Modelling and Security Analysis of Internet Connected Cars

Abstract: With more and more Internet connected devices comes the question, are they secure enough. If such a thing as a vehicle were to be hacked there could be dire consequences. For example if someone acquired remote control of the brakes and steering of a vehicle they could be controlled with illicit intent. Several reports have shown that the internal networks of a vehicle with the protocols and devices used today are vulnerable to different kinds of attacks. So how can we make them more safe. The first step should be to show how vulnerable these systems are. This can be done in different ways. One way is to directly try to gain access to critical devices on a physical car i.e hacking it. Another way is to perform a manual security analysis of the car to map different vulnerabilities and and try to exploit those. A different way is to model the cars internal network with a tool that could do threat modelling and simulate attacks. One tool available being SecuriCAD. This tool is made with ethernet networks in minds and computers connected to these networks. An attempt to model in-vehicular networks shows to work with some adjustments. When a generalised model of a invehicular network is created in SecuriCAD the simulations shows vulnerabilities that correlates with what is shown in other reports. When modeling a 2014 Jeep Cherokee, the resulting attack tree of a replay attack given by the simulations is comparatively accurate to those attack steps made by Miller and Valasek when they hacked the same Jeep model in 2015. The method used in this project could be further improved but is a good proof of concept.