–8. [Google Scholar] [CrossRef]
- Zinckernagel, C.; Lutgens, E. AVENUE: D2.2 Gap aNalysis and Recommendations on Autonomous Vehicles for Public Service; Technical Report; Autonomous Mobility: Copenhagen, Denmark, 2019. [Google Scholar]
- Microsoft. Microsoft Threat Modeling Tool. 2023. Available online: https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats#stride-model (accessed on 13 January 2023).
- National Institute of Standards and Technology; US Department of Commerce. National Vulnerability Database. Available online: https://nvd.nist.gov/vuln/full-listing (accessed on 3 March 2023).
- Sommer, F.; Dürrwang, J.; Kriesten, R. Survey and classification of automotive security attacks. Information 2019, 10, 148. [Google Scholar] [CrossRef][Green Version]
- Nuand. bladeRF x40. 2023. Available online: https://www.nuand.com/product/bladerf-x40/ (accessed on 14 February 2023).
- GNU Radio Project. GNU Radio—The Free & Open Source Radio Ecosystem GNU Radio. 2022. Available online: https://www.gnuradio.org/ (accessed on 23 February 2023).
- Google Play. GPS Test Applications sur Google Play. 2023. Available online: https://play.google.com/store/apps/details?id=com.chartcross.gpstest (accessed on 23 February 2023).
- GitHub. Software-Defined GPS Signal Simulator. 2023. Available online: https://github.com/osqzss/gps-sdr-sim (accessed on 8 February 2023).
- Csete, A. Welcome to Gqrx. 2023. Available online: https://gqrx.dk/ (accessed on 8 February 2023).
- PyPi. Welcome to the rfcat Project. 2023. Available online: https://pypi.org/project/rfcat/ (accessed on 8 February 2023).
- Canonica. Enterprise Open Source and Linux Ubuntu. 2023. Available online: https://ubuntu.com/ (accessed on 8 February 2023).
- YateBTS. LTE & GSM Mobile Network Components for MNO & MVNO. 2021. Available online: https://yatebts.com/ (accessed on 8 February 2023).
- Wireshark. About Wireshark. 2023. Available online: https://www.wireshark.org/ (accessed on 8 February 2023).
- Elliott, D.; Keen, W.; Miao, L. Recent advances in connected and automated vehicles. J. Traffic Transp. Eng. 2019, 6, 109–131. [Google Scholar] [CrossRef]
- Li, C.; Fu, Y.; Yu, F.R.; Luan, T.H.; Zhang, Y. Vehicle Position Correction: A Vehicular Blockchain Networks-Based GPS Error Sharing Framework. IEEE Trans. Intell. Transp. Syst. 2020, 22, 1–15. [Google Scholar] [CrossRef]
- Mangialardo, M.; Jurado, M.M.; Hagan, D.; Giordano, P.; Ventura-Traveset, J. The Full Potential of an Autonomous GNSS Signalbased Navigation System for Moon Missions. In Proceedings of the 34th International Technical Meeting of the Satellite Division of The Institute of Navigation, St. Louis, MI, USA, 20–24 September 2021; pp. 1039–1052. [Google Scholar] [CrossRef]
- Karki, B.; Won, M. Characterizing Power Consumption of Dual-Frequency GNSS of Smartphone. In Proceedings of the 2020 IEEE Global Communications Conference, GLOBECOM 2020, Taipei, Taiwan, 7–11 December 2020. [Google Scholar] [CrossRef]
- National Aeronautics and Space Administration. NASA’s Archive of Space Geodesy Data. 2023. Available online: https://cddis.nasa.gov/ (accessed on 13 February 2023).
- Le Conseil fédéral. Protection de Récepteurs GPS Contre Des Cyberattaques. 2022. Available online: https://www.admin.ch/gov/fr/accueil/documentation/communiques.msg-id-69896.html (accessed on 8 February 2023).
- Office Fédéral De La Communication OFCOM. Perturbateurs (Jammers). 2022. Available online: https://www.bakom.admin.ch/bakom/fr/page-daccueil/appareils-et-installations/equipements-particuliers/perturbateurs-jammers.html (accessed on 8 February 2023).
- Knight, A. Hacking Connected Cars: Tactics, Techniques and Procedures; John Wiley & Sons: Hoboken, NJ, USA, 2020. [Google Scholar]
- Cox, J. Surprise! Scans Suggest Hackers Put IMSI-Catchers All Over Defcon. 2022. Available online: https://www.vice.com/en/article/vv7zn9/surprise-scans-suggest-hackers-put-imsi-catchers-all-over-defcon (accessed on 8 February 2023).
- CellMapper. Swisscom (Switzerland)—Cellular Coverage and Tower Map. 2023. Available online: https://www.cellmapper.net/ (accessed on 8 February 2023).
- Office Feédeéral Des Routes. Complément Au Rapport Final De L’étude De Suivi HEIA-FR; Technical Report; Transports Publics Fribourgeois: Fribourg, Switzerland, 2020. [Google Scholar]
- GitHub. GSM Description. 2023. Available online: https://github.com/0xh4di/GSMDecryption (accessed on 8 February 2023).
- USBKill. USBKill V4. 2022. Available online: https://usbkill.com/products/usbkill-v4?variant=32836117397586 (accessed on 8 February 2023).
- CITS. Secure Firmware Update. 2017. Available online: https://cts-labs.com/secure-firmware-update (accessed on 14 February 2023).
- R156; UN Regulation No. 156—Software Update and Software Update Management System. UNECE: Geneva, Switzerland, 2020.
- ISO/PAS 5112; Guidelines for Auditing Cybersecurity Engineering. ISO: Geneva, Switzerland, 2022.
|Asset ID||Damage Scenario ID||Description|
|A.1||D.1||Erroneous data are received and provoke full stop of the vehicle|
|D.2||The data cannot be received and provoke full stop of the vehicle|
|D.3||An external attacker modifies transmitted data or an update|
|D.4||An external attacker captures the data transmitted between vehicle and the backend|
|D.5||An external attacker modifies the data transmitted between vehicle and the backend|
|D.6||An external attacker stops the communication between vehicle and the backend|
|Damage Scenario ID||Impact Category||Impact Level||Justification|
|D.3||Severe||Severe||Severe||Severe||Severe||If the vehicle’s software stack is modified, all data can become accessible with a risk of compromising secure driving functions such as braking, maximum speed limit, and respect of signal panels. Serious financial consequences are forecasted, as well as the loss of end-users’ trust.|
|D.5||Severe||Severe||Severe||Negligible||Major||Active modification of ongoing communications can cause an unexpected behaviour of the vehicle or generate erroneous data for the operator.|
|Damage Scenario ID||Attack Path Scenario ID||Attack Path Description|
|D3||AP.3||An attacker can impersonate the server identity to send a rogue update, thereby compromising the integrity of the legitimate data.|
|AP.4||An attacker can execute a Man-in-the-Middle attack to modify transmitted data, compromising, as a result, the integrity of the legitimate data.|
|AP.5||An attacker can impersonate the identity of a 3G/4G antenna and send falsified data, compromising, as a result, the integrity of the legitimate data.|
|Attack Path Scenario ID||Time||Expertise||Knowledge||Window Opportunity||Equipment||Value||Attack Feasibility|
|Impact/Attack Feasibility||Very Low||Low||Medium||High|
|Damage Scenario ID||Attack Path Scenario ID||AAFL||Impact Level||Risk Value|
|Asset||Damage Scenario||Attack Path||An attacker could…||† C||I||A||AAFL||IL||RV||Risk Treatment|
|A.1||D.1||AP.1||retransmit past data using an SDR transmitter so that the vehicle receives erroneous data||✗||✓||✓||High||Moderate||3||Integrity controls|
|A.1||D.2||AP.2||use an SDR transmitter or a more conventional jammer to prevent the vehicle from connecting to the network antennas||✗||✗||✓||High||Moderate||3||Offline automated mode|
|A.1||D.3||AP.3||impersonate the backend server in order to send a rogue update to the vehicle||✗||✓||✗||Medium||Severe||4||Integrity controls Authentication Cryptography|
|A.1||D.3||AP.4||perform a Man-In-The-Middle attack between the vehicle and the backend server to modify the data sent by the server||✓||✓||✗||High||Severe||5||Integrity controls Authentication Cryptography|
|A.1||D.3||AP.5||impersonate a 3G/4G antenna and send data to the vehicle||✗||✓||✗||High||Severe||5||Integrity controls Authentication Cryptography|
|A.1||D.4||AP.6||perform a Man-In-The-Middle attack between the vehicle and the backend server to listen to the data sent by the server||✓||✓||✗||High||Moderate||3||Cryptography Authentication|
|A.1||D.4||AP.7||perform an auxiliary channel attack by “listening” to the electromagnetic emanations of the on-board computer||✓||✗||✗||Low||Moderate||2||Side channel attacks mitigations|
|A.1||D.5||AP.8||impersonate the backend server in order to transmit arbitrary data||✗||✓||✓||High||Major||4||Cryptography Authentication|
|A.1||D.5||AP.9||perform a Man-In-The-Middle attack between the vehicle and the backend server to modify the data in transit||✓||✓||✗||High||Major||4||Cryptography Authentication|
|A.1||D.5||AP.10||impersonate a 3G/4G antenna and send data to the vehicle||✗||✓||✓||Medium||Major||3||Cryptography Authentication|
|A.1||D.6||AP.11||use an SDR transmitter or a more conventional jammer to prevent the vehicle from connecting to the network antennas||✗||✗||✓||High||Moderate||3||Offline automated mode|
|A.2||D.7||AP.12||use an SDR transmitter to replay previously received signals in place of the actual signals||✗||✓||✗||High||Moderate||3||Data timestamping|
|A.2||D.8||AP.13||use an SDR transmitter to play custom signals instead of real GNSS signals||✗||✓||✗||High||Moderate||3||Military GPS technologies|
|A.2||D.9||AP.14||use an SDR transmitter or a more conventional jammer to prevent the vehicle from connecting to the GNSS||✗||✗||✓||High||Negligible||1||Offline automated mode|
|A.3||D.10||AP.15||throw an object or hit the camera to damage it||✗||✗||✓||High||Moderate||3||Camera shielding|
|A.3||D.11||AP.16||throw a sticky object or other obscuring material (e.g., paint) at the camera||✗||✗||✓||High||Moderate||3||Camera shielding Hydrophobic material|
|A.3||D.12||AP.17||use an acoustic device to disrupt the vehicle’s in-built image processing software||✗||✓||✗||Low||Moderate||2||Phonic isolation|
|A.4||D.13||AP.17||disrupt a gyroscope with sound, causing the vehicle to change speed due to false information about climbing or descending||✗||✓||✗||Low||Negligible||1||Phonic isolation|
|A.5||D.14||AP.18||use lasers to disrupt the operation of the LiDARs and cause the vehicle to stop||✗||✗||✓||High||Moderate||3||Faster LiDAR tick rate Photochromic lens|
|A.5||D.15||AP.19||throw a sticky object or other obscuring material (e.g., paint) at a LiDAR||✗||✗||✓||High||Moderate||3||LiDAR shielding Hydrophobic material|
|A.5||D.16||AP.20||throw an object or hit a LiDAR to damage it||✗||✗||✓||High||Moderate||3||LiDAR shielding|
|A.6||D.17||AP.21||use an acoustic device to distort the vehicle’s speed measurement, which could cause it to speed up or slow down||✗||✓||✗||Low||Moderate||2||Phonic isolation|
|A.7||D.18||AP.22||perform an auxiliary channel attack by “listening” to the electromagnetic emanations emitted by the on-board computer||✓||✗||✗||Low||Moderate||2||Random CPU noise|
|A.7||D.18||AP.23||use direct access to the on-board computer to read the computer’s memory continuously||✓||✗||✗||High||Moderate||3||Group policies Computer tray shielding|
|A.7||D.19||AP.24||use the keyboard provided in the vehicle to exit the navya program and install other programs||✓||✓||✓||High||Severe||5||Remove keyboard Computer tray shielding USB port security|
|A.7||D.19||AP.25||disconnect the hard drive from the on-board computer and plug in another one||✗||✓||✗||High||Severe||5||Alarm system Computer tray shielding|
|A.7||D.19||AP.26||use a live USB to bypass boot passwords and modify disk contents||✗||✓||✗||High||Severe||5||Bitlocker Secure boot BIOS/CMOS password USB port security|
|A.7||D.20||AP.27||use a live USB to bypass boot passwords and modify disk contents||✓||✗||✓||High||Moderate||3||Bitlocker Secure boot BIOS/CMOS password USB port security|
|A.7||D.20||AP.28||use the keyboard provided in the vehicle to exit the navya program and observe the contents of the disk||✓||✗||✓||High||Moderate||3||Service account Group Policies Computer tray shielding|
|A.7||D.20||AP.29||disconnect the hard drive from the onboard computer and read it on his own device||✓||✗||✓||High||Moderate||3||Bitlocker Computer tray shielding|
|A.7||D.21||AP.30||use the keyboard provided in the vehicle to turn off the on-board computer||✗||✗||✓||High||Major||4||Computer tray shielding|
|A.7||D.21||AP.31||physically damage the on-board computer||✗||✗||✓||High||Major||4||Computer tray shielding|
|A.7||D.21||AP.32||use the I/O button to turn off the on-board computer||✗||✗||✓||High||Major||4||Computer tray shielding|
|A.7||D.21||AP.33||disconnect the on-board computer||✗||✗||✓||High||Major||4||Computer tray shielding|
|A.7||D.21||AP.34||could install malware on the on-board computer||✗||✗||✓||High||Major||4||Computer tray shielding USB port security|
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Benyahya, M.; Bergerat, P.; Collen, A.; Nijdam, N.A. Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles. Telecom 2023, 4, 198-218. https://doi.org/10.3390/telecom4010012
Benyahya M, Bergerat P, Collen A, Nijdam NA. Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles. Telecom. 2023; 4(1):198-218. https://doi.org/10.3390/telecom4010012Chicago/Turabian Style
Benyahya, Meriem, Pierre Bergerat, Anastasija Collen, and Niels Alexander Nijdam. 2023. "Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles" Telecom 4, no. 1: 198-218. https://doi.org/10.3390/telecom4010012