SP-E: Security Evaluation Framework of In-vehicle Infotainment System based on Threat Analyses and Penetration Tests

Abstract

Abstract With the increasing requirement of people, the functions of in-vehicle infotainment systems are becoming more and more abundant, and their security also affects the safety of vehicles. Therefore, it is more and more important to evaluate the security of the IVI system. This paper proposes a security evaluation framework for in-vehicle infotainment systems based on threat analyses and penetration tests. By constructing the data flow diagram of application scenarios, analyzing threats, combing the attack link diagram, combining white-box audit and black-box test, we use the characteristics of high efficiency of automatic tools and high accuracy of manual methods to set factor sets, and then the whole IVI system is evaluated by Analytic Hierarchy Process and Fuzzy Comprehensive Evaluation.