Mario Raciti,Giampaolo Bella

DOI: https://doi.org/10.1007/978-3-031-54204-6_27

2023-08-22

Abstract:Physical persons playing the role of car drivers consume data that is sourced from the Internet and, at the same time, themselves act as sources of relevant data. It follows that citizens' privacy is potentially at risk while they drive, hence the need to model privacy threats in this application domain. This paper addresses the privacy threats by updating a recent threat-modelling methodology and by tailoring it specifically to the soft privacy target property, which ensures citizens' full control on their personal data. The methodology now features the sources of documentation as an explicit variable that is to be considered. It is demonstrated by including a new version of the de-facto standard LINDDUN methodology as well as an additional source by ENISA which is found to be relevant to soft privacy. The main findings are a set of 23 domain-independent threats, 43 domain-specific assets and 525 domain-dependent threats for the target property in the automotive domain. While these exceed their previous versions, their main value is to offer self-evident support to at least two arguments. One is that LINDDUN has evolved much the way our original methodology already advocated because a few of our previously suggested extensions are no longer outstanding. The other one is that ENISA's treatment of privacy aboard smart cars should be extended considerably because our 525 threats fall in the same scope.

Cryptography and Security

Wenjun Xiong,Robert Lagerström

DOI: https://doi.org/10.48550/arXiv.1812.04967

IF: 4.729

2018-12-12

Signal Processing

Abstract:Modern vehicles contain more than a hundred Electronic Control Units (ECUs) that communicate over different in-vehicle networks, and they are often connected to the Internet, which makes them vulnerable to various cyber-attacks. Besides, data collected by the connected vehicles is directly connected to the vehicular network. Thus, big vehicular data are collected, which are valuable and generate insights into driver behavior. Previously, a probabilistic modeling and simulation language named vehicleLang is presented to analyze the security of connected vehicles. However, the privacy issues of vehicular data have not been addressed. To fill in the gap, this work present a privacy specification for vehicles based on vehicleLang, which uses the Meta Attack Language (MAL) to assess the security of connected vehicles in a formal way, with a special focus on the privacy aspect. To evaluate this work, test cases are also presented.

Mario Raciti,Giampaolo Bella

DOI: https://doi.org/10.1109/EuroSPW59978.2023.00005

2023-06-07

Abstract:Modern cars are getting so computerised that ENISA's phrase "smart cars" is a perfect fit. The amount of personal data that they process is very large and, yet, increasing. Hence, the need to address citizens' privacy while they drive and, correspondingly, the importance of privacy threat modelling (in support of a respective risk assessment, such as through a Data Protection Impact Assessment). This paper addresses privacy threats by advancing a general modelling methodology and by demonstrating it specifically on soft privacy, which ensures citizens' full control on their personal data. By considering all relevant threat agents, the paper applies the methodology to the specific automotive domain while keeping threats at the same level of detail as ENISA's. The main result beside the modelling methodology consists of both domain-independent and automotive domain-dependent soft privacy threats. While cybersecurity has been vastly threat-modelled so far, this paper extends the literature with a threat model for soft privacy on smart cars, producing 17 domain-independent threats that, associated with 41 domain-specific assets, shape a novel set of domain-dependent threats in automotive.

Cryptography and Security

Mark Quinlan,Jun Zhao,Andrew Simpson

DOI: https://doi.org/10.48550/arXiv.2207.06182

2022-07-13

Cryptography and Security

Abstract:Just as the world of consumer devices was forever changed by the introduction of computer controlled solutions, the introduction of the engine control unit (ECU) gave rise to the automobile's transformation from a transportation product to a technology platform. A modern car is capable of processing, analysing and transmitting data in ways that could not have been foreseen only a few years ago. These cars often incorporate telematics systems, which are used to provide navigation and internet connectivity over cellular networks, as well as data-recording devices for insurance and product development purposes. We examine the telematics system of a production vehicle, and aim to ascertain some of the associated privacy-related threats. We also consider how this analysis might underpin further research.

Jozef Andraško,Ondrej Hamuľák,Matúš Mesarčík,Tanel Kerikmäe,Aleksi Kajander

DOI: https://doi.org/10.3390/su131910610

IF: 3.9

2021-09-24

Sustainability

Abstract:The article focuses on the issue of data governance in connected vehicles through a novel analysis of current legal frameworks in the European Union. The analysis of relevant legislation, judicial decisions, and doctrines is supplemented by discussions relating to associated sustainability issues. Relevant notions of autonomous vehicles are analyzed, and a respective legal framework is introduced. Although fully automated vehicles are a matter for the future, the time to regulate is now. The European Union aims to create cooperative, connected, and automated mobility based on cooperation between different interconnected types of machinery. The essence of the system is data flow, as data governance in connected vehicles is one of the most intensively discussed themes nowadays. This triggers a need to analyze relevant legal frameworks in connection with fundamental rights and freedoms. Replacing human decision-making with artificial intelligence has the capacity to erode long-held and protected social and cultural values, such as the autonomy of individuals as has already been in evidence in legislation. Finally, the article deals with the issue of responsibility and liability of different actors involved in processing personal data according to the General Data Protection Regulation (GDPR) applied to the environment of connected and automated vehicle (CAV) smart infrastructure. Based on a definition and analysis of three model situations, we point out that in several cases of processing personal data within the CAV, it proves extremely demanding to determine the liable entity, due to the functional and relatively broad interpretation of the concept of joint controllers, in terms of the possibility of converging decisions on the purposes and means of processing within the vehicles discussed.

environmental sciences,environmental studies,green & sustainable science & technology

Alessandro Brighente,Mauro Conti,Denis Donadel,Radha Poovendran,Federico Turrin,Jianying Zhou

DOI: https://doi.org/10.48550/arXiv.2301.04587

2023-01-12

Abstract:Electric Vehicles (EVs) share common technologies with classical fossil-fueled cars, but they also employ novel technologies and components (e.g., Charging System and Battery Management System) that create an unexplored attack surface for malicious users. Although multiple contributions in the literature explored cybersecurity aspects of particular components of the EV ecosystem (e.g., charging infrastructure), there is still no contribution to the holistic cybersecurity of EVs and their related technologies from a cyber-physical system perspective. In this paper, we provide the first in-depth study of the security and privacy threats associated with the EVs ecosystem. We analyze the threats associated with both the EV and the different charging solutions. Focusing on the Cyber-Physical Systems (CPS) paradigm, we provide a detailed analysis of all the processes that an attacker might exploit to affect the security and privacy of both drivers and the infrastructure. To address the highlighted threats, we present possible solutions that might be implemented. We also provide an overview of possible future directions to guarantee the security and privacy of the EVs ecosystem. Based on our analysis, we stress the need for EV-specific cybersecurity solutions.

Cryptography and Security

Ovidiu Vermesan,Reiner John,Patrick Pype,Gerardo Daalderop,Kai Kriegel,Gerhard Mitic,Vincent Lorentz,Roy Bahr,Hans Erik Sand,Steffen Bockrath,Stefan Waldhör

DOI: https://doi.org/10.3389/ffutr.2021.688482

2021-08-26

Frontiers in Future Transportation

Abstract:The automotive sector digitalization accelerates the technology convergence of perception, computing processing, connectivity, propulsion, and data fusion for electric connected autonomous and shared (ECAS) vehicles. This brings cutting-edge computing paradigms with embedded cognitive capabilities into vehicle domains and data infrastructure to provide holistic intrinsic and extrinsic intelligence for new mobility applications. Digital technologies are a significant enabler in achieving the sustainability goals of the green transformation of the mobility and transportation sectors. Innovation occurs predominantly in ECAS vehicles’ architecture, operations, intelligent functions, and automotive digital infrastructure. The traditional ownership model is moving toward multimodal and shared mobility services. The ECAS vehicle’s technology allows for the development of virtual automotive functions that run on shared hardware platforms with data unlocking value, and for introducing new, shared computing-based automotive features. Facilitating vehicle automation, vehicle electrification, vehicle-to-everything (V2X) communication is accomplished by the convergence of artificial intelligence (AI), cellular/wireless connectivity, edge computing, the Internet of things (IoT), the Internet of intelligent things (IoIT), digital twins (DTs), virtual/augmented reality (VR/AR) and distributed ledger technologies (DLTs). Vehicles become more intelligent, connected, functioning as edge micro servers on wheels, powered by sensors/actuators, hardware (HW), software (SW) and smart virtual functions that are integrated into the digital infrastructure. Electrification, automation, connectivity, digitalization, decarbonization, decentralization, and standardization are the main drivers that unlock intelligent vehicles' potential for sustainable green mobility applications. ECAS vehicles act as autonomous agents using swarm intelligence to communicate and exchange information, either directly or indirectly, with each other and the infrastructure, accessing independent services such as energy, high-definition maps, routes, infrastructure information, traffic lights, tolls, parking (micropayments), and finding emergent/intelligent solutions. The article gives an overview of the advances in AI technologies and applications to realize intelligent functions and optimize vehicle performance, control, and decision-making for future ECAS vehicles to support the acceleration of deployment in various mobility scenarios. ECAS vehicles, systems, sub-systems, and components are subjected to stringent regulatory frameworks, which set rigorous requirements for autonomous vehicles. An in-depth assessment of existing standards, regulations, and laws, including a thorough gap analysis, is required. Global guidelines must be provided on how to fulfill the requirements. ECAS vehicle technology trustworthiness, including AI-based HW/SW and algorithms, is necessary for developing ECAS systems across the entire automotive ecosystem. The safety and transparency of AI-based technology and the explainability of the purpose, use, benefits, and limitations of AI systems are critical for fulfilling trustworthiness requirements. The article presents ECAS vehicles’ evolution toward domain controller, zonal vehicle, and federated vehicle/edge/cloud-centric based on distributed intelligence in the vehicle and infrastructure level architectures and the role of AI techniques and methods to implement the different autonomous driving and optimization functions for sustainable green mobility.

D. Geyer,C. Miedl

DOI: https://doi.org/10.51202/9783181023846-447

2021-01-01

Abstract:<p> </p><p>Foreword</p> <p>Start-up future</p> <p>It has felt like Covid-19 had a stranglehold on us. But we haven‘t allowed ourselves to be defeated. On the contrary, we are taking advantage of the opportunities that arise as a result. Not only the long-overdue push towards digitalization, for example, but also the time gained by making fewer journeys. Those who show strength now and position themselves for the future will win. And that is exactly the reason why we have been preparing ELIV 2021 with such a lot of enthusiasm.</p> <p>As usual, we have prepared an up-to-date program with the familiar mixture of technically demanding and strategic papers and are sure that the ELIV platform will once again be a trendsetter for the automotive industry.</p> <p>The CASE megatrends (Connected, Autonomous, Shared, Electric) continue to disrupt the industry. In the Connect environment, there is still a struggle for user-friendly services and competition amongst digital ecosystems is in full swing. The entry of powerful central computers into electronic architectures poses major challenges for all parties involved.</p> <p>On the way from Level 2 to Levels 3, 4 and 5 all manufacturers are cur...</p>

Haiyue Yuan,Ali Raza,Nikolay Matyunin,Jibesh Patra,Shujun Li

2024-10-30

Abstract:The development of technologies has prompted a paradigm shift in the automotive industry, with an increasing focus on connected services and autonomous driving capabilities. This transformation allows vehicles to collect and share vast amounts of vehicle-specific and personal data. While these technological advancements offer enhanced user experiences, they also raise privacy concerns. To understand the ecosystem of data collection and sharing in modern vehicles, we adopted the ontology 101 methodology to incorporate information extracted from different sources, including analysis of privacy policies using GPT-4, a small-scale systematic literature review, and an existing ontology, to develop a high-level conceptual graph-based model, aiming to get insights into how modern vehicles handle data exchange among different parties. This serves as a foundational model with the flexibility and scalability to further expand for modelling and analysing data sharing practices across diverse contexts. Two realistic examples were developed to demonstrate the usefulness and effectiveness of discovering insights into privacy regarding vehicle-related data sharing. We also recommend several future research directions, such as exploring advanced ontology languages for reasoning tasks, supporting topological analysis for discovering data privacy risks/concerns, and developing useful tools for comparative analysis, to strengthen the understanding of the vehicle-centric data sharing ecosystem.

Social and Information Networks,Computers and Society

Akwasi Adu-Kyere,Ethiopia Nigussie,Jouni Isoaho

DOI: https://doi.org/10.3390/s23218817

2023-10-30

Abstract:The inherent dynamism of recent technological advancements in intelligent vehicles has seen multitudes of noteworthy security concerns regarding interactions and data. As future mobility embraces the concept of vehicles-to-everything, it exacerbates security complexities and challenges concerning dynamism, adaptiveness, and self-awareness. It calls for a transition from security measures relying on static approaches and implementations. Therefore, to address this transition, this work proposes a hierarchical self-aware security architecture that effectively establishes accountability at the system level and further illustrates why such a proposed security architecture is relevant to intelligent vehicles. The article provides (1) a comprehensive understanding of the self-aware security concept, with emphasis on its hierarchical security architecture that enables system-level accountability, and (2) a deep dive into each layer supported by algorithms and a security-specific in-vehicle black box with external virtual security operation center (VSOC) interactions. In contrast to the present in-vehicle security measures, this architecture introduces characteristics and properties that enact self-awareness through system-level accountability. It implements hierarchical layers that enable real-time monitoring, analysis, decision-making, and in-vehicle and remote site integration regarding security-related decisions and activities.

Lucas Mauser,Stefan Wagner

DOI: https://doi.org/10.1016/j.jss.2024.112220

IF: 3.5

2024-09-20

Journal of Systems and Software

Abstract:Current automotive E/E architectures are subject to significant transformations: Computing-power-intensive advanced driver-assistance systems, bandwidth-hungry infotainment systems, the connection of the vehicle with the internet and the consequential need for cyber-security drives the centralization of E/E architectures. A centralized architecture is often seen as a key enabler to master those challenges. Available research focuses mostly on the different types of E/E architectures and contrasts their advantages and disadvantages. There is a research gap on guidelines for system designers and function developers to analyze the potential of their systems for centralization. The present paper aims to quantify centralization potential reviewing relevant literature and conducting qualitative interviews with industry practitioners. In literature, we identified seven key automotive system properties reaching limitations in current automotive architectures: busload, functional safety, computing power, feature dependencies, development and maintenance costs, error rate, modularity and flexibility. These properties serve as quantitative evaluation criteria to estimate whether centralization would enhance overall system performance. In the interviews, we have validated centralization and its fundament - the conceptual systems engineering - as capabilities to mitigate these limitations. By focusing on practical insights and lessons learned, this research provides system designers with actionable guidance to optimize their systems, addressing the outlined challenges while avoiding monolithic architecture. This paper bridges the gap between theoretical research and practical application, offering valuable takeaways for practitioners.

computer science, theory & methods, software engineering

Gerrit Bagschik,Marcus Nolte,Susanne Ernst,Markus Maurer

DOI: https://doi.org/10.1109/itsc.2018.8569398

2018-11-01

Abstract:With an increasing degree of automation, automated vehicle systems become more complex in terms of functional components as well as interconnected hardware and software components. Thus, holistic systems engineering becomes a severe challenge. Emergent properties like system safety are not solely arguable in singular viewpoints such as structural representations of software or electrical wiring (e.g. fault tolerant). This states the need to get several viewpoints on a system and describe correspondences between these views in order to enable traceability of emergent system properties. Today, the most abstract view found in architecture frameworks is a logical description of system functions which structures the system in terms of information flow and functional components. In this article we extend established system viewpoints towards a capability-based assessment of an automated vehicle and conduct an exemplary safety analysis to derive behavioral safety requirements. These requirements can afterwards be attributed to different viewpoints in an architecture frameworks and thus be integrated into a development process for automated vehicles.

Jian Wang,DianGe Yang,XiaoMin Lian

DOI: https://doi.org/10.1049/cp.2016.1165

2016-01-01

Abstract:A vast increase in automotive Electrical/Electronic systems, coupled with related demands on connection, has created an array of new engineering challenges. Strong coupling and correlative relationship between electric/electronic devices are more and more complicated, and the malfunctions and failures are more difficult even no access to detect and locate, which seriously threatens the vehicle safety. In addition, motorists' insatiable demand for comfort and convenience features is posing challenges to manufacturers in terms designing reliable vehicle's Electrical/Electronic Architecture. Based on the concept of "body and brain", a brand new Electrical/Electronic Architecture is introduced, which is a three-layered architecture. Sense & execution layer is composed of intelligent network nodes, which obtain both in vehicle electric/electronic devices' states and the data from V2X, achieve real-time online diagnosis, and implement the control command to them; Network & Transmission Layer for information transmission between sense & execution layer and Decision Layer; in Decision Layer, central coordination management mechanism is set to analyse all the correlative relationship between the whole vehicle's devices, achieving coordinated control and all-around supervisory of the whole vehicle. This proposed Electrical/Electronic Architecture is demonstrated on a luxury vehicle model that in volume production, and experiments on test bench and sample vehicle are carried out to verify this structure.

Shimaa Bergies,Tawfiq M. Aljohani,Shun-Feng Su,Mahmoud Elsisi

DOI: https://doi.org/10.1109/tsmc.2024.3409314

2024-08-21

IEEE Transactions on Systems Man and Cybernetics Systems

Abstract:In the realm of modern transportation, automated electric vehicles (AEVs) assume a seminal role in realizing the vision of intelligent and electrified mobility. The advancement of AEVs hinges on the utilization of smart Internet of Things (IoT) devices as indispensable components to propel their evolution. These devices not only amplify the operational capabilities of AEVs but also underpin their security in the face of escalating cyber threats. In this regard, this study proposes a novel IoT architectural paradigm, encompassing integration of model predictive control (MPC) and deep neural network (DNN) frameworks. The proposed architecture aims to enhance AEV performance, empowering them to counteract the disruptive impact of erroneous data intrusions that result from cyber breaches. To ensure the timely identification of potential threats without compromising privacy considerations, this study augments the framework to encompass trajectory prediction. This extension is achieved through dynamic programming (DP) to craft effective control strategies governing AEV motions, conjoined with DNNs adept in discerning deviations from projected behavioral norms within AEVs' control signals. This cohesive symbiosis propels the expeditious detection of anomalies indicative of potential security breaches. As data privacy remains a paramount consideration, this work employs Homomorphic Encryption, enabling anomaly score computation on encrypted data, thereby upholding privacy standards. Various test scenarios are conducted to emphasize the effectiveness of the proposed IoT architecture with MPC, DP, and DNN to improve the performance of the AEV. The results attest that the proposed approach can tackle cyberattacks and data loss effectively which enhances the production process and decision making.

automation & control systems,computer science, cybernetics

Marco De Vincenzi,Mert D. Pesé,Chiara Bodei,Ilaria Matteucci,Richard R. Brooks,Monowar Hasan,Andrea Saracino,Mohammad Hamad,Sebastian Steinhorst

2024-11-16

Abstract:The growing reliance on software in vehicles has given rise to the concept of Software-Defined Vehicles (SDVs), fundamentally reshaping the vehicles and the automotive industry. This survey explores the cybersecurity and privacy challenges posed by SDVs, which increasingly integrate features like Over-the-Air (OTA) updates and Vehicle-to-Everything (V2X) communication. While these advancements enhance vehicle capabilities and flexibility, they also come with a flip side: increased exposure to security risks including API vulnerabilities, third-party software risks, and supply-chain threats. The transition to SDVs also raises significant privacy concerns, with vehicles collecting vast amounts of sensitive data, such as location and driver behavior, that could be exploited using inference attacks. This work aims to provide a detailed overview of security threats, mitigation strategies, and privacy risks in SDVs, primarily through a literature review, enriched with insights from a targeted questionnaire with industry experts. Key topics include defining SDVs, comparing them to Connected Vehicles (CVs) and Autonomous Vehicles (AVs), discussing the security challenges associated with OTA updates and the impact of SDV features on data privacy. Our findings highlight the need for robust security frameworks, standardized communication protocols, and privacy-preserving techniques to address the issues of SDVs. This work ultimately emphasizes the importance of a multi-layered defense strategy,integrating both in-vehicle and cloud-based security solutions, to safeguard future SDVs and increase user trust.

Cryptography and Security,Operating Systems

Franco Oberti,Fabrizio Abrate,Alessandro Savino,Filippo Parisi,Stefano Di Carlo

2024-06-30

Abstract:The automotive industry has evolved significantly since the introduction of the Ford Model T in 1908. Today's vehicles are not merely mechanical constructs; they are integral components of a complex digital ecosystem, equipped with advanced connectivity features powered by Artificial Intelligence and cloud computing technologies. This evolution has enhanced vehicle safety, efficiency, and the overall driving experience. However, it also introduces new challenges, notably in cybersecurity. With the increasing integration of digital technologies, vehicles have become more susceptible to cyber-attacks, prompting significant cybersecurity concerns. These concerns include securing sensitive data, protecting vehicles from unauthorized access, and ensuring user privacy. In response, the automotive industry is compelled to adopt robust cybersecurity measures to safeguard both vehicles and data against potential threats. Legislative frameworks such as UNR155 and UNR156 by the United Nations, along with other international regulations, aim to establish stringent cybersecurity mandates. These regulations require compliance with comprehensive cybersecurity management systems and necessitate regular updates and testing to cope with the evolving nature of cyber threats. The introduction of such regulations highlights the growing recognition of cybersecurity as a critical component of automotive safety and functionality. The future of automotive cybersecurity lies in the continuous development of advanced protective measures and collaborative efforts among all stakeholders, including manufacturers, policymakers, and cybersecurity professionals. Only through such concerted efforts can the industry hope to address the dual goals of innovation in vehicle functionality and stringent security measures against the backdrop of an increasingly interconnected digital landscape.

Cryptography and Security

Stefan Marksteiner,Zhendong Ma

DOI: https://doi.org/10.48550/arXiv.1911.06589

2019-11-15

Cryptography and Security

Abstract:The advancing digitalization of vehicles and automotive systems bears many advantages for creating and enhancing comfort and safety-related systems ranging from drive-by-wire, inclusion of advanced displays, entertainment systems up to sophisticated driving assistance and autonomous driving. It, however, also contains the inherent risk of being used for purposes that are not intended for, raging from small non-authorized customizations to the possibility of full-scale cyberattacks that affect several vehicles to whole fleets and vital systems such as steering and engine control. To prevent such conditions and mitigate cybersecurity risks from affecting the safety of road traffic, testing cybersecurity must be adopted into automotive testing at a large scale. Currently, the manual penetration testing processes cannot uphold the increasing demand due to time and cost to test complex systems. We propose an approach for an architecture that (semi-)automates automotive cybersecurity test, allowing for more economic testing and therefore keeping up to the rising demand induced by new vehicle functions as well as the development towards connected and autonomous vehicles.

Gonzalo Munilla Garrido,Kaja Schmidt,Christopher Harth-Kitzerow,Johannes Klepsch,Andre Luckow,Florian Matthes

DOI: https://doi.org/10.1109/BigData52589.2021.9671528

2022-09-12

Abstract:Privacy-enhancing technologies (PETs) are becoming increasingly crucial for addressing customer needs, security, privacy (e.g., enhancing anonymity and confidentiality), and regulatory requirements. However, applying PETs in organizations requires a precise understanding of use cases, technologies, and limitations. This paper investigates several industrial use cases, their characteristics, and the potential applicability of PETs to these. We conduct expert interviews to identify and classify uses cases, a gray literature review of relevant open-source PET tools, and discuss how the use case characteristics can be addressed using PETs' capabilities. While we focus mainly on automotive use cases, the results also apply to other use case domains.

Cryptography and Security

Raúl Pardo,Daniel Le Métayer

2024-09-18

Abstract:Privacy policies define the terms under which personal data may be collected and processed by data controllers. The General Data Protection Regulation (GDPR) imposes requirements on these policies that are often difficult to implement. Difficulties arise in particular due to the heterogeneity of existing systems (e.g., the Internet of Things (IoT), web technology, etc.). In this paper, we propose a method to refine high level GDPR privacy requirements for informed consent into low-level computational models. The method is aimed at software developers implementing systems that require consent management. We mechanize our models in TLA+ and use model-checking to prove that the low-level computational models implement the high-level privacy requirements; TLA+ has been used by software engineers in companies such as Microsoft or Amazon. We demonstrate our method in two real world scenarios: an implementation of cookie banners and a IoT system communicating via Bluetooth low energy.

Cryptography and Security,Software Engineering