Analysis Of Safety Threats And Remote Invasion Of Intelligent And Connected Vehicle In Complex Network Environment

The rapid development of Internet of Things,cloud computing,artificial intelligence,big data and 5G technology has promoted the evolution of traditional vehicles to Intelligent and Connected Vehicles(ICVs),making them widely used in autonomous driving,intelligent transportation and smart cities.Modern vehicles have formed a large and complex car network by integrating various sensors,electronic control units,cabling systems and millions of lines of code.However,the security threats brought by these advanced network technologies and smart devices are gradually increasing,and the security audit of ICVs is becoming more and more complicated.Various endless security issues pose significant challenges to the rapid development of ICVs.This paper starts with the research on the security architecture of ICVs.It not only uses the traditional STRIDE threat modeling method to try to build the security system of ICVs,but also proposes a new FBIT threat modeling method applied to the actual commercial vehicle and its associated TSP system.The modeling scheme we propose is verified.TSP is a new integrated system that comes with the development of ICVs.From the current research status,few scholars have specially studied TSP security architecture.The paper hopes to achieve the effect of throwing bricks and jade through the security research on TSP,making the research on the field of intelligent networked cars more comprehensive and in-depth.In addition,we have successfully launched a long-range attack on a well-known brand car through the cellular network to break through its security system.This kind of behavior of remote intrusion and control using cellular networks is chilling and further verifies that the threats presented by our threat modeling do exist.The series of attack methods described in the ICV field is a new attack method,providing more space and direction for intelligent network communication research.The article first introduces the security architecture of ICV.We divide it into three parts: vehicle network,V2 X workshop communication and TSP cloud communication,and explain the communication mechanism and communication principle outside the vehicle.Then,by investigating relevant research and a large number of literatures from domestic and foreign scholars,the threats faced by current ICVs are described in detail.We classify and organize them,and also introduce the typical attack surfaces and attack methods existing in ICV.Next,describe the STRIDE threat modeling methodology and try to model threats to invehicle communication systems.Due to the complexity of the modeling process,the results are not very satisfactory.In order to better adapt to the complex car networking environment,we propose a new FBIT modeling method.The threat modeling analysis of TSP has obtained good results.Finally,we conduct vulnerability mining and penetration testing on a car that is actually commercial.We successfully acquired multiple car owners' accounts and broke through their security systems to achieve remote control.Under the circumstance of the owner,the cellular network is used to obtain a lot of sensitive information such as the license plate number,frame number,driving mileage,vehicle speed and engine state of the target vehicle.And we can also track the location of its vehicles in real time,controlling in-vehicle equipment such as doors,trunks and engines.Later,defenses against attacks were also given.