Conducting forensic investigations of cyber attacks on automobile in-vehicle networks

The introduction of the wireless gateway as an entry point to an automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network, which currently lacks proper means for detecting and investigating security-related events. In this paper, we discuss the specifics of performing a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use Brian Carrier's Digital Crime Scene Model as a template to illustrate how the requirements affect an investigation. For each phase of the model, we show the benefits of meeting the requirements and the implications of not complying with them.

[1]  Keith J. Jones,et al.  Real Digital Forensics: Computer Security and Incident Response , 2005 .

[2]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[3]  Ramesh Subramanian,et al.  Peer to Peer Computing: The Evolution of a Disruptive Technology , 2005 .

[4]  Satish V. Ukkusuri,et al.  Integrating Traffic Flow Features to Characterize the Interference in Vehicular Ad Hoc Networks , 2009 .

[5]  Lalitha Rangarajan,et al.  Source Camera Identification Based on Sensor Readout Noise , 2010, Int. J. Digit. Crime Forensics.

[6]  Lin Liu,et al.  Chapter XX Varieties of Artificial Crime Analysis: Purpose, Structure, and Evidence in Crime Simulations , 2008 .

[7]  Thomas A. Longstaff,et al.  A common language for computer security incidents , 1998 .

[8]  Lin Liu Artificial Crime Analysis Systems: Using Computer Simulations and Geographic Information Systems , 2008 .

[9]  Kevin Mandia,et al.  Incident Response: Investigating Computer Crime , 2001 .

[10]  Eugene H. Spafford,et al.  An Event-Based Digital Forensic Investigation Framework , 2004 .

[11]  Yvon Gourhant,et al.  Providing Authentication and Access Control in Vehicular Network Environment , 2006, SEC.

[12]  M. B. Mukasey,et al.  Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition , 2008 .

[13]  Radovan Miucic,et al.  Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[14]  Gary C. Kessler,et al.  Computer Forensics: Principles and Practices , 2006 .

[15]  U. Lee,et al.  Advances in Vehicular Ad-Hoc Networks : Developments and Challenges , 2010 .

[16]  Benjamin A. Kuperman,et al.  A categorization of computer security monitoring systems and the impact on the design of audit sources , 2004 .

[17]  Stavros Kotsopoulos,et al.  Handbook of Research on Heterogeneous Next Generation Networking: Innovations and Platforms , 2008 .

[18]  Raul Aquino-Santos,et al.  Analyzing IEEE 802.11g and IEEE 802.16e Technologies for Single-Hop Inter-Vehicle Communication , 2010 .

[19]  Christof Paar,et al.  Security in Automotive Bus Systems , 2004 .

[20]  Chung-ming Huang,et al.  Telematics Communication Technologies and Vehicular Networks: Wireless Architectures and Applications , 2009 .

[21]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[22]  Dimitrios K. Lymberopoulos Test Template for Data Mining Publications , 2009 .

[23]  Joon-Yeoul Oh,et al.  A Heuristic Solution to the Large Scale Cellular Telecommunication Network Expansion Problem , 2009 .

[24]  Sridhar Asvathanarayanan Potential Security Issues in a Peer-to-Peer Network from a Database Perspective , 2008 .