Towards a systematic security evaluation of the automotive Bluetooth interface

In-cabin connectivity and its enabling technologies have increased dramatically in recent years. Security was not considered an essential property, a mind-set that has shifted significantly due to the appearance of demonstrated vulnerabilities in these connected vehicles. Connectivity allows the possibility that an external attacker may compromise the security - and therefore the safety - of the vehicle. Many exploits have already been demonstrated in literature. One of the most pervasive connective technologies is Bluetooth, a short-range wireless communication technology. Security issues with this technology are well-documented, albeit in other domains. A threat intelligence study was carried out to substantiate this motivation and finds that while the general trend is towards increasing (relative) security in automotive Bluetooth implementations, there is still significant technological lag when compared to more traditional computing systems. The main contribution of this thesis is a framework for the systematic security evaluation of the automotive Bluetooth interface from a black-box perspective (as technical specifications were loose or absent). Tests were performed through both the vehicle’s native connection and through Bluetoothenabled aftermarket devices attached to the vehicle. This framework is supported through the use of attack trees and principles as outlined in the Penetration Testing Execution Standard. Furthermore, a proof-of-concept tool was developed to implement this framework in a semi-automated manner, to carry out testing on real-world vehicles. The tool also allows for severity classification of the results acquired, as outlined in the SAE J3061 Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Results of the severity classification are validated through domain expert review. Finally, how formal methods could be integrated into the framework and tool to improve confidence and rigour, and to demonstrate how future iterations of design could be improved is also explored. In conclusion, there is a need for systematic security testing, based on the findings of the threat intelligence study. The systematic evaluation and the developed tool successfully found weaknesses in both the automotive Bluetooth interface and in the vehicle itself through Bluetooth-enabled aftermarket devices. Furthermore, the results of applying this framework provide a focus for counter-measure development and could be used as evidence in a security assurance case. The systematic evaluation framework also allows for formal methods to be introduced for added rigour and confidence. Demonstrations of how this might be performed (with case studies) were presented. Future recommendations include using this framework with more test vehicles and expanding on the existing attack trees that form the heart of the evaluation. Further work on the tool chain would also be desirable. This would enable further accuracy of any testing or modelling required, and would also take automation of the entire process further

Discrimination of Escherichia coli isolates recovered from mucosal contents of chicken intestines and different age by repetitive elements sequence-based PCR

Repetitive sequence-based PCR (rep-PCR) is a distinctive typing approach that is used to differentiate between bacterial strains. This method is also useful for studying bacterial diversity from different sources. In this study, four rep-PCR which are enterobacterial repetitive intergenic consensus PCR (ERIC-PCR), BOX-PCR, repetitive extragenic palindromic PCR (REP-PCR) and polytrinucleotide (GTG)5-PCR were evaluated for differentiation of eighteen Escherichia coli isolates to correct source based on part of intestine and age. These isolates were recovered earlier from ileal and caecal mucosal contents of chickens at a different age. The purpose of this study was to investigate the efficacy of four rep-PCR methods and composite of rep-PCR patterns to differentiate E. coli isolates to original sources of part of intestines and age based on the D index (discriminatory power determined based on Simpson’s index of diversity calculated at similarity coefficient of 90%). The (GTG)5-PCR had the highest D index (0.9804) for part of intestine and age factors. The similar D index was observed in the composite of rep-PCR patterns. The lowest D index was observed in ERIC- and BOX-PCR at 0.9020 and 0.8039 for part of intestine and age factors, respectively. (GTG)5-PCR was also the most discriminative rep-PCR observed due to its ability to cluster 14I 3E and 14I 2X isolates, and 14C 1E and 14C 3E isolates correctly in part of intestine and age factors. It was concluded that (GTG)5-PCR is a promising tool for discriminating E. coli isolates extracted from chicken intestines

Combining Third Party Components Securely in Automotive Systems

Part 5: Short PapersInternational audienceVehicle manufacturers routinely integrate third-party components and combining them securely into a larger system is a challenge, particularly when accurate specifications are not available. In this paper, we propose a methodology for users to introduce or strengthen security of these composed systems without requiring full knowledge of commercially sensitive sub-components. This methodology is supported by attack trees, which allow for systematic enumeration of black box components, the results of which are then incorporated into further design processes. We apply the methodology to a Bluetooth-enabled automotive infotainment unit, and find a legitimate Bluetooth feature that contributes to the insecurity of a system. Furthermore, we recommend a variety of follow-on processes to further strengthen the security of the system through the next iteration of design

Mobile Technology in Medicine: Development and Validation of an Adapted System Usability Scale (SUS) Questionnaire and Modified Technology Acceptance Model (TAM) to Evaluate User Experience and Acceptability of a Mobile Application in MRI Safety Screening

Background Magnetic resonance imaging (MRI) safety screening is a crucial procedure for patient preparation before entering into MRI room. Many hospitals in Malaysia are still using the MRI safety checklist printed form. Besides, clinicians will not get a definite conclusion about whether the patient is contraindicated for MRI or not. Hence, we have created one mobile application named MagnetoSafe to overcome this issue. The application will provide an instant decision on whether the patient has no contraindication, relative contraindication, or absolute contraindicated for MRI. We need to check for acceptability and user experience for any newly created mobile application. Objective This study was designed to check the validity of the adapted Technology Acceptance Model (TAM) and System Usability Scale (SUS) Questionnaire. Method The validity and reliability of the questionnaire were investigated. Subsequently, 52 fully completed responses were collected. Results Face and content validity of the questionnaires are considered acceptable with only minor changes to Item 10 of SUS. The Cronbach's alpha for the SUS questionnaire (10 questions) is −0.49, which is not acceptable. The Cronbach's alpha for TAM questionnaire (3 domains; 14 questions) is acceptable, which is 0.910 for perceived usefulness, 0.843 for perceived ease of use, and 0.915 for intention to use. Conclusion Face validity of the adapted SUS and modified TAM questionnaires is acceptable with only minor changes to Item 10 in SUS. Content validity with experts is good. However, the reliability of the SUS questionnaire is not acceptable and therefore adapted SUS will not be used for assessing user experience. The reliability of the modified TAM questionnaire with the original three-factor structure is considered acceptable and can be used to evaluate the user's acceptability of MagnetoSafe

Prévalence de l'épilepsie au Cambodge : enquête transversale porte-à-porte représentative de la province de Prey Veng.

International audienc