A Cybersecurity Education Platform for Automotive Penetration Testing

Fuxen, Philipp; Schönhärl, Stefan; Schmidt, Jonas; Gerstner, Mathias; Jahn, Sabrina; Graf, Julian; Hackenberg, Rudolf; Mottok, Jürgen

Home // International Journal On Advances in Security, volume 15, numbers 3 and 4, 2022 // View article

A Cybersecurity Education Platform for Automotive Penetration Testing

Authors:
Philipp Fuxen
Stefan Schönhärl
Jonas Schmidt
Mathias Gerstner
Sabrina Jahn
Julian Graf
Rudolf Hackenberg
Jürgen Mottok

Keywords: IT-Security Education; Automotive; Penetration Testing; Education Framework; Challenge-based Learning

Abstract:
The paper presents a penetration testing framework for automotive IT security education and evaluates its realization. The automotive sector is changing due to automated driving functions, connected vehicles, and electric vehicles. This development also creates new and more critical vulnerabilities. This paper addresses a possible countermeasure, automotive IT security education. Some existing solutions are evaluated and compared with the created Automotive Penetration Testing Education Platform (APTEP) framework. In addition, the APTEP architecture is described. It consists of three layers representing different attack points of a vehicle. The realization of the APTEP is a hardware case and a virtual platform referred to as the Automotive Network Security Koffer (ANSKo). The hardware case contains emulated control units and different communication protocols. The virtual platform uses Docker containers to provide a similar experience over the internet. Both offer two kinds of challenges. The first introduces users to a specific interface, while the second combines multiple interfaces, to a complex and realistic challenge. This concept is based on modern didactic theories, such as constructivism and problem-based/challenge-based learning. Computer Science students from the OTH Regensburg experienced the challenges as part of a elective subject. In an online survey evaluated in this paper, they gave positive feedback. Also, a part of the evaluation is the mapping of the ANSKo and the maturity levels in the Software Assurance Maturity Model (SAMM) practice Education & Guidance as well as the SAMM practice Security Testing. The scientific contribution of this paper is to present an APTEP, a corresponding learning concept and an evaluation method.

Pages: 106 to 118

Publication date: December 31, 2022

Published in: journal

ISSN: 1942-2636