Practical security and privacy threat analysis in the automotive domain: Long term support scenario for over-the-air updates
Helfert, O. (editor)
Gusikhin, M. (editor)
Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario "long term support", its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotivespecific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases.
To reference this document use:
Data Flow Diagram
UNECE Threat Catalogue
VEHITS 2019 - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems, 5th International Conference on Vehicle Technology and Intelligent Transport Systems, VEHITS 2019, 3 May 2019 through 5 May 2019, 550-555