Scientific article
Open access

Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles

Published inTelecom, vol. 4, no. 1, p. 198-218
Publication date2023-03-20
First online date2023-03-20

The Connected Automated Vehicle (CAV)’s deployment is proof of the wide evolution of autonomous driving technologies enabling vehicles to gradually dispose of their drivers. Within the scope of smart cities, such innovation has given rise to a new type of CAV: the Automated City Shuttle (ACS). Foreseen as the new paradigm aiming to shape the public transport model, the ACS elicits a plurality of new applications, such as the on-demand service in which a driverless shuttle offers the desired ride without human intervention. However, such a model raises cybersecurity concerns through the numerous attack surfaces and vehicle hyperconnection. This phenomenon was highlighted in several studies on CAVs, but very few research works tackled the specific case of ACSs, whose challenges and risks far exceed those of personal vehicles. The present work offers a comprehensive investigation of cybersecurity attacks, demonstrates a performed risk assessment based on the ISO/SAE 21434 standard, and showcases a penetration test over a real ACS of automation level four (L4) according to the Society of Automotive Engineering (SAE)’s ranking. Based on our experiments, we leverage fundamental cybersecurity recommendations with a focus on the ACS’s physical security.

  • Automated city shuttles
  • Connected automated vehicles
  • Cybersecurity
  • ISO/SAE 21434
  • Penetration testing
  • Risk analysis
  • European Commission - SHared automation Operating models for Worldwide adoption [875530]
  • European Commission - ULTIMO - Advancing Sustainable User-centric Mobility with Automated Vehicles [101077587]
Citation (ISO format)
BENYAHYA, Meriem et al. Symbiotic Analysis of Security Assessment and Penetration Tests Guiding Real L4 Automated City Shuttles. In: Telecom, 2023, vol. 4, n° 1, p. 198–218. doi: 10.3390/telecom4010012
Main files (1)
Article (Published version)
ISSN of the journal2673-4001

Technical informations

Creation10/02/2023 9:19:12 AM
First validation10/04/2023 11:58:58 AM
Update time10/04/2023 11:58:58 AM
Status update10/04/2023 11:58:58 AM
Last indexation02/12/2024 12:33:41 PM
All rights reserved by Archive ouverte UNIGE and the University of GenevaunigeBlack