User-Centric Security and Privacy Threats in Connected Vehicles: A Threat Modeling Analysis Using STRIDE and LINDDUN

Beata Stingelova, clemens Thaddaus Thrakl, Laura Wronska, Sandra Jedrej-Szymankiewicz, Sajjad Khan, Davor Svetinovic

Publication: Chapter in book/Conference proceedingContribution to conference proceedings

Abstract

The increasing equipment of cars with smart systems and their networking with other devices is leading to a growing network of connected vehicles. Connected cars are Internet of Things (IoT) devices that communicate bidirectionally with other systems, enabling internet access and data exchange. Artificial Intelligence (AI) offers benefits such as autonomous driving, driver assistance programs, and monitoring. The increasing connectivity of cars also brings new risks to users' privacy. Our study focuses on privacy threats in connected cars from a user perspective. Our study provides a comprehensive threat model analysis based on a combination of STRIDE and LINDDUN. We analyze the various threats and vulnerabilities that arise from connecting cars to the internet and other devices, including Vehicle-to-Vehicle (V2V), Vehicle-to-Vloud (V2C), and Vehicle-to-Device (V2D). We conduct our study based on a theoretical model of a modern-day connected vehicle of another study. Our study shows that several types of threats can negatively impact the privacy of connected car users. This encapsulates the potential risks, such as the inadvertent disclosure of personal data due to the vehicle's interconnectedness with other devices, including smartphones, and the subsequent susceptibility to unauthorized access, while also highlighting the need for robust security measures indicated by our comprehensive threat modeling, to safeguard against a wide array of identified cybersecurity threats.
Original languageEnglish
Title of host publication2023 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech)
Subtitle of host publicationAbu Dhabi, United Arab Emirates : 14-17 Nov. 2023
Place of PublicationNew York
PublisherIEEE
Pages0690-0697
ISBN (Electronic)979-8-3503-0460-2
ISBN (Print)979-8-3503-0461-9
DOIs
Publication statusPublished - 25 Dec 2023

Bibliographical note

The 8th IEEE Cyber Science and Technology Congress (CyberSciTech 2023)

Austrian Classification of Fields of Science and Technology (ÖFOS)

  • 102015 Information systems

Cite this