|
4.1
|
Spoofing of messages (e.g. 802.11p V2X during platooning, GNSS messages, etc.) by impersonation
|
M10
|
The vehicle shall verify the authenticity and integrity of messages it receives
|
|
4.2
|
Sybil attack (in order to spoof other vehicles as if there are many vehicles on the road)
|
M11
|
Security controls shall be implemented for storing cryptographic keys (e.g., use of Hardware Security Modules)
|
|
5.1
|
Communication channels permit code injection into vehicle held data/code, for example tampered software binary might be injected into the communication stream
|
M10
M6
|
The vehicle shall verify the authenticity and integrity of messages it receives
Systems shall implement security by design to minimize risks
|
|
5.2
|
Communication channels permit manipulation of vehicle held data/code
|
M7
|
Access control techniques and designs shall be applied to protect system data/code
|
|
5.3
|
Communication channels permit overwrite of vehicle held data/code
|
|
5.4
21.1
|
Communication channels permit erasure of vehicle held data/code
|
|
5.5
|
Communication channels permit introduction of data/code to vehicle systems (write data code)
|
|
6.1
|
Accepting information from an unreliable or untrusted source
|
M10
|
The vehicle shall verify the authenticity and integrity of messages it receives
|
|
6.2
|
Man in the middle attack / session hijacking
|
M10
|
The vehicle shall verify the authenticity and integrity of messages it receives
|
|
6.3
|
Replay attack, for example an attack against a communication gateway allows the attacker to downgrade software of an ECU or firmware of the gateway
|
|
7.1
|
Interception of information / interfering radiations / monitoring communications
|
M12
|
Confidential data transmitted to or from the vehicle shall be protected
|
|
7.2
|
Gaining unauthorized access to files or data
|
M8
|
Through system design and access control it should not be possible for unauthorized personnel to access personal or system critical data. Example of Security Controls can be found in OWASP
|
|
8.1
|
Sending a large number of garbage data to vehicle information system, so that it is unable to provide services in the normal manner
|
M13
|
Measures to detect and recover from a denial of service attack shall be employed
|
|
8.2
|
Black hole attack, disruption of communication between vehicles by blocking the transfer of messages to other vehicles
|
M13
|
Measures to detect and recover from a denial of service attack shall be employed
|
|
9.1
|
An unprivileged user is able to gain privileged access, for example root access
|
M9
|
Measures to prevent and detect unauthorized access shall be employed
|
|
10.1
|
Virus embedded in communication media infects vehicle systems
|
M14
|
Measures to protect systems against embedded viruses/malware should be considered
|
|
11.1
|
Malicious internal (e.g. CAN) messages
|
M15
|
Measures to detect malicious internal messages or activity should be considered
|
|
11.2
|
Malicious V2X messages, e.g. infrastructure to vehicle or vehicle-vehicle messages (e.g. CAM, DENM)
|
M10
|
The vehicle shall verify the authenticity and integrity of messages it receives
|
|
11.3
|
Malicious diagnostic messages
|
|
11.4
|
Malicious proprietary messages (e.g. those normally sent from OEM or component/system/function supplier)
|