User-Centric Security and Privacy Threats in Connected Vehicles: A Threat Modeling Analysis Using STRIDE and LINDDUN

Beata Stingelova, clemens Thaddaus Thrakl, Laura Wronska, Sandra Jedrej-Szymankiewicz, Sajjad Khan, Davor Svetinovic

Publikation: Beitrag in Buch/KonferenzbandBeitrag in Konferenzband

Abstract

The increasing equipment of cars with smart systems and their networking with other devices is leading to a growing network of connected vehicles. Connected cars are Internet of Things (IoT) devices that communicate bidirectionally with other systems, enabling internet access and data exchange. Artificial Intelligence (AI) offers benefits such as autonomous driving, driver assistance programs, and monitoring. The increasing connectivity of cars also brings new risks to users' privacy. Our study focuses on privacy threats in connected cars from a user perspective. Our study provides a comprehensive threat model analysis based on a combination of STRIDE and LINDDUN. We analyze the various threats and vulnerabilities that arise from connecting cars to the internet and other devices, including Vehicle-to-Vehicle (V2V), Vehicle-to-Vloud (V2C), and Vehicle-to-Device (V2D). We conduct our study based on a theoretical model of a modern-day connected vehicle of another study. Our study shows that several types of threats can negatively impact the privacy of connected car users. This encapsulates the potential risks, such as the inadvertent disclosure of personal data due to the vehicle's interconnectedness with other devices, including smartphones, and the subsequent susceptibility to unauthorized access, while also highlighting the need for robust security measures indicated by our comprehensive threat modeling, to safeguard against a wide array of identified cybersecurity threats.
OriginalspracheEnglisch
Titel des Sammelwerks2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
Untertitel des SammelwerksAbu Dhabi, United Arab Emirates : 14-17 Nov. 2023
ErscheinungsortNew York
VerlagIEEE
Seiten0690-0697
ISBN (elektronisch)979-8-3503-0460-2
ISBN (Print)979-8-3503-0461-9
DOIs
PublikationsstatusVeröffentlicht - 25 Dez. 2023

Österreichische Systematik der Wissenschaftszweige (ÖFOS)

  • 102015 Informationssysteme

Zitat