A Security Risk Assessment Framework for Smart Car

As the automobile industry has recently adopted information technologies, the latter are being used to replace mechanical systems with electronically-controlled systems. Moreover, automobiles are evolving into smart cars or connected cars as they are connected to various IT devices and networks such as VANET (Vehicular Ad hoc NETwork). Although there were no concerns about the hacking of automobiles in the past, various security threats are now emerging as electronic systems are gradually filling up the interiors of many automobiles, which are in turn being connected to external networks. As such, researchers have begun studying smart car security, leading to the disclosure of security threats through the testing or development of various automobile security technologies. However, the security threats facing smart cars do not occur frequently and, practically speaking, it is unrealistic to attempt to cope with every possible security threat when considering such factors as performance, compatibility, and so forth. Moreover, the excessive application of security technology will increase the overall vehicle cost and lower the effectiveness of investment. Therefore, smart car security risks should be assessed and prioritized to establish efficient security measures. To that end, this study constructed a security risk assessment framework in a bid to establish efficient measures for smart car security. The proposed security risk assessment framework configured the assessment procedure based on the conventional security risk analysis model GMITS (ISO13335) and utilized 'attack tree analysis' to assess the threats and vulnerabilities.

[1]  Ludovic Apvrille,et al.  Security requirements for automotive on-board networks , 2009, 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST).

[2]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[3]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[4]  Marko Wolf,et al.  Design, Implementation, and Evaluation of a Vehicular Hardware Security Module , 2011, ICISC.

[5]  Mohammed Ketel IT security risk management , 2008, ACM-SE 46.

[6]  Jung-Ho Eom An Architecture of a Dynamic Cyber Attack Tree: Attributes Approach , 2011 .

[7]  Marko Wolf,et al.  A Systematic Approach to a Quantified Security RiskAnalysis for Vehicular IT Systems , .

[8]  D.K. Nilsson,et al.  Secure Firmware Updates over the Air in Intelligent Vehicles , 2008, ICC Workshops - 2008 IEEE International Conference on Communications Workshops.

[9]  Dong Hoon Lee,et al.  A Message Authentication and Key Distribution Mechanism Secure Against CAN bus Attack , 2012 .

[10]  R.R. Brooks,et al.  Automobile security concerns , 2009, IEEE Vehicular Technology Magazine.

[11]  Dong-Joo Kang,et al.  Quantitative Methodology to Assess Cyber Security Risks of SCADA system in Electric Power Industry , 2013, Inscrypt 2013.

[12]  Syed Masud Mahmud,et al.  Analysis of a Secure Software Upload Technique in Advanced Vehicles using Wireless Links , 2007, 2007 IEEE Intelligent Transportation Systems Conference.

[13]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[14]  Srdjan Capkun,et al.  Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[15]  Sangjin Kim,et al.  Reduced RSU-dependency Authentication Protocol to Enhance Vehicle Privacy in VANET , 2011 .

[16]  Yves Deswarte,et al.  Survey on security threats and protection mechanisms in embedded automotive networks , 2013, 2013 43rd Annual IEEE/IFIP Conference on Dependable Systems and Networks Workshop (DSN-W).

[17]  Zhiyi Fang,et al.  Securing Vehicular Ad Hoc Networks , 2007, 2007 2nd International Conference on Pervasive Computing and Applications.

[18]  Haojin Zhu,et al.  A Novel Attack Tree Based Risk Assessment Approach for Location Privacy Preservation in the VANETs , 2011, 2011 IEEE International Conference on Communications (ICC).