Title
Practical security and privacy threat analysis in the automotive domain: Long term support scenario for over-the-air updates
Author
Vasenev, A.
Stahl, F.
Hamazaryan, H.
Ma, Z.
Shan, L.
Kemmerich, J.
Loiseaux, C.
Contributor
Helfert, O. (editor)
Gusikhin, M. (editor)
Publication year
2019
Abstract
Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario "long term support", its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotivespecific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases.
Subject
Infostructures
Information Society
Data Flow Diagram
LINDDUN Methodology
Risk Management
STRIDE Taxonomy
UNECE Threat Catalogue
To reference this document use:
http://resolver.tudelft.nl/uuid:72ac3afa-e9c3-47ae-b2a4-36bef3376a32
DOI
https://doi.org/10.5220/0007764205500555
TNO identifier
867802
Publisher
SciTePress
ISBN
9789897583742
Source
VEHITS 2019 - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019, 3 May 2019 through 5 May 2019, 550-555
Document type
conference paper