{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T17:44:47Z","timestamp":1725644687912},"reference-count":33,"publisher":"Institute of Electronics, Information and Communications Engineers (IEICE)","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEICE Trans. Fundamentals"],"published-print":{"date-parts":[[2023,3,1]]},"DOI":"10.1587\/transfun.2022cip0004","type":"journal-article","created":{"date-parts":[[2022,11,8]],"date-time":"2022-11-08T22:13:16Z","timestamp":1667945596000},"page":"341-349","source":"Crossref","is-referenced-by-count":5,"title":["A Study of The Risk Quantification Method of Cyber-Physical Systems focusing on Direct-Access Attacks to In-Vehicle Networks"],"prefix":"10.1587","volume":"E106.A","author":[{"given":"Yasuyuki","family":"KAWANISHI","sequence":"first","affiliation":[{"name":"Sumitomo Electric Industries, Ltd."},{"name":"SEI-AIST Cyber Security Cooperative Research Laboratory, AIST"},{"name":"Kyoto Sangyo University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hideaki","family":"NISHIHARA","sequence":"additional","affiliation":[{"name":"SEI-AIST Cyber Security Cooperative Research Laboratory, AIST"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hideki","family":"YAMAMOTO","sequence":"additional","affiliation":[{"name":"Sumitomo Electric Industries, Ltd."},{"name":"SEI-AIST Cyber Security Cooperative Research Laboratory, AIST"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hirotaka","family":"YOSHIDA","sequence":"additional","affiliation":[{"name":"SEI-AIST Cyber Security Cooperative Research Laboratory, AIST"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hiroyuki","family":"INOUE","sequence":"additional","affiliation":[{"name":"SEI-AIST Cyber Security Cooperative Research Laboratory, AIST"},{"name":"Kyoto Sangyo University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"532","reference":[{"key":"1","unstructured":"[1] UNECE (United Nations Economic Commission for Europe) WP.29, \u201cDraft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 GRVA,\u201d 2018."},{"key":"2","unstructured":"[2] ISO\/SAE, \u201cISO\/SAE 21434: Road vehicles-Cybersecurity engineering,\u201d 2021."},{"key":"3","unstructured":"[3] IEC, \u201cIEC 62443-3-2: Security for Industrial Automation and Control Systems.-Part 3-2: Security risk assessment for system design,\u201d 2020."},{"key":"4","unstructured":"[4] IEC, \u201cIEC 62443-3-3: Security for Industrial Automation and Control Systems.-Part 3-3: System security requirements and security levels,\u201d 2013."},{"key":"5","doi-asserted-by":"crossref","unstructured":"[5] D. P\u00fcllen, N. Anagnostopoulos, T. Arul, and S. Katzenbeisser, \u201cSafety meets security: Using IEC 62443 for a highly automated road vehicle,\u201d SAFECOMP 2020, pp.325-340, 2020. 10.1007\/978-3-030-54549-9_22","DOI":"10.1007\/978-3-030-54549-9_22"},{"key":"6","unstructured":"[6] Aptiv, Audi, Baidu, BMW, Continental, Daimler, FCA US LLC, HERE, Infineon, Intel and Volkswagen, \u201cSafety first for automated driving,\u201d 2019."},{"key":"7","unstructured":"[7] ENISA, \u201cGood practices for security of Smart Cars,\u201d 2019."},{"key":"8","unstructured":"[8] US Department Transportation, \u201cEnsuring american leadership in automated vehicle technologies: Automated vehicles 4.0,\u201d 2020."},{"key":"9","unstructured":"[9] ISO\/IEC, \u201cISO\/IEC 15408: Information technology-Security techniques-Evaluation criteria for IT security-,\u201d 2009."},{"key":"10","unstructured":"[10] ENISA, \u201cCybersecurity Certification-EUCC, a candidate cybersecurity certification scheme to serve as a successor to the existing SOG-IS-,\u201d Version 1.1.1, 2021."},{"key":"11","doi-asserted-by":"crossref","unstructured":"[11] K. Maliatsos, C. Lyvas, P. Pantazopoulos, C. Lambrinoudakis, A. Kanatas, M. Gay, and A. Amditis, \u201cStandardizing security evaluation criteria for connected vehicles: A modular protection profile,\u201d 2019 IEEE Conference on Standards for Communications and Networking (CSCN), 2019. 10.1109\/cscn.2019.8931344","DOI":"10.1109\/CSCN.2019.8931344"},{"key":"12","unstructured":"[12] The Asahi Shinbun, \u201cNearly 20% of Lexus LX SUVs stolen in Aichi Prefecture,\u201d [online] Available at: https:\/\/www.asahi.com\/ajw\/articles\/14378293\/, 2021."},{"key":"13","unstructured":"[13] Society of Automotive Engineers of Japan, \u201cJASO TP15002: Guideline for automotive information security analysis,\u201d 2015."},{"key":"14","unstructured":"[14] Y. Kawanishi, H. Nishihara, D. Souma and H. Yoshida, \u201cA study on secure system design of IoT systems,\u201d SCIS2017, 2017."},{"key":"15","doi-asserted-by":"crossref","unstructured":"[15] Y. Kawanishi, H. Nishihara, D. Souma, and H. Yoshida, \u201cDetailed analysis of security evaluation of automotive systems based on JASO TP15002,\u201d Dependable Smart Embedded Cyber-physical Systems and Systems-of-Systems (DECSoS), pp.211-224, 2017. 10.1007\/978-3-319-66284-8_18","DOI":"10.1007\/978-3-319-66284-8_18"},{"key":"16","doi-asserted-by":"crossref","unstructured":"[16] Y. Kawanishi, H. Nishihara, D. Souma, H. Yoshida, and Y. Hata, \u201cA study on quantitative risk assessment methods in security design for industrial control systems,\u201d IEEE CyberSciTech2018, 2018. 10.1109\/dasc\/picom\/datacom\/cyberscitec.2018.00025","DOI":"10.1109\/DASC\/PiCom\/DataCom\/CyberSciTec.2018.00025"},{"key":"17","doi-asserted-by":"crossref","unstructured":"[17] Y. Kawanishi, H. Nishihara, D. Souma, H. Yoshida, and Y. Hata, \u201cA study of the risk quantification method focusing on direct-access attacks in cyber-physical systems,\u201d IEEE CyberSciTech2021, 2021. 10.1109\/dasc-picom-cbdcom-cyberscitech52372.2021.00059","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech52372.2021.00059"},{"key":"18","unstructured":"[18] ITU-T, \u201cITU-T X.1521(04\/2011): Cybersecurity information exchange, Vulnerability\/state exchange, Common vulnerability scoring system,\u201d 2011."},{"key":"19","doi-asserted-by":"publisher","unstructured":"[19] J. Ko, S. Lee, Y. Lim, S. Ju, and T. Shon, \u201cA novel network modeling and evaluation approach for security vulnerability quantification in substation automation systems,\u201d IEICE Trans. Inf. & Syst., vol.E96-D, no.9, pp.2021-2025, Sept. 2013. 10.1587\/transinf.e96.d.2021","DOI":"10.1587\/transinf.E96.D.2021"},{"key":"20","unstructured":"[20] ITU-T, \u201cITU-T X.1521(03\/2016): Cybersecurity information exchange, Vulnerability\/state exchange, Common vulnerability scoring system 3.0,\u201d 2016."},{"key":"21","doi-asserted-by":"crossref","unstructured":"[21] E. Ando, M. Kayashima, and N. Komoda, \u201cA proposal of security requirements definition methodology in connected car systems by CVSS V3,\u201d 2016 5th IIAI International Congress on Advanced Applied Informatics (IIAI-AAI), pp.894-899, 2016. 10.1109\/iiai-aai.2016.95","DOI":"10.1109\/IIAI-AAI.2016.95"},{"key":"22","doi-asserted-by":"publisher","unstructured":"[22] H. Zhang, Y. Pan, Z. Lu, J. Wang, and Z. Liu, \u201cA cyber security evaluation framework for in-vehicle electrical control units,\u201d IEEE Access, vol.9, pp.149690-149706, 2021. 10.1109\/access.2021.3124565","DOI":"10.1109\/ACCESS.2021.3124565"},{"key":"23","unstructured":"[23] Common Criteria, \u201cCommon Methodology for Information Technology Security Evaluation, Evaluation methodology Version 3.1 Revision 5 April 2017,\u201d CCMB-2017-04-004, 2017."},{"key":"24","doi-asserted-by":"crossref","unstructured":"[24] Y. Zhang, P. Shi, C. Dong, Y. Liu, X. Shao, and C. Ma, \u201cTest and evaluation system for automotive cybersecurity,\u201d 2018 IEEE International Conference on Computational Science and Engineering (CSE), 2018. 10.1109\/cse.2018.00035","DOI":"10.1109\/CSE.2018.00035"},{"key":"25","unstructured":"[25] ITU-T, \u201cITU-T X.1525: Cybersecurity information exchange, Vulnerability\/state exchange, Common weakness scoring system,\u201d 2015."},{"key":"26","unstructured":"[26] S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, \u201cComprehensive experimental analyses of automotive attack surfaces,\u201d USENIX Security Symposium 2011, 2011."},{"key":"27","doi-asserted-by":"crossref","unstructured":"[27] K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage, \u201cExperimental security analysis of a modern automobile,\u201d IEEE Symposium on Security and Privacy, 2010. 10.1109\/sp.2010.34","DOI":"10.1109\/SP.2010.34"},{"key":"28","unstructured":"[28] C. Miller and C. Valasek, \u201cAdventures in Automotive Networks and Control Units,\u201d DEFCON 21, 2013."},{"key":"29","doi-asserted-by":"publisher","unstructured":"[29] X. L, Y. Yu, G. Sun, and K. Chen, \u201cConnected vehicles' security from the perspective of the in-vehicle network,\u201d IEEE Netw., vol.32, no.3, pp.58-63, 2018. 10.1109\/mnet.2018.1700319","DOI":"10.1109\/MNET.2018.1700319"},{"key":"30","doi-asserted-by":"crossref","unstructured":"[30] K.-T. Cho and K.G. Shin, \u201cError handling of in-vehicle networks makes them vulnerable,\u201d Proc. ACM SIGSAC Conf. Comput. Commun. Secur., pp.1044-1055, 2016. 10.1145\/2976749.2978302","DOI":"10.1145\/2976749.2978302"},{"key":"31","doi-asserted-by":"publisher","unstructured":"[31] J. Takahashi, \u201cAn overview of cyber security for connected vehicles,\u201d IEICE Trans. Inf. & Syst., vol.E101-D, no.11, pp.2561-2575, Nov. 2018. 10.1587\/transinf.2017ici0001","DOI":"10.1587\/transinf.2017ICI0001"},{"key":"32","unstructured":"[32] Common Weakness Enumeration, \u201cCommon Weakness Scoring System (CWSS),\u201d [online] Available at: https:\/\/cwe.mitre.org\/cwss\/cwss_v1.0.1.html"},{"key":"33","doi-asserted-by":"publisher","unstructured":"[33] J. Liu, S. Zhang, W. Sun, and Y. Shi, \u201cIn-vehicle network attacks and countermeasures: Challenges and future directions,\u201d IEEE Netw., vol.31, no.5, pp.50-58, 2017. 10.1109\/mnet.2017.1600257","DOI":"10.1109\/MNET.2017.1600257"}],"container-title":["IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E106.A\/3\/E106.A_2022CIP0004\/_pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,10]],"date-time":"2024-05-10T05:08:36Z","timestamp":1715317716000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.jstage.jst.go.jp\/article\/transfun\/E106.A\/3\/E106.A_2022CIP0004\/_article"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,3,1]]},"references-count":33,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2023]]}},"URL":"https:\/\/doi.org\/10.1587\/transfun.2022cip0004","relation":{},"ISSN":["0916-8508","1745-1337"],"issn-type":[{"value":"0916-8508","type":"print"},{"value":"1745-1337","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,3,1]]},"article-number":"2022CIP0004"}}