论文信息 - Conducting forensic investigations of cyber attacks on automobile in-vehicle networks

Conducting forensic investigations of cyber attacks on automobile in-vehicle networks

The introduction of the wireless gateway as an entry point to an automobile in-vehicle network reduces the effort of performing diagnostics and firmware updates considerably. Unfortunately, the same gateway also allows cyber attacks to target the unprotected network, which currently lacks proper means for detecting and investigating security-related events. In this paper, we discuss the specifics of performing a digital forensic investigation of an in-vehicle network. An analysis of the current features of the network is performed, and an attacker model is developed. Based on the attacker model and a set of generally accepted forensic investigation principles, we derive a list of requirements for detection, data collection, and event reconstruction. We then use Brian Carrier's Digital Crime Scene Model as a template to illustrate how the requirements affect an investigation. For each phase of the model, we show the benefits of meeting the requirements and the implications of not complying with them.

Ulf E. Larson | Dennis K. Nilsson

[1] Eugene H. Spafford,et al. Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[2] Thomas A. Longstaff,et al. A common language for computer security incidents , 1998 .

[3] Gregg H. Gunsch,et al. An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[4] Radovan Miucic,et al. Firmware Update Over The Air (FOTA) for Automotive Industry , 2007 .

[5] Kevin Mandia,et al. Incident Response: Investigating Computer Crime , 2001 .

[6] Richard P. Ayers,et al. Guidelines on PDA Forensics, Recommendations of the National Institute of Standards and Technology | NIST , 2004 .

[7] Benjamin A. Kuperman,et al. A categorization of computer security monitoring systems and the impact on the design of audit sources , 2004 .

[8] Christof Paar,et al. Security in Automotive Bus Systems , 2004 .

[9] Keith J. Jones,et al. Real Digital Forensics: Computer Security and Incident Response , 2005 .

[10] Linda Volonino,et al. Computer Forensics: Principles and Practices (Prentice Hall Security Series) , 2006 .

[11] Gary C. Kessler,et al. Computer Forensics: Principles and Practices , 2006 .

[12] Eugene H. Spafford,et al. An Event-Based Digital Forensic Investigation Framework , 2004 .