On this page, you can find results produced from the Threat MOVE project.

 

Work package 2 – Framework
Framework
 The Meta Attack Language (MAL) – an open threat modelling language compiler on GitHub

Paper: Pontus Johnson, Robert Lagerström, and Mathias Ekstedt,” A Meta Language for Threat Modeling and Attack Simulations,” in Proc. of the 13th International Conference on Availability, Reliability and Security (ARES), 2018.

Paper: Wenjun Xiong and Robert Lagerström, Threat Modeling: A Systematic Literature Review, Computers & Security, 2019.

 

 

Work package 3 – Domain-specific language
Paper: Wenjun Xiong and Robert Lagerström, “Threat Modeling of Connected Vehicles: A privacy analysis and extension of vehicleLang,” in the Proc. of the IEEE Cyber Science conference, June 2019.

Paper: Sotirios Katsikeas, Pontus Johnson, Simon Hacks, and Robert Lagerström, “Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language,” in the Proc. of the 5th International Conference on Information Systems Security and Privacy (ICISSP), Feb. 2019.

Bachelor thesis: Love Almgren & Johan Holm Åström, ”Probabilistic modelling and attack simulations on AWS Connected Vehicle Solution: An Application of the Meta Attack Language,” Bachelor thesis, KTH Royal Institute of Technology, 2019.
Master thesis: Sotirios Katsikeas, “vehicleLang: a probabilistic modeling and simulation language for vehicular cyber attacks,” KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Master Thesis, 2018.
Language implementation: vechicleLang on GitHub
Master thesis: Asmelash Girmay Mesele, AUTOSARLang: Threat Modeling and Attack Simulation for Vehicle Cybersecurity, KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Master Thesis, 2018.
Language implementation: autosarLang on Github

 

 

Work package 5 – Testing and validation
Paper: Wenjun Xiong, Fredrik Krantz, and Robert Lagerström, “Threat modeling and attack simulations of connected vehicles: a research outlook,” in the Proc. of the 5th International Conference on Information Systems Security and Privacy (ICISSP), Feb. 2019.

Bachelor thesis: Fredrik Krantz (supervisor: Associate prof. Robert Lagerström), “Modelling and Security Analysis of Internet Connected Cars,” KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Bachelor Thesis, 2018.

Master thesis: Nedo Skobalj, “Validating vehicleLang for Domain-specific Threat Modelling of In-vehicle Network,” KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Master Thesis, 2019.

 

 

Work package 7 – Vehicle specific security parameters
Paper: Wenjun Xiong, Melek Gülsever, Koray Mustafa Kaya, and Robert Lagerström, “A Study of Security Vulnerabilities and Software Weaknesses in Vehicles,” accepted for publication in the proceedings of the 24th Nordic Conference on Secure IT Systems (NordSec), 2019.

Bachelor thesis: Ludvig Christensen and Daniel Dannberg, ”Ethical hacking of IoT devices: OBD-II dongles,” Bachelor thesis, KTH Royal Institute of Technology, 2019.

Bachelor thesis: Aldin Burdzovic and Jonathan Matsson, ” IoT Penetration Testing: Security analysis of a car dongle,” Bachelor thesis, KTH Royal Institute of Technology, 2019.

Bachelor thesis: Koray Kaya, ”A Study of Vulnerabilities and Weaknesses in Connected Cars,” Bachelor thesis, KTH Royal Institute of Technology, 2019.

Bachelor thesis: Melek Gülsever, ”A Study on Vulnerabilities in Connected Cars,” Bachelor thesis, KTH Royal Institute of Technology, 2019.

Bachelor thesis: Simon Carlsson and Max Näf (supervisor: Prof. Pontus Johnson), “Internet of Things Hacking,” KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Bachelor Thesis, 2018.

Bachelor thesis: Gustav Marstorp and Hannes Lindström (supervisor: Prof. Pontus Johnson), “Security Testing of an OBD-II Connected IoT Device,” KTH Royal Institute of Technology, School of Electrical Engineering and Computer Science, Bachelor Thesis, 2018.

 

 

Work package 8 – Outreach
Vulnerabilities (CVEs):
Ludvig Christensen, Daniel Dannberg, Pontus Johnson, and Robert Lagerström, CVE-2019-12797, Vulnerability in a clone version of an ELM327 OBD2 Bluetooth device, hardcoded PIN leading to arbitrary commands to an OBD-II bus of a vehicle.

Aldin Burdzovic and Jonathan Matsson, CVE-2019-12941, AutoPi Wi-Fi/NB and 4G/LTE devices before 2019-10-15 allows an attacker to perform a brute-force attack or dictionary attack to gain access to the WiFi network, which provides root access to the device.

News:
DagensNyheter https://www.dn.se/ekonomi/motor/uppkopplingen-gor-bilen-smartare-men-hackare-kan-ta-kontroll-over-ratten/

DagensNyheter https://www.dn.se/ekonomi/motor/uppkoppling-for-aldre-bil-oppen-for-hackning/

Metro https://www.metro.se/nyheter/forskaren:-dina-hushallsprylar-kan-hackas-och-anvandas-emot-dig-DffDLf8e2

KTH News https://www.kth.se/aktuellt/nyheter/nar-robotdammsugaren-spionerar-pa-dig-1.898460

SR Studio 1 https://sverigesradio.se/sida/artikel.aspx?programid=1637&artikel=7293986

NyTeknik om Threat MOVE https://www.nyteknik.se/digitalisering/foreseetis-kod-ska-skydda-uppkopplade-bilar-fran-hackare-6892180

 

Meetings and conferences:
Autosec FFI conference in Stockholm at RISE, Threat MOVE presented by Robert Lagerström (KTH), Niklas Wiberg (Scania, and Per Eliasson (foreseeti), 2019-10-10.

PhD student Wenjun Xiong presented a paper at the IEEE Cyber Science conference in Oxford UK, 2019-06-03.

Car security seminar at KTH, arranged by Dex, Robert Lagerström (KTH) and Per Eliasson (foreseeti) presented Threat MOVE, 2019-05-20.

KTH PhD students Sotirios Katsikeas and Wenjun Xiong presented Threat MOVE work at the 5th International Conference on Information Systems Security and Privacy (ICISSP) in February 2019.

Robert Lagerström presented at the Hawaii International Conference on System Sciences (HICSS) January 2019.

Threat MOVE presented by Per Eliasson (Foreseeti) at the Autosec meeting in Gothenburg https://autosec.se/ffi-autosec-conference-2018/

Educational seminar on threat modeling at the eCrime congress in Frankfurt, 2018-01-24.

 

Podcasts:
Robert Lagerström, KTH, participated in Podcast about communication – robots, cancer cells and cyber security, 2018-03-16.

Robert Lagerström, KTH, participated in Podcast about IT security with RadioScience, 2018-04-20.

 

VideoCybersecurity and ethical hacking of connected vehicles

 

Popular Science:
Young Academy of Sweden, Ett kalejdoskop av kunskap, Santérus Förlag, 2019.
– Robert Lagerström, “En stundande cyberepidemi?”

 

Facebooktwitterredditlinkedinmail