Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment
<p>High-level view of Cloud-Assisted Connected and Autonomous Vehicles, adapted from [<a href="#B5-sensors-24-00241" class="html-bibr">5</a>,<a href="#B10-sensors-24-00241" class="html-bibr">10</a>,<a href="#B11-sensors-24-00241" class="html-bibr">11</a>].</p> "> Figure 2
<p>Cloud-Assisted Connected and Autonomous Vehicles Architecture.</p> "> Figure 3
<p>Cloud-Assisted Connected and Autonomous Vehicles—Edge cloud architecture.</p> "> Figure 4
<p>Cloud-Assisted Connected and Autonomous Vehicles—Cloud architecture.</p> "> Figure 5
<p>Literature review and Real-Life threat—analysis.</p> "> Figure 6
<p>CCAV Sankey diagram describing respective trust domains, STRIDE, compromised security requirements, and criticality of the risk.</p> "> Figure 7
<p>Edge and core cloud Sankey diagram describing respective trust domains, STRIDE, compromised security requirements, and criticality of the risk.</p> "> Figure 8
<p>Attack tree capturing attacks from attack taxonomy that illustrates impacts on the generalised CCAV scenario. Further information on Attack taxonomy can be obtained from [<a href="#B8-sensors-24-00241" class="html-bibr">8</a>].</p> "> Figure 9
<p>Mapping trust domains to attack mechanism (vectors).</p> "> Figure 10
<p>Defence taxonomy for CCAV attack mechanisms.</p> "> Figure A1
<p>Mapping of documented threats, vulnerabilities, and attacks from the literature and real-world attacks against STRIDE onto a modified attack taxonomy based on CAPEC-1000 attack mechanisms [<a href="#B8-sensors-24-00241" class="html-bibr">8</a>,<a href="#B154-sensors-24-00241" class="html-bibr">154</a>].</p> "> Figure A2
<p>Detailed defense taxonomy for CCAV attack mechanisms.</p> "> Figure A3
<p>Number of identified threats from the taxonomy against other papers in the literature [<a href="#B3-sensors-24-00241" class="html-bibr">3</a>,<a href="#B23-sensors-24-00241" class="html-bibr">23</a>,<a href="#B25-sensors-24-00241" class="html-bibr">25</a>,<a href="#B27-sensors-24-00241" class="html-bibr">27</a>,<a href="#B29-sensors-24-00241" class="html-bibr">29</a>,<a href="#B34-sensors-24-00241" class="html-bibr">34</a>,<a href="#B39-sensors-24-00241" class="html-bibr">39</a>,<a href="#B40-sensors-24-00241" class="html-bibr">40</a>,<a href="#B50-sensors-24-00241" class="html-bibr">50</a>,<a href="#B51-sensors-24-00241" class="html-bibr">51</a>,<a href="#B52-sensors-24-00241" class="html-bibr">52</a>,<a href="#B53-sensors-24-00241" class="html-bibr">53</a>,<a href="#B54-sensors-24-00241" class="html-bibr">54</a>,<a href="#B55-sensors-24-00241" class="html-bibr">55</a>,<a href="#B56-sensors-24-00241" class="html-bibr">56</a>,<a href="#B57-sensors-24-00241" class="html-bibr">57</a>,<a href="#B58-sensors-24-00241" class="html-bibr">58</a>,<a href="#B59-sensors-24-00241" class="html-bibr">59</a>,<a href="#B60-sensors-24-00241" class="html-bibr">60</a>,<a href="#B61-sensors-24-00241" class="html-bibr">61</a>,<a href="#B62-sensors-24-00241" class="html-bibr">62</a>,<a href="#B63-sensors-24-00241" class="html-bibr">63</a>,<a href="#B64-sensors-24-00241" class="html-bibr">64</a>], adapted from [<a href="#B8-sensors-24-00241" class="html-bibr">8</a>].</p> ">
Abstract
:1. Introduction
2. Background
3. Threat Analysis and Risk Assessment Methods
3.1. Microsoft’s STRIDE/DREAD
3.2. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
3.3. Process for Attack Simulation and Threat Analysis (PASTA)
3.4. Composite Threat Modeling
3.5. Attack Tree
3.6. Analysis of TARA Techniques
4. Adversarial Model
- Threat Agent: The adversarial entity that has set its aims on a particular victim.
- Motivation: The attacker’s motivations in terms of the benefit he seeks by carrying out the attack.
- Adversary Capability: Distinct capability and skills of the adversary.
- Opportunity: Indicates the resources and opportunities that are required for the group of threat agents to identify and exploit the vulnerability.
- Threat: A cyberattack is a hostile act intended to harm, steal, or disrupt digital assets. A cyber threat is an attempt to obtain unauthorized access to, damage, disrupt, or steal an information technology asset, computer network, intellectual property, or other sensitive data.
- Tactic: Tactics are the most abstract level of the MITRE ATT&CK technique. They are the tactical objectives pursued by an adversary during an attack.
- Technique: The ATT&CK model’s tactics outline an adversary’s goal. Each tactic category has an endless variety of techniques and subtechniques.
5. Research Methodology
6. Results
6.1. System Architecture
6.2. STRIDE-DREAD
6.3. Impact on Trust Domains
6.4. Impact on Security Requirements
7. Analysis and Discussion
7.1. Threats and Risks
- Threat Identification and Distribution: This study identifies a variety of threats with some, such as Byzantine attacks and Map database poisoning, exclusively posing ‘Critical’-level risks, while others affect multiple risk levels. This complexity and diversity of threats necessitate ongoing threat intelligence and assessment.
- Risk Identification and Distribution: This research infers high-level risks as ‘Critical’, medium-level risks as ‘Warning’, and low-level risks as ‘Caution’. The findings reveal a significant proportion of ‘Warning’-level risks in both CCAVs and Edge/Cloud systems, constituting 54% and 53%, respectively. While the presence of ‘Critical’-level risks is indeed concerning, the dominance of ‘Warning’-level risks highlights the ongoing security challenge that needs to be managed with a multilayered security strategy. The overlapping impact of threats across all risk categories (’Critical’, ‘Warning’, and ‘Caution’) adds a layer of complexity to the system’s security, emphasizing the need to strategise proactive measures. A threat that is considered ‘Caution’ or low-risk in one scenario might contribute to a ‘Warning’ or ‘Critical’-risk situation in another, depending on the overall security context.
- Refinement of Threat Understanding: Through the use of attack trees, mapping potential attack routes from data flow diagrams, and referencing architecture, our comprehension of potential threats and their vectors would be improved. However, there seems to be an obscurity in the methodology to create security solutions for both hardware and software components, indicating a need for further research and development in this area.
7.2. Security Requirements
- Confidentiality, Integrity, and Availability: Often referred to as the CIA triad, they are revealed as the most frequently compromised security requirements, accounting for a large portion of the total security compromises in Edge/Cloud systems (53.2%) and CCAVs (46.3%). This underscores a fundamental vulnerability in the core security architecture of these systems and the importance of strategic measures to protect the CIA triad.
- Authenticity and Authorization: Authenticity and authorization compromises form a smaller but significant proportion of security compromises. There is a stark difference between Edge/Cloud systems (21.2%) and CCAVs (38.8%), highlighting the unique security challenges of each system. This difference could be indicative of more complex user interaction models or greater reliance on trusted access controls in CCAVs.
- Privacy: Interestingly, privacy compromises occur 9% more frequently in Edge/Cloud systems compared with CCAVs, likely reflecting the shifting threat landscape driven by the value and volume of data processed by these systems. This also emphasizes the growing challenges posed by stringent data privacy regulations and the need for proactive privacy-by-design approaches.
7.3. TARA Limitations
7.4. Attack Tree
8. Countermeasures
8.1. Classification of Trust Domains with Attack Mechanisms
8.2. Defense Taxonomy Based on Attack Mechanisms
8.3. Key CCAV Countermeasures
8.3.1. Hardware Security Module
8.3.2. Cryptographic Solutions—Encryption and Authentication
8.3.3. Software Updates
8.3.4. Anomaly Detection Mechanisms
8.4. Analysis of Countermeasures
- Low- to Medium-Level Risks: It is found that wireless communications can be protected from jamming attacks using preventive measures such as reactive jamming detection techniques, control channel attack prevention, trigger node identification, Hermes node, checking access rights, and TLS encryption, as well as anomaly detection techniques. This research recommends intrusion detection systems with optimized machine learning algorithms to safeguard devices, peripherals, and RSUs against adversarial attacks.
- Medium- to High-Level Risks: It is found that various countermeasures, such as identity management and authentication, protocol and network security, network segmentation, and Zero-Trust architecture, for protecting trust domains such as Physical Input/Output, Data Analysis, Microservice, and Sensors. In addition, the correlation of messages from neighboring vehicles and cross-verification can protect data storage, analysis, and microservices.
9. Conclusions
Author Contributions
Funding
Data Availability Statement
Acknowledgments
Conflicts of Interest
Appendix A
CCAV Reference Architecture | ||||
---|---|---|---|---|
Trust Domain | Data Flow ID | Data Process | Description | Threat Entry/Exit |
V-TD1: Wireless Communication | V2V, V2I, R2V, EC2V, VR, V1, V2, V3, VR | Data Transmission | CAVs communicate with the Edge Cloud, other cars and CAVs, possible technologies linked to road users, infrastructures, and radio stations on a frequent basis, depending on the receiver and transmitter’s position and vicinity. DSRC, 5G, 4G/LTE, and other protocols may be used for sharing data, depending on the application. | Communication Unit (Software and Hardware modules), Antenna, V-TD2, V-TD3, TD4, Radio, EC2V, V2V, V2I |
V-TD2: Infotainment | V1, V5, V6 | Physical Interaction and Data Transmission | It is a group of hardware and software components installed in automobiles that offer audio and visual entertainment. It began with radios with cassette or CD players and has expanded to include navigation systems, video players, USB and Bluetooth connection, internet, and WiFi. Examples include CarPlay and Android Auto. The internal components (Wireless Communication Module, I/O ports, and data storage) can transmit data to this module | Database (eg. SQL), input ports, Wifi, 5G/LTE, V-TD1, V-TD3, V-TD5 |
V-TD3: Data Storage | V2, V4, V5, V7, V9, V10 | Database Access | Vehicles would need storage for data related to audio, video, maps, firmware and its versions, and vehicle status. These records are partitioned and securely stored. | The vehicle’s sensors, monitoring module, physical input/output, and infotainment system supply these data, V-TD1, V-TD2, V-TD5, V-TD4, V-TD9 |
V-TD4: Vehicle Sensors | V3, V4, V11, V13, V19 | Data Processing | Vehicles are often equipped with a plethora of sensors that monitor the vehicle’s motion dynamics and vehicle system. GNSS, LIDAR, RADAR, and cameras are all important sensors for CAVs. Additionally, sensors such as tire pressure monitoring sensors, light sensors, parking sensors, wheel and vehicle speed sensors, and others are considered in this study. | Driver, passengers, environment, V-TD1, V-TD7 |
Physical Interaction | The onboard sensors may be exposed to environment-specific threats, | Environment (e.g., fire, radiation, magnetic waves, thermal elements) | ||
V-TD5: Physical Input/ Outputs | V6, V7, V8, V18, V20 | Physical Interaction | This module refers to the physical inputs and outputs on the device, such as the USB port, the onboard diagnostic port (OBD-II), and Type 1-4 battery chargers. It is difficult to exploit these ports since they need physical access. | V-TD2, V-TD3, V-TD6, V-TD11 |
V-TD6: Monitoring | V7, V8, V9, V15 | Data processing | This module is used to describe the vehicle’s monitoring function. Here, the vehicle’s operation is verified against its specifications, its history is verified, and the vehicle’s maintenance is documented and logged. A good example is the black box, which is available commercially. | V-TD5, V-TD3, V-TD5, V-TD10 |
V-TD7: HMI | V11, V12, V13, V14, V19 | Phy. interaction, data processing and trans. | The Human–Machine Interface (HMI) is a collection of hardware and software elements that enables an individual to engage actively with the CAV system. It may be used as a user interface for steering wheels equipped with sophisticated onboard displays. | V-TD4 |
V-TD8: Energy System | V17, V18 | Physical Interaction | The onboard energy system may be vulnerable to environmental challenges. It mainly consists of batteries and a fuel tank (petrol or diesel) | Environment (eg. Fire, Radiation, Magnetic waves, Thermal elements), V-TD8, V-TD9 |
V-TD9: Actuators | V17, V16 | Data Processing | This module discusses components that have the potential to influence the physical environment. This includes adjusting the wheel speed and angle, activating the brakes, air conditioning, and windows, as well as locking the doors and trunk. | V-TD8, V-TD10 |
Physical Interaction | Physical components receive their energy unit to interact with the environment | Vehicular Environment | ||
V-TD10: Data Analysis | V10, V15, V16 | Data Processing | This module is in charge of conducting an analysis on the data that have been saved. This might be for data localization, object recognition, sensor fusion and analysis, action engine decision-making, vehicle control automation, warning, and basic safety message analysis, as well as vehicular applications. | V-TD8, V-TD10 |
Physical Interaction | Physical components receive their energy unit to interact with the environment | Vehicular Environment | ||
V-TD11 Devices and Peripherals | V2I, V20 | Data Processing and Physical interaction | Smartphones, Bluetooth devices, laptops, and desktop computers are all examples of devices and peripherals. Admins, users, and operators would use these devices to communicate with CCAVs and devices to use the system. These are additional methods via which an adversary may breach the system. COHDA units are used to represent roadside infrastructure. These devices would be utilized by traffic controllers, CAVs, and other edge devices to carry out ITS-based prompts. | Environment, V2I, V20 |
Edge Cloud Reference Architecture | ||||
---|---|---|---|---|
Trust Domain | Data Flow ID | Data Process | Description | Threat Entry/Exit |
E-TD1: Wireless Communication | E1, E2, V2EC-1, I2I, | Data Transmission | The communication module presented here is expected to establish wireless connections with nearby automobiles, cloud technologies, RSI, and other peripheral devices through a cellular network or DSRC. They are also linked through fiber-optic cables to the Wide Area Network (WAN). | Communication Unit (Software and Hardware modules), Antenna, E-TD2, E-TD3, CAVS, and Other Edge Clouds |
E-TD3: API | E2, E3, E6 | Data transmission and interaction | Application Program Interfaces (APIs) are used by users and software modules to obtain access to a specific service. | E-TD1, E-TD2, E-TD6 |
E-TD2: Microservices | E1, E3, E4 | Data Processing and data transmission | The microservices module is in charge of offering services that are composed of multiple services. They are well-known for providing unique services through facilitating scalability and testing. For example, intersection management. | E-TD1, E-TD3, E-TD5 |
E-TD4: Physical I/O | E15, E16, E7 | Phy. interaction and data trans. | Connection to the edge infrastructure is made possible via the physical IO ports. Physical security mechanisms should be used to protect these ports from physical attacks. Users connecting over these ports should be properly authenticated, and digital records of these connection attempts should be maintained. | E-TD6, E-TD7, E-TD11 |
E-TD5: Process and Data Analysis | E4, E5, E11, E8, E9 | Data Processing | Actuators on the edge may have an effect on the surroundings. The edge may be capable of altering the behavior and security of cars. | E-TD2, E-TD6, E-TD9 |
E-TD6: Data Storage | E5, E6, E11, E12, E13, E16 | Database access | Data storage at the edge will be centralized in a single piece of memory hardware. Due to its exposure to manipulation, it is critical to provide safeguards such as encryption, access control, and authentication to the whole disk to prevent threats. | E-TD3, E-TD4, E-TD5, E-TD9, E-TD10 |
E-TD7: Energy System | E7 | Physical Interaction | Electricity will be used to power edge systems. Alternative energy sources (such as batteries and renewable energy sources such as solar) may be employed in places where supplying electricity is difficult. | E-TD4 |
E-TD8: Actuators | E8, E10 | Physical Interaction | Actuators on the edge may have an effect on the surroundings. The edge may be capable of altering the behavior and security of cars. | Environment (eg. Fire, Radiation, Magnetic waves, Thermal elements), E-TD5, E-TD12 |
E-TD9: Monitoring | E9, E12 | Data Processing | Both the edge and the cloud will need to keep track of their activities. This enables analysts to comprehend why a certain series of events happened. They will also be required to comprehend the system’s performance characteristics. | E-TD5 |
E-TD10: Sensors | E13, E14 | Data Processing and Transmission | The edge is equipped with both internal and exterior sensors. Individual devices inside an edge may have sensors that provide information about the status of the environment within the systems. Meanwhile, external sensors may provide information about the edge of its environment, such as its surroundings. | E-TD6, E-TD12 |
E-TD11: Devices | E15 | Data Processing and Transmission | Smartphones, Bluetooth devices, laptops, and desktop computers are all examples of devices and peripherals. Admins and operators would use these devices to communicate with the edge in order to maintain or operate the system. These are additional methods via which an adversary may breach the system. | E-TD4 |
E-TD12: Roadside Infrastructures | E10, E14, RV | Physical Interaction, Data Processing, and Transmission | COHDA units are used to represent roadside infrastructure. These devices would be utilized by traffic controllers, CAVs, and other edge devices to carry out ITS activities. | E-TD10, CAVS |
CCAV Reference Architecture | ||||
---|---|---|---|---|
Trust Domain | Data Flow ID | Data Process | Description | Threat Entry/Exit |
C-TD1: Wireless Communication | EC2C, T2C, C1, C2 | Data Transmission | Cloud communication presents a significant challenge due to the need for advanced scalability, performance, dependability, durability, and resilience. To achieve optimal results, the cloud must feature a sophisticated architecture consisting of multiple edge clouds interconnected via multiple gateways, operating with maximum efficiency. | Communication Unit (Software and Hardware modules), Antenna, Third-Party Cloud Services, Edge Clouds |
C-TD2: Data analysis | C4, C5, C7 | Data Processing and Data Transmission | Advanced data analysis in the cloud due to large data volume enables various functionalities such as traffic control and timely distribution. The cloud predicts future trends by evaluating data from edge requests. | C-TD3, C-TD5, C-TD6 |
C-TD3: Microservices | C1, C3, C4 | Data Processing and Data Transmission | The microservices module is responsible for delivering services comprised of multiple individual services. It is renowned for its ability to provide unique services while promoting scalability and ease of testing. For example, intersection management. | C-TD3, C-TD5, C-TD6 |
C-TD4: APIs | C2, C3 | Physical Interaction and Data Transmission | Application Program Interfaces (APIs) are used by users and software modules to obtain access to a specific service. | C-TD1, C-TD3 |
C-TD5: Data Storage | C6, C7, C8 | Data Processing | Edge data storage will be centralized in memory hardware. Given its susceptibility to manipulation-based attacks, it is imperative to implement security measures such as encryption, access control, and authentication to secure the entire disk. The edge’s actuators can impact the environment and have the potential to modify the behavior and security of vehicles. | C-TD2, C-TD3, C-TD7 |
C-TD6: Monitoring and Logging | C5 | Data Processing | Cloud-based decisions made while monitoring the environment, traffic, and other characteristics are saved for future verification. This would allow assessment in the event of a system anomaly or real-world mishap. This is a characteristic of accountability. | C-TD2 |
C-TD7: Physical I/O | C9 | Physical Interaction | Connection to the Cloud infrastructure is made possible via the physical IO ports. Traffic operators connect over these ports to access, update, create, delete, and maintain services. Such personnel should be properly authenticated, and digital records of these connection attempts are to be maintained. | C-TD5, Traffic operator input/output |
C-TD8: Energy Systems | C10 | Physical Interaction | Cloud data storage is vulnerable to natural disasters, power outages, cyberattacks, and human errors that can cause data loss and breaches. Energy providers must implement security measures, backups, and redundancies with disaster recovery plans while being informed of current threats. | Environment(e.g., fire, radiation, magnetic waves, thermal elements) or insider threats |
Trust Domain | STRIDE | Security Req. | Entry Point | Threat Desc. | Impact | Countermeasures | D | R | E | A | D | Risk |
---|---|---|---|---|---|---|---|---|---|---|---|---|
V-TD1: Wireless Communication (WiFi, Cellular, 5G/LTE) | S |
| Wireless Communication (WiFi, 5G/LTE) | Spoofing wireless communication protocol |
| The system must be able to detect at run-time that code has been added or changed | 3 | 3 | 3 | 4 | 3 | 3.2 |
D | Availability | Wireless Communication Module (WiFi, 5G/LTE) | Jamming wireless communication channel [65,66,67,68] | An adversary may jam the specific channel or the environment may influence the signals | Jamming detection and prevention techniques such as the following:
| 4 | 4 | 4 | 5 | 4 | 4.2 | |
E | Authorization | Wireless Communication Module (WiFi, 5G/LTE) | A malicious adversary/bot may gain additional privileges [69,70,71] | An adversary user may gain privileges to perform network propagation | The system must check if the access rights of the system have any malicious modifications | 5 | 3 | 1 | 5 | 4 | 3.6 | |
T, R, I | Confidentiality, Nonrepudiation, Integrity, Privacy | Wireless Communication Module (WiFi, 5G/LTE) | MITM in wireless communication (Frame injection, Data replay, Brute force) [54,60,70,71,72,73,74,75,76] | Running traditional man-in-the-middle attack tools on a suspicious twin node to intercept TCP sessions (compromising confidentiality) | TLS encryption, RADIUS authentication server | 5 | 3 | 3 | 4 | 2 | 3.4 | |
E | Authorization | Long-range cellular wireless access [77] |
|
|
| 5 | 2 | 1 | 5 | 4 | 3.4 | |
V-TD2: Infotainment, V-TD7: HMI | S, T, I, D, E |
|
|
|
|
| 5 | 2 | 2 | 3 | 5 | 3.4 |
T, D |
|
|
|
|
| 3 | 3 | 3 | 3 | 4 | 3.2 | |
V-TD3: Data Storage | S, T |
|
|
|
|
| 5 | 2 | 2 | 3 | 5 | 3.4 |
V-TD4: Vehicle Sensors | S, T, E |
| Camera [77] |
|
| 5 | 5 | 5 | 4 | 5 | 4.8 | |
S, T |
| Ultrasonic [95] |
|
|
| 5 | 5 | 4 | 4 | 5 | 4.6 | |
S |
| LIDAR [77,96,97] |
|
|
| 5 | 5 | 4 | 4 | 5 | 4.6 | |
D |
| Global Navigation Satellite System (GNSS) [98] |
|
|
| 4 | 3 | 4 | 4 | 4 | 3.8 | |
S |
| Global Navigation Satellite System (GNSS) [98] |
|
|
| 4 | 3 | 4 | 4 | 3 | 3.6 | |
S, T, I, E |
| Auxiliary Sensors: Vehicle’s custom telematics features such as UConnect. This includes onboard connectivity features using wireless sensors and CAN bus vulnerabilities |
|
|
| 3 | 3 | 1 | 3 | 3 | 2.6 | |
V-TD5: Physical Input/Outputs | T, I |
|
|
|
|
| 5 | 4 | 4 | 3 | 4 | 4 |
V-TD6: Monitoring | E |
| White-box and black-box attack |
|
|
| 4 | 3 | 2 | 2 | 3 | 2.8 |
V-TD8: Energy System | D |
| Energy and fuel storage, power generation |
|
|
| 5 | 4 | 1 | 5 | 5 | 4 |
V-TD9: Actuators | S, T, D, E |
| Body Control Module (BCM) |
|
|
| 5 | 1 | 1 | 3 | 5 | 3 |
S, T, D, E |
| Electronic Control Module (ECM) |
|
|
| 5 | 1 | 1 | 3 | 5 | 3 | |
S, T, D, E |
| Electronic Brake Control Module (EBCM) |
|
|
| 5 | 1 | 1 | 3 | 5 | 3 | |
S, T, D, E |
| Autolock feature for doors, trunk, charging port, and fuel lid—passive keyless entry system—key fob [116] |
|
|
| 5 | 3 | 3 | 4 | 5 | 4 | |
E |
| Autolock doors and trunk—passive keyless entry system—key fob [77] |
|
|
| 5 | 3 | 3 | 4 | 5 | 4 | |
V-TD10: Data Analysis | R, I |
|
|
|
| 5 | 4 | 4 | 5 | 3 | 4.2 | |
T, R, I, E |
|
|
|
|
| 5 | 4 | 3 | 5 | 4 | 4.2 | |
V-TD11: Devices and Peripherals | D, E |
|
|
|
|
| 5 | 3 | 3 | 3 | 3 | 3.4 |
S, T, I |
|
|
|
|
| 3 | 4 | 3 | 3 | 3 | 3.2 |
Trust Domain | STRIDE | Security Req. | Entry Point | Threat Desc. | Impact | Countermeasures | D | R | E | A | D | Risk |
---|---|---|---|---|---|---|---|---|---|---|---|---|
E-TD1, C-TD1 Edge/Cloud Communication (Wifi, Cellular, 5G/LTE) | D |
| Wireless communication (WiFi, 5G/LTE) | Denial of Service and distributed DoS by wireless jamming |
| Protocols and services can be designed to operate in an autonomous or semiautonomous manner | 3 | 3 | 3 | 4 | 3 | 3.2 |
S, T, I |
| Wireless Communication Module (WiFi, 5G/LTE) |
| Gateway compromised and access to internal network interfaces. Dangerous attack | Jamming detection and prevention techniques, such as the following:
| 4 | 3 | 1 | 3 | 3 | 2.8 | |
E |
| Wireless Communication Module (Wifi, 5G/LTE) | Rogue gateway: open system where any devices can be part of the system | An adversary may gain privileges to propagate the network and create personal cloudlets | The system must check if the access rights of the system have any malicious modifications | 5 | 2 | 1 | 4 | 2 | 2.4 | |
E-TD2, C-TD3: Microservices | D |
| Wireless communication, virtualization servers | Physical damage: the systems may not be guarded as they may be managed by the service provider |
|
| 5 | 3 | 2 | 5 | 1 | 3.2 |
I |
| Privacy leakage: internal threats and honest but curious actors may attempt to access the information [66,78] | 4 | 4 | 2 | 4 | 5 | 3.8 | ||||
E |
| Privilege escalation: infrastructure could be misconfigured | 4 | 3 | 2 | 4 | 2 | 3 | ||||
T, I |
|
| 5 | 2 | 2 | 5 | 2 | 3.2 | ||||
E-TD3, C-TD4: API | I |
| Local infrastructure interface, vehicle-to-car interfaces | Privacy leakage: internal threats and honest but curious actors may attempt to access the information [66,68,78,104] |
|
| 3 | 4 | 3 | 4 | 5 | 3.8 |
E |
| Privilege escalation: infrastructure could be misconfigured | 4 | 3 | 2 | 4 | 2 | 3 | ||||
T, I |
| Service manipulation such as amending the functions of a CAV application [138] | 5 | 2 | 2 | 5 | 2 | 3.2 | ||||
T, I |
| Rogue services | 5 | 2 | 2 | 5 | 2 | 3.2 | ||||
E-TD4, C-TD7: Physical Input/Outputs | T, R, I, E |
| Edge ports with devices and peripherals |
|
|
| 5 | 5 | 4 | 5 | 3 | 4.4 |
E-TD5, C-TD2: Edge Process and Data Analysis | T, R |
| Wrong data, protocols and data from communication, microservices, and data storage module [54,75] |
|
|
| 4 | 3 | 3 | 5 | 3 | 3.6 |
E-TD6, C-TD5: Data Storage | T, I |
|
|
|
|
| 5 | 3 | 3 | 5 | 3 | 3.8 |
E-TD7, CTD8: Energy System | D |
| Energy and Fuel Storage, Power Generation |
|
|
| 5 | 5 | 5 | 5 | 5 | 5 |
E-TD8: Actuators | D |
| Edge processing and physical access |
|
|
| 4 | 3 | 2 | 4 | 4 | 3.4 |
E-TD9, C-TD6: Monitoring | E |
| White-box and black-box attack | The adversarial model is more effective at producing successful mispredictions of signboards at a quicker pace and with a larger likelihood of failure [111]
|
| Intrusion detection system with better machine learning algorithms that could predict images based on the following [94]:
| 3 | 2 | 3 | 4 | 2 | 2.8 |
E-TD10: Edge Sensors | S, T, D |
| Internal sensors which relies on the network layer [151] |
|
|
| 3 | 3 | 3 | 3 | 2 | 2.8 |
S, T, R, D, E |
| External sensors include rain sensors, pH sensors, smart meters, temperature sensors, humidity sensors, sound sensors, vibration sensors, chemical sensors, and pressure sensors [151] |
| 4 | 4 | 3 | 4 | 3 | 3.4 | |||
E-TD11: Devices | T, I |
| User devices (insider, guest, bring-your-own-device for employees) [77] |
|
|
| 3 | 4 | 3 | 3 | 3 | 3.2 |
E-TD12: Roadside Infrastructure | E |
| These devices could be end-notes such as COHDA units or internet-of-things devices |
|
|
| 4 | 4 | 3 | 3 | 4 | 3.6 |
References
- Arthurs, P.; Gillam, L.; Krause, P.; Wang, N.; Halder, K.; Mouzakitis, A. A taxonomy and survey of edge cloud computing for intelligent transportation systems and connected vehicles. IEEE Trans. Intell. Transp. Syst. 2021, 23, 6206–6221. [Google Scholar] [CrossRef]
- Gillam, L.; Katsaros, K.; Dianati, M.; Mouzakitis, A. Exploring edges for connected and autonomous driving. In Proceedings of the IEEE INFOCOM 2018—IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Honolulu, HI, USA, 15–19 April 2018; pp. 148–153. [Google Scholar]
- Sheikh, M.S.; Liang, J. A comprehensive survey on VANET security services in traffic management system. Wirel. Commun. Mob. Comput. 2019, 2019, 2423915. [Google Scholar] [CrossRef]
- Maple, C. Security and privacy in the internet of things. J. Cyber Policy 2017, 2, 155–184. [Google Scholar] [CrossRef]
- Maple, C.; Bradbury, M.; Le, A.T.; Ghirardello, K. A connected and autonomous vehicle reference architecture for attack surface analysis. Appl. Sci. 2019, 9, 5101. [Google Scholar] [CrossRef]
- Sheik, A.T.; Atmaca, U.I.; Maple, C.; Epiphaniou, G. Challenges in threat modelling of new space systems: A teleoperation use-case. Adv. Space Res. 2022, 70, 2208–2226. [Google Scholar] [CrossRef]
- HM Government. Connected & Automated Mobility 2025: Realising the Benefits of Self-Driving Vehicles in the UK. Available online: https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1099173/cam-2025-realising-benefits-self-driving-vehicles.pdf (accessed on 16 October 2023).
- Sheik, A.T.; Maple, C.; Epiphaniou, G.; Dianati, M. Threat Analysis of Platooning—A Cloud Assisted Connected and Autonomous Vehicle Application. Information 2024, 15, 14. [Google Scholar] [CrossRef]
- Shostack, A. Threat Modeling: Designing for Security; John Wiley & Sons: Hoboken, NJ, USA, 2014. [Google Scholar]
- Montanaro, U.; Dixit, S.; Fallah, S.; Dianati, M.; Stevens, A.; Oxtoby, D.; Mouzakitis, A. Towards connected autonomous driving: Review of use-cases. Veh. Syst. Dyn. 2019, 57, 779–814. [Google Scholar] [CrossRef]
- USDOT. VS15: Infrastructure Enhanced Cooperative Adaptive Cruise Control. Available online: https://www.arc-it.net/html/servicepackages/sp190.html#tab-3 (accessed on 16 October 2023).
- Xiong, W.; Lagerström, R. Threat modeling—A systematic literature review. Comput. Secur. 2019, 84, 53–69. [Google Scholar] [CrossRef]
- Khan, R.; McLaughlin, K.; Laverty, D.; Sezer, S. STRIDE-based threat modeling for cyber-physical systems. In Proceedings of the 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe), Turin, Italy, 26–29 September 2017; pp. 1–6. [Google Scholar]
- Alberts, C.; Behrens, S.; Pethia, R.; Wilson, W. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0; Technical Report CMU/SEI-99-TR-017; Software Engineering Institute, Carnegie Mellon University: Pittsburgh, PA, USA, 1999. [Google Scholar]
- Alberts, C.; Dorofee, A.; Stevens, J.; Woody, C. Introduction to the OCTAVE Approach; Technical Report; Carnegie Mellon University Software Engineering Institute: Pittsburgh, PA, USA, 2003. [Google Scholar]
- UcedaVelez, T.; Morana, M.M. Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis; John Wiley & Sons: Hoboken, NJ, USA, 2015. [Google Scholar]
- McCarthy, C.; Harnett, K.; Carter, A. Characterization of Potential Security Threats in Modern Automobiles: A Composite Modeling Approach; Technical Report; National Highway Traffic Safety Administration: Washington, DC, USA, 2014.
- Lallie, H.S.; Debattista, K.; Bal, J. A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 2020, 35, 100219. [Google Scholar] [CrossRef]
- Committee, S.V.E.S.S. SAE J3061-Cybersecurity Guidebook for Cyber-Physical Automotive Systems; SAE—Society of Automotive Engineers: Warrendale, PA, USA, 2016. [Google Scholar]
- Jamil, A.M.; Khan, S.; Lee, J.K.; Othmane, L.B. Towards Automated Threat Modeling of Cyber-Physical Systems. In Proceedings of the 2021 International Conference on Software Engineering & Computer Systems and 4th International Conference on Computational Science and Information Management (ICSECS-ICOCSIM), Pekan, Malaysia, 24–26 August 2021; pp. 614–619. [Google Scholar]
- Shevchenko, N.; Frye, B.; Woody, C. White Paper: Threat Modelling for Cyber-Physical System-of-Systems: Methods Evaluation; Technical Report; Software Engineering Institute, Carnegie Mellon University: Pittsburgh, PA, USA, 2018. [Google Scholar]
- Schneier, B. Secrets and Lies: Digital Security in a Networked World; John Wiley & Sons: Hoboken, NJ, USA, 2015. [Google Scholar]
- Thing, V.L.L.; Wu, J. Autonomous Vehicle Security: A Taxonomy of Attacks and Defences. In Proceedings of the 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber. Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Chengdu, China, 15–18 December 2016. [Google Scholar]
- Zhao, M. Advanced driver assistant system, threats, requirements, security solutions. Intel Labs 2015, 2–3. [Google Scholar]
- Petit, J.; Shladover, S.E. Potential Cyberattacks on Automated Vehicles. IEEE Trans. Intell. Transp. Syst. 2014, 16, 546–556. [Google Scholar] [CrossRef]
- Miller, C.; Valasek, C. Remote exploitation of an unaltered passenger vehicle. Black Hat 2015, 2015, 1–91. [Google Scholar]
- Hamida, E.; Noura, H.; Znaidi, W. Security of Cooperative Intelligent Transport Systems: Standards, Threats Analysis and Cryptographic Countermeasures. Electronics 2015, 4, 380–423. [Google Scholar] [CrossRef]
- Javed, M.A.; Hamida, E.B.; Znaidi, W. Security in Intelligent Transport Systems for Smart Cities: From Theory to Practice. Sensors 2016, 16, 879. [Google Scholar] [CrossRef] [PubMed]
- Sakiz, F.; Sen, S. A survey of attacks and detection mechanisms on intelligent trasnportation system—VANETS and IoV. Hoc Netw. 2017, 61, 33–50. [Google Scholar] [CrossRef]
- Bariah, L.; Shehada, D.; Salahat, E.; Yeun, C.Y. Recent advances in VANET security: A survey. In Proceedings of the 2015 IEEE 82nd Vehicular Technology Conference (VTC2015-fall), Boston, MA, USA, 6–9 September 2015; pp. 1–7. [Google Scholar]
- Hoppe, T.; Kiltz, S.; Dittmann, J. Security threats to automotive CAN networks—Practical examples and selected short-term countermeasures. Reliab. Eng. Syst. Saf. 2011, 96, 11–25. [Google Scholar] [CrossRef]
- La, V.H.; Cavalli, A. Security Attacks and Solutions in Vehicular Ad Hoc Networks: A Survey. Int. J. Adhoc Netw. Syst. 2014, 4, 1–20. [Google Scholar] [CrossRef]
- Amoozadeh, M.; Raghuramu, A.; Chuah, C.N.; Ghosal, D.; Zhang, H.M.; Rowe, J.; Levitt, K. Security vulnerabilities of connected vehicle streams and their impact on cooperative driving. IEEE Commun. Mag. 2015, 53, 126–132. [Google Scholar] [CrossRef]
- Engoulou, R.G.; Bellaïche, M.; Pierre, S.; Quintero, A. VANET security surveys. Comput. Commun. 2014, 44, 1–13. [Google Scholar] [CrossRef]
- Burt, A. Privacy and cybersecurity are converging. Here’s why that matters for people and for companies. Harv. Bus. Rev. 2019, 10, 1–6. [Google Scholar]
- Petit, J.; Feiri, B.S.M.; Kargl, F. Remote Attacks on Automated Vehicles Sensors Experiments on Camera and LiDAR. Experiments on Camera and Lidar. Black Hat 2015, 11, 995. [Google Scholar]
- Garip, M.T.; Gursoy, M.E.; Reiher, P.; Gerla, M. Congestion attacks to autonomous cars using vehicular botnets. In Proceedings of the NDSS Workshop on Security of Emerging Networking Technologies (SENT), San Diego, CA, USA, 8–11 February 2015. [Google Scholar]
- National Highway Traffic Safety Administration. Cybersecurity Best Practices for Modern Vehicles; Report No. DOT HS; National Highway Traffic Safety Administration: Washington, DC, USA, 2016; Volume 812, pp. 17–20.
- Mejri, M.N.; Ben-Othman, J.; Hamdi, M. Survey on VANET security challenges and possible cryptographic solutions. Veh. Commun. 2014, 1, 53–66. [Google Scholar] [CrossRef]
- Studnia, I.; Nicomette, V.; Alata, E.; Deswarte, Y.; Kaâniche, M.; Laarouchi, Y. Survey on security threats and protection mechanisms in embedded automotive networks. In Proceedings of the 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W), Budapest, Hungary, 24–27 June 2013; pp. 1–12. [Google Scholar]
- Hubaux, J.P.; Capkun, S.; Jun, L. The security and privacy of smart vehicles. IEEE Secur. Priv. 2004, 2, 49–55. [Google Scholar] [CrossRef]
- Khodaei, M.; Papadimitratos, P. The key to intelligent transportation: Identity and credential management in vehicular communication systems. IEEE Veh. Technol. Mag. 2015, 10, 63–69. [Google Scholar] [CrossRef]
- Eiza, M.H.; Ni, Q. Driving with Sharks: Rethinking Connected Vehicles with Vehicle Cybersecurity. IEEE Veh. Technol. Mag. 2017, 12, 45–51. [Google Scholar] [CrossRef]
- Othmane, L.B.; Fernando, R.; Ranchal, R.; Bhargava, B.; Bodden, E. Likelihoods of Threats to Connected Vehicles. Int. J. Next-Gener. Comput. 2014, 5, 290–303. [Google Scholar]
- ABI. Connected Vehicle Cloud Platforms. Available online: https://www.abiresearch.com/market-research/product/1022093-connected-vehicle-cloud-platforms/ (accessed on 16 October 2023).
- Senior, S.; Rec, C.; Nishar, H.; Horton, T. AWS Connected Vehicle Solution; Amazon: Seattle, WA, USA, 2018. [Google Scholar]
- Fu, Z.; Hu, W.; Tan, T. Similarity based vehicle trajectory clustering and anomaly detection. In Proceedings of the IEEE International Conference on Image Processing 2005, Genova, Italy, 11–14 September 2005; Volume 2, p. II-602. [Google Scholar]
- Mullins, J. Ring of steel II-New York City gets set to replicate London’s high-security zone. IEEE Spectr. 2006, 43, 12–13. [Google Scholar] [CrossRef]
- Müter, M.; Groll, A.; Freiling, F.C. A structured approach to anomaly detection for in-vehicle networks. In Proceedings of the 2010 Sixth International Conference on Information Assurance and Security, Atlanta, GA, USA, 23–25 August 2010; pp. 92–98. [Google Scholar]
- Parkinson, S.; Ward, P.; Wilson, K.; Miller, J. Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges. IEEE Trans. Intell. Transp. Syst. 2017, 18, 2898–2915. [Google Scholar] [CrossRef]
- Raya, M.; Hubaux, J.P. Securing vehicular ad hoc networks. J. Comput. Secur. 2007, 15, 39–68. [Google Scholar] [CrossRef]
- Al-Kahtani, M.S. Survey on security attacks in vehicular ad hoc networks (VANETs). In Proceedings of the 2012 6th International Conference on Signal Processing and Communication Systems, Gold Coast, QLD, Australia, 12–14 December 2012; pp. 1–9. [Google Scholar]
- Gillani, S.; Shahzad, F.; Qayyum, A.; Mehmood, R. A survey on security in vehicular ad hoc networks. In Proceedings of the Communication Technologies for Vehicles: 5th International Workshop, Nets4Cars/Nets4Trains 2013, Villeneuve d’Ascq, France, 14–15 May 2013; Proceedings 5. Springer: Berlin/Heidelberg, Germany, 2013; pp. 59–74. [Google Scholar]
- Othmane, L.B.; Weffers, H.; Mohamad, M.M.; Wolf, M. A survey of security and privacy in connected vehicles. In Wireless Sensor and Mobile Ad-Hoc Networks: Vehicular and Space Applications; Springer: Berlin/Heidelberg, Germany, 2015; pp. 217–247. [Google Scholar]
- Yan, G.; Wen, D.; Olariu, S.; Weigle, M.C. Security challenges in vehicular cloud computing. IEEE Trans. Intell. Transp. Syst. 2013, 14, 284–294. [Google Scholar] [CrossRef]
- Siegel, J.E.; Erb, D.C.; Sarma, S.E. A Survey of the Connected Vehicle Landscape–Architectures, Enabling Technologies, Applications, and Development Areas. IEEE Trans. Intell. Transp. Syst. 2017, 99, 1–16. [Google Scholar] [CrossRef]
- Hasrouny, H.; Samhat, A.E.; Bassil, C.; Laouiti, A. VANet security challenges and solutions: A survey. Veh. Commun. 2017, 7, 7–20. [Google Scholar] [CrossRef]
- Boumiza, S.; Braham, R. Intrusion threats and security solutions for autonomous vehicle networks. In Proceedings of the 2017 IEEE/ACS 14th International Conference on Computer Systems and Applications (AICCSA), Hammamet, Tunisia, 30 October–3 November 2017; pp. 120–127. [Google Scholar]
- Kelarestaghi, K.B.; Foruhandeh, M.; Heaslip, K.; Gerdes, R. Survey on vehicular ad hoc networks and its access technologies security vulnerabilities and countermeasures. arXiv 2019, arXiv:1903.01541. [Google Scholar]
- Sommer, F.; Dürrwang, J.; Kriesten, R. Survey and classification of automotive security attacks. Information 2019, 10, 148. [Google Scholar] [CrossRef]
- Jadhav, S.; Kshirsagar, D. A survey on security in automotive networks. In Proceedings of the 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), Pune, India, 16–18 August 2018; pp. 1–6. [Google Scholar]
- Yoshizawa, T.; Preneel, B. Survey of security aspect of v2x standards and related issues. In Proceedings of the 2019 IEEE Conference on Standards for Communications and Networking (CSCN), Granada, Spain, 28–30 October 2019; pp. 1–5. [Google Scholar]
- Masood, A.; Lakew, D.S.; Cho, S. Security and privacy challenges in connected vehicular cloud computing. IEEE Commun. Surv. Tutorials 2020, 22, 2725–2764. [Google Scholar] [CrossRef]
- Sun, X.; Yu, F.R.; Zhang, P. A survey on cyber-security of connected and autonomous vehicles (CAVs). IEEE Trans. Intell. Transp. Syst. 2021, 23, 6240–6259. [Google Scholar] [CrossRef]
- Guzman, Z. Hackers Remotely Kill Jeep’s Engine on Highway. Available online: https://www.cnbc.com/2015/07/21/hackers-remotely-kill-jeep-engine-on-highway.html (accessed on 16 October 2023).
- Skygo. Security Research Report on Mercedes Benz Cars—SkyGo Blog. Available online: https://skygo.360.net/archive/Security-Research-Report-on-Mercedes-Benz-Cars-en.pdf (accessed on 16 October 2023).
- Thoughts, B.Y. Man Block ETC with Melon Seed Bags and Evades Fees 22 Times over 40,000 in 3 Months. Available online: https://www.youtube.com/watch?v=Bzw7pA0rHCk (accessed on 16 October 2023).
- Curry, S. More Car Hacking! Available online: https://twitter.com/samwcyo/status/1597792097175674880 (accessed on 16 October 2023).
- Finkle, J.; Woodall, B. Researcher Says Can Hack GM’s OnStar App, Open Vehicle, Start Engine. Available online: https://www.reuters.com/article/us-gm-hacking-idUSKCN0Q42FI20150730 (accessed on 16 October 2023).
- Lodge, D. Hacking the Mitsubishi Outlander Phev Hybrid. Available online: https://www.pentestpartners.com/security-blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/ (accessed on 16 October 2023).
- Computest. Car Hack Project Volkswagen/Audi. Available online: https://www.computest.nl/en/knowledge-platform/rd-projects/car-hack/ (accessed on 16 October 2023).
- Tencent. Tesla Model S Wi-Fi Protocol Stack Vulnerability. Available online: https://v.qq.com/x/page/v304513meir.html (accessed on 16 October 2023).
- BlackHat. Multiple Vulnerabilities Disclosed in Black Hat VW ID Series. Available online: https://www.blackhat.com/eu-22/ (accessed on 16 October 2023).
- Vakhter, V.; Soysal, B.; Schaumont, P.; Guler, U. Threat modeling and risk analysis for miniaturized wireless biomedical devices. IEEE Internet Things J. 2022, 9, 13338–13352. [Google Scholar] [CrossRef]
- Arif, M.; Wang, G.; Bhuiyan, M.Z.A.; Wang, T.; Chen, J. A survey on security attacks in VANETs: Communication, applications and challenges. Veh. Commun. 2019, 19, 100179. [Google Scholar] [CrossRef]
- Vasconcelos Filho, Ê.; Severino, R.; Salgueiro dos Santos, P.M.; Koubaa, A.; Tovar, E. Cooperative vehicular platooning: A multi-dimensional survey towards enhanced safety, security and validation. Cyber-Phys. Syst. 2023, 1–53. [Google Scholar] [CrossRef]
- Francillon, A.; Danev, B.; Capkun, S. Relay attacks on passive keyless entry and start systems in modern cars. In Proceedings of the Network and Distributed System Security Symposium (NDSS), Zürich, Switzreland, 21–25 February 2011; Volume 2011. [Google Scholar]
- Norte, J.C. Hacking Industrial Vehicles from the Internet. Available online: http://jcarlosnorte.com/security/2016/03/06/hacking-tachographs-from-the-internets.html (accessed on 16 October 2023).
- Mazloom, S.; Rezaeirad, M.; Hunter, A.; McCoy, D. A Security Analysis of an In-Vehicle Infotainment and App Platform. In Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT 16), Austin, TX, USA, 8–9 August 2016. [Google Scholar]
- Obzy. BMW 330I 2011 Format String DOS Vulnerability(CVE-2017-9212). Available online: https://twitter.com/__obzy__/status/864704956116254720 (accessed on 16 October 2023).
- CISA. ICS Advisory. Available online: https://nvd.nist.gov/vuln/detail/CVE-2017-9212 (accessed on 16 October 2023).
- Samcurry. Cracking My Windshield and Earning $10,000 on the Tesla Bug Bounty Program. Available online: https://bit.ly/3XXgJFC (accessed on 16 October 2023).
- Cylect. Dosla—Tesla Vulnerability—CVE-2020-10558 | cylect.io. Available online: https://cylect.io/blog/cybr-2/dosla-tesla-vulnerability-cve-2022-10558-1 (accessed on 16 October 2023).
- NIST. CVE-2020-28656 Detail. Available online: https://nvd.nist.gov/vuln/detail/CVE-2020-28656 (accessed on 16 October 2023).
- Tencent. Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars. Available online: https://bit.ly/3R7TBlD (accessed on 16 October 2023).
- GeekPWN. Find a Few Key Keys on Google, and Then Crack Your Own Car? Available online: https://mp.weixin.qq.com/s/-xlV8nPjIy5nUT4Zt4a5rg (accessed on 16 October 2023).
- Dengdeng. Many Car Owners in Shanghai Were Reminded That “There Is a Gunfight on the Road”? Available online: https://mp.weixin.qq.com/s/Zc-_Z0PyZQ8qSvZEXU2U3Q (accessed on 16 October 2023).
- Keen Security Lab. Experimental Security Assessment of BMW Cars by KeenLab. Available online: https://bit.ly/34ICOBC (accessed on 16 October 2023).
- Keen Security Lab. Tencent Security Keen Lab: Experimental Security Assessment of Mercedes-Benz Cars. Available online: https://bit.ly/34Gpqhj (accessed on 16 October 2023).
- Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; Savage, S.; Koscher, K.; Czeskis, A.; Roesner, F.; Kohno, T. Comprehensive experimental analyses of automotive attack surfaces. In Proceedings of the 20th USENIX Security Symposium (USENIX Security 11), San Francisco, CA, USA, 8–12 August 2011. [Google Scholar]
- Sgayou. Subaru Starlink Persistent Root Code Execution. Available online: https://github.com/sgayou/subaru-starlink-research (accessed on 16 October 2023).
- Liu, J. Belgian Security Researchers from KU Leuven and IMEC Demonstrate Serious Flaws in Tesla Model X Keyless Entry System. Available online: https://bit.ly/3XJa81V (accessed on 16 October 2023).
- Zehavi, I.; Shamir, A. Facial Misrecognition Systems: Simple Weight Manipulations Force DNNs to Err Only on Specific Persons. arXiv 2023, arXiv:2301.03118. [Google Scholar]
- Nassi, B.; Nassi, D.; Ben-Netanel, R.; Mirsky, Y.; Drokin, O.; Elovici, Y. Phantom of the ADAS: Phantom Attacks on Driver-Assistance Systems. 2020. Available online: https://eprint.iacr.org/2020/085 (accessed on 16 October 2023).
- Yan, C.; Xu, W.; Liu, J. Can you trust autonomous vehicles: Contactless attacks against sensors of self-driving vehicle. Def. Con. 2016, 24, 109. [Google Scholar]
- Deng, Y.; Zhang, T.; Lou, G.; Zheng, X.; Jin, J.; Han, Q.L. Deep learning-based autonomous driving systems: A survey of attacks and defenses. IEEE Trans. Ind. Inform. 2021, 17, 7897–7912. [Google Scholar] [CrossRef]
- Muhammad, K.; Ullah, A.; Lloret, J.; Del Ser, J.; de Albuquerque, V.H.C. Deep learning for safe autonomous driving: Current challenges and future directions. IEEE Trans. Intell. Transp. Syst. 2020, 22, 4316–4336. [Google Scholar] [CrossRef]
- Pham, M.; Xiong, K. A survey on security attacks and defense techniques for connected and autonomous vehicles. Comput. Secur. 2021, 109, 102269. [Google Scholar] [CrossRef]
- Mukhopadhyay, M.; Sarkar, B.; Chakraborty, A. Augmentation of anti-jam GPS system using smart antenna with a simple DOA estimation algorithm. Prog. Electromagn. Res. 2007, 67, 231–249. [Google Scholar] [CrossRef]
- Purwar, A.; Joshi, D.; Chaubey, V.K. GPS signal jamming and anti-jamming strategy—A theoretical analysis. In Proceedings of the 2016 IEEE Annual India Conference (INDICON), Bangalore, India, 16–18 December 2016; pp. 1–6. [Google Scholar]
- Meng, Q.; Hsu, L.T.; Xu, B.; Luo, X.; El-Mowafy, A. A GPS spoofing generator using an open sourced vector tracking-based receiver. Sensors 2019, 19, 3993. [Google Scholar] [CrossRef]
- Narain, S.; Ranganathan, A.; Noubir, G. Security of GPS/INS based on-road location tracking systems. In Proceedings of the 2019 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 19–23 May 2019; pp. 587–601. [Google Scholar]
- CyberRegulus. Tesla Model S and Model 3 Prove Vulnerable to GPS Spoofing Attacks as Autopilot Navigation Steers Car off Road, Research from Regulus Cyber Shows. Available online: https://bit.ly/3kNhRgM (accessed on 16 October 2023).
- Bitsight. Bitsight Discovers Critical Vulnerabilities in Widely Used Vehicle GPS Tracker. Available online: https://bit.ly/3je70fd (accessed on 16 October 2023).
- AnonymousTV. The Largest Taxi Service in Russia ‘Yandex Taxi’ Was Hacked by the #Anonymous Collective. Available online: https://twitter.com/YourAnonTV/status/1565555525378506752 (accessed on 16 October 2023).
- Warner, J.S.; Johnston, R.G. GPS spoofing countermeasures. Homel. Secur. J. 2003, 25, 19–27. [Google Scholar]
- Mitre. CVE-2020-15912. Available online: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15912 (accessed on 16 October 2023).
- Foster, I.; Prudhomme, A.; Koscher, K.; Savage, S. Fast and vulnerable: A story of telematic failures. In Proceedings of the 9th USENIX Workshop on Offensive Technologies, WOOT, Washington, DC, USA, 10–11 August 2015. [Google Scholar]
- Burakova, Y.; Hass, B.; Millar, L.; Weimerskirch, A. Truck Hacking: An Experimental Analysis of the SAE J1939 Standard. WOOT 2016, 16, 211–220. [Google Scholar]
- Koscher, K.; Czeskis, A.; Roesner, F.; Patel, S.; Kohno, T.; Checkoway, S.; McCoy, D.; Kantor, B.; Anderson, D.; Shacham, H.; et al. Experimental security analysis of a modern automobile. In Proceedings of the 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 16–19 May 2010; pp. 447–462. [Google Scholar]
- Kumar, K.N.; Vishnu, C.; Mitra, R.; Mohan, C.K. Black-box adversarial attacks in autonomous vehicle technology. In Proceedings of the 2020 IEEE Applied Imagery Pattern Recognition Workshop (AIPR), Washington, DC, USA, 13–15 October 2020; pp. 1–7. [Google Scholar]
- Denis, K. Remotely Controlled EV Home Chargers—The Threats and Vulnerabilities. Available online: https://securelist.com/remotely-controlled-ev-home-chargers-the-threats-and-vulnerabilities/89251/ (accessed on 16 October 2023).
- Tencent. Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars. Available online: https://bit.ly/3XIZhos (accessed on 16 October 2023).
- Xie, G.; Yang, L.T.; Yang, Y.; Luo, H.; Li, R.; Alazab, M. Threat analysis for automotive CAN networks: A GAN model-based intrusion detection technique. IEEE Trans. Intell. Transp. Syst. 2021, 22, 4467–4477. [Google Scholar] [CrossRef]
- Smith, C. 2014 Car Hackers Handbook-Open Garages; Theia Labs: Waterloo, ON, Canada, 2014. [Google Scholar]
- Verdult, R.; Garcia, F.D.; Ege, B. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer. In Proceedings of the USENIX Security Symposium, Washington, DC, USA, 14 August 2013; pp. 703–718. [Google Scholar]
- Sina. Volvo, BYD, etc. Were Exposed to the Defect of Anti-Theft System with 1 Minute Keyless Unlocking. Available online: https://finance.sina.com.cn/consume/puguangtai/20151125/155223849739.shtml (accessed on 16 October 2023).
- Greenberg, A. Hackers Can Steal a Tesla Model S in Seconds by Cloning Its Key Fob. Available online: https://www.wired.com/story/hackers-steal-tesla-model-s-seconds-key-fob/ (accessed on 16 October 2023).
- Rosenblatt, S. This Hack Could Take Control of Your Ford—The Parallax. Available online: https://www.the-parallax.com/hacker-ford-key-fob-vulnerability/ (accessed on 16 October 2023).
- Seth, R. This App Can Track Tesla Model 3 Location. Available online: https://www.the-parallax.com/tesla-radar-model-3-phone-key-ibeacon/ (accessed on 16 October 2023).
- Kunnamon. Redacted TBONE Document Submitted to Tesla Bug Bounty Program. Available online: https://kunnamon.io/tbone/ (accessed on 16 October 2023).
- John, D. Canadian Software Developer Discovers Bluetooth Key Vulnerability That Allows Anyone to Unlock a Tesla. Available online: https://bit.ly/408iH88 (accessed on 16 October 2023).
- HackingIntoYourHeart. Unoriginal Rice Patty is My Personal Title for the Replay-Based Attack on Honda and Acura Vehicles. Available online: https://github.com/HackingIntoYourHeart/Unoriginal-Rice-Patty (accessed on 16 October 2023).
- ReverseKevin. Honda Civic Replay Attack. Available online: https://www.youtube.com/watch?v=NjbjepeILrk (accessed on 16 October 2023).
- Pompel123. Firmware to Open Any and All Tesla Vehicle Charging Ports in Range! Available online: https://github.com/pompel123/Tesla-Charging-Port-Opener (accessed on 16 October 2023).
- Sharma, A. Honda Bug Lets a Hacker Unlock and Start Your Car via Replay Attack. Available online: https://www.bleepingcomputer.com/news/security/honda-bug-lets-a-hacker-unlock-and-start-your-car-via-replay-attack/ (accessed on 16 October 2023).
- Khan, S. Technical Advisory—Tesla Ble Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks. Available online: https://bit.ly/3DiuZ3M (accessed on 16 October 2023).
- Trifinite. Project Tempa. Available online: https://trifinite.org/stuff/project_tempa/ (accessed on 16 October 2023).
- Rollingpwn. Rolling PWN Attack. Available online: https://rollingpwn.github.io/rolling-pwn/ (accessed on 16 October 2023).
- Clatworthy, B. Luxury Cars Are Gone in 90 Seconds with Thief Kit. Available online: https://www.thetimes.co.uk/article/luxury-cars-are-gone-in-90-seconds-with-thief-kit-z300g0njf (accessed on 16 October 2023).
- Blackberry. QNX-2021-001 Vulnerability in the C Runtime Library Impacts BlackBerry QNX Software Development Platform (SDP), QNX OS for Medical, and QNX OS for Safety. Available online: https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 (accessed on 16 October 2023).
- Oka, D.K.; Furue, T.; Langenhop, L.; Nishimura, T. Survey of vehicle IoT bluetooth devices. In Proceedings of the 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, Matsue, Japan, 17–19 November 2014; pp. 260–264. [Google Scholar]
- VDECert. SWARCO: Critical Vulnerability in CPU LS4000. Available online: https://cert.vde.com/de/advisories/VDE-2020-016/ (accessed on 16 October 2023).
- Sohu. An Online Car-Hailing Driver was Jailed for Stealing Electricity 382 Times in Half a Year Using the ‘Pinch Gun Method’ and ‘Card Second Method’. Available online: https://www.sohu.com/a/259418261_391288 (accessed on 16 October 2023).
- Roman, R.; Lopez, J.; Mambo, M. Mobile edge computing, fog et al.: A survey and analysis of security threats and challenges. Future Gener. Comput. Syst. 2018, 78, 680–698. [Google Scholar] [CrossRef]
- Whittaker, Z. Mercedes-Benz App Glitch Exposed Car Owners’ Information to Other Users. Available online: https://bit.ly/3HdD7Uh (accessed on 16 October 2023).
- Beardsley, T. R7-2017-02: Hyundai Blue Link Potential Info Disclosure (Fixed): Rapid7 Blog. Available online: https://www.rapid7.com/blog/post/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed/ (accessed on 16 October 2023).
- Hunt, T. Controlling Vehicle Features of Nissan Leafs across the Globe via Vulnerable Apis. Available online: https://www.troyhunt.com/controlling-vehicle-features-of-nissan/ (accessed on 16 October 2023).
- Schneider. Schneider Electric Security Notification. Available online: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-06 (accessed on 16 October 2023).
- XiunoBBS. Vulnerability Mining Practice of Charging Piles. Available online: https://bbs.kanxue.com/thread-272546.htm (accessed on 16 October 2023).
- Di, W. Information on 100,000 Citroen Owners May Have Been Leaked. Available online: http://shorturl.at/beSTV (accessed on 16 October 2023).
- Xxdesmus. Honda Motor Company Leaks Database with 134 Million Rows of Employee Computer Data. Available online: https://rainbowtabl.es/2019/07/31/honda-motor-company-leak/ (accessed on 16 October 2023).
- ZDNET. Mercedes-Benz Onboard Logic Unit (OLU) Source Code Leaks Online. Available online: https://www.zdnet.com/article/mercedes-benz-onboard-logic-unit-olu-source-code-leaks-online/ (accessed on 16 October 2023).
- Valdes-Dapena, P. Volkswagen Hack: 3 Million Customers Have Had Their Information Stolen | CNN Business. Available online: https://edition.cnn.com/2021/06/11/cars/vw-audi-hack-customer-information/index.html (accessed on 16 October 2023).
- MBUSA. Mercedes-Benz USA Announces Initial Findings of Data Investigation Affecting Customers and Interested Buyers. Available online: https://bit.ly/3wS6Hu5 (accessed on 16 October 2023).
- Volvo. Notice of Cyber Security Breach by Third Party. Available online: https://www.media.volvocars.com/global/en-gb/media/pressreleases/292817/notice-of-cyber-security-breach-by-third-party-1 (accessed on 16 October 2023).
- Asia, N. Toyota Halts Operations at All Japan Plants Due to Cyberattack. Available online: https://asia.nikkei.com/Spotlight/Supply-Chain/Toyota-halts-operations-at-all-Japan-plants-due-to-cyberattack (accessed on 16 October 2023).
- Denso. Notice of Unauthorized Access to Group Company: Newsroom: News: Denso Global Website. Available online: https://www.denso.com/global/en/news/newsroom/2022/20220314-g01/ (accessed on 16 October 2023).
- Redazione. La Ferrari è Stata Colpita Dal Ransomware Ransomexx. 7GB di Dati Scaricabili Online. Available online: https://www.redhotcyber.com/post/la-ferrari-e-stata-colpita-dal-ransomware-ransomexx-7gb-di (accessed on 16 October 2023).
- Nio. Statement on Data Security Incidents. Available online: https://app.nio.com/app/web/v2/share_comment?id=2284166&type=essay (accessed on 16 October 2023).
- Puthal, D.; Nepal, S.; Ranjan, R.; Chen, J. Threats to networking cloud and edge datacenters in the Internet of Things. IEEE Cloud Comput. 2016, 3, 64–71. [Google Scholar] [CrossRef]
- Huiyu, W. X-in-the-Middle: Attacking Fast Charging Electric Vehicles. Available online: https://conference.hitb.org/hitbsecconf2021ams/sessions/x-in-the-middle-attacking-fast-charging-electric-vehicles/ (accessed on 16 October 2023).
- Eckert, S. Replay Attack: Numerous Traffic Lights in Germany are Vulnerable to Manipulation. Available online: https://twitter.com/sveckert/status/1600443031915663360 (accessed on 16 October 2023).
- Pekaric, I.; Sauerwein, C.; Haselwanter, S.; Felderer, M. A taxonomy of attack mechanisms in the automotive domain. Comput. Stand. Interfaces 2021, 78, 103539. [Google Scholar] [CrossRef]
Method | M | A | SS | H/S | D |
---|---|---|---|---|---|
Attack Trees [22] | ✓ | ✓ | ✓ | ✓ | |
Composite Threat Modeling [17] | ✓ | ✓ | ✓ | ✓ | |
OCTAVE [15] | ✓ | ✓ | |||
PASTA [16] | ✓ | ✓ | ✓ | ✓ | |
STRIDE DREAD [9] | ✓ | ✓ | ✓ | ✓ | ✓ |
Expertise | Threat Actor | Motivation | Capability | Opportunity | Threat | DREAD |
---|---|---|---|---|---|---|
Layman | Solo—Outsider | Personal satisfaction; Passion; Ideology. | Limited | Minimal | Damage Potential —If a threat exploit occurs, evaluate the damage caused 0 = Nothing 2.5 = Individual user data compromised 5 = Complete system or data destruction Reproducibility—How easy is it to reproduce the threat exploit? 0 = Very hard or impossible even for administrators/DBAs 2.5 = One or two steps required, may need an authorized user 5 = Just a web browser is enough Exploitability—What is needed to exploit this threat? 0 = Advanced programming networking knowledge 2.5 = Malware exists on the Net, or any tolls available 5 = Just a web browser is enough Affected Users—How many users are affected? 0 = None 2.5 = Some users, but not all 5 = All users Discoverability—How easy is it to discover the threat. 0 = Very hard or impossible; needs source code or admin access 2.5 = Can figure it out by guessing or monitoring network traces 5 = Information is visible in the web browser or address bar or in the form or as a hidden variable | |
Proficient | Solo—Insider | Financial gain; Discontent | Moderate to High | Internal knowledge | S | |
Group—Ad hoc | Dependant on group purpose: Ideological, financial, political | Limited to Moderate | Limited knowledge and financial | T R | ||
Expert | Group—Established | Dependant on group purpose: Ideological, financial, political | Limited and Moderate knowledge | Moderate to High | I | |
Multiple experts | Organization—Competitor | Corporate espionage; Financial gain; Reputation damage | Moderate to High | Limited and moderate knowledge and financial and contextual | D | |
Organization—Partner | Information gain; Financial gain | E | ||||
Intelligence RD | Nation-State | State rivalry; Geopolitics | High | High knowledge, finance and advance skills and resources |
Low | Medium | High | |
---|---|---|---|
Literature Review Threats | |||
CAVs | 2 | 40 | 34 |
Edge/Cloud and Cloud | 7 | 37 | 12 |
Real-Life Threats | |||
CAVs | 3 | 47 | 36 |
Edge/Cloud and Cloud | 1 | 14 | 17 |
Surveys | Reference Architecture | CAV | Edge/ Cloud | V2V/V2I Comm. | In-vehicle Network | Threat Analysis | Risk Assessment | Defense Taxonomy | Attack Tree | Counter Measures |
---|---|---|---|---|---|---|---|---|---|---|
[39] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ |
[25] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
[27] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
[29] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ |
[50] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |
[51] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
[23,40] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ |
[52] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✗ | ✗ | ✓ |
[53] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
[54] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ |
[34,55] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
[56] | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
[57] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ |
[58] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✓ |
[59] | ✗ | ✗ | ✗ | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ | ✓ |
[3] | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ |
[60] | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✗ | ✓ | ✗ | ✗ |
[61] | ✗ | ✗ | ✗ | ✗ | ✓ | ✓ | ✗ | ✓ | ✗ | ✓ |
[62] | ✗ | ✗ | ✗ | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ | ✓ |
[63] | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✗ | ✓ | ✗ | ✓ |
[64] | ✗ | ✗ | ✗ | ✓ | ✗ | ✓ | ✓ | ✓ | ✗ | ✓ |
This Paper | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Sheik, A.T.; Maple, C.; Epiphaniou, G.; Dianati, M. Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment. Sensors 2024, 24, 241. https://doi.org/10.3390/s24010241
Sheik AT, Maple C, Epiphaniou G, Dianati M. Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment. Sensors. 2024; 24(1):241. https://doi.org/10.3390/s24010241
Chicago/Turabian StyleSheik, Al Tariq, Carsten Maple, Gregory Epiphaniou, and Mehrdad Dianati. 2024. "Securing Cloud-Assisted Connected and Autonomous Vehicles: An In-Depth Threat Analysis and Risk Assessment" Sensors 24, no. 1: 241. https://doi.org/10.3390/s24010241