Towards an Identity-Based Data Model for an Automotive Privacy Process

Information technology has attracted considerable attention in modern automobiles for their promise of value-added services. Based on increasing connectivity and seamless integration of advanced functionality into vehicles, a new challenge is the development of holistic and standardized privacy approaches. So far, privacy has often been considered as a singular task, neglecting the impact of a holistic viewpoint on automotive data. In this paper we provide an identity-based data model, a way to define a structured and flexible view to the acquired vehicular data, i.e., identifying information. We develop the data model as a graph, provide a formal notation and demonstrate its application with an example. The proposed scheme of the model is of multiple uses and the formal notation shows to serve additional privacy features to our model, e.g., privacy risk assessment.

[1]  Gunter Saake,et al.  On the Need of Data Management in Automotive Systems , 2009, BTW.

[2]  Marc Langheinrich,et al.  Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems , 2001, UbiComp.

[3]  Zhendong Ma,et al.  Privacy Requirements in Vehicular Communication Systems , 2009, 2009 International Conference on Computational Science and Engineering.

[4]  Frank Kargl,et al.  A location privacy metric for V2X communication systems , 2009, 2009 IEEE Sarnoff Symposium.

[5]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[6]  Marco Gruteser,et al.  Data Protection and Data Sharing in Telematics , 2004, Mob. Networks Appl..

[7]  Raj Sharman,et al.  Handbook of Research on Social and Organizational Liabilities in Information Security , 2008 .

[8]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[9]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[10]  Wenyuan Xu,et al.  Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[11]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[12]  Antonio Kung,et al.  Privacy Verification Using Ontologies , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[13]  Antonio Kung,et al.  Privacy-by-design in ITS applications , 2011, 2011 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks.

[14]  Michael Weber,et al.  Ginger: An Access Control Framework for Telematics Applications , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[15]  Samsung Lim,et al.  Location Privacy in Automotive Telematics , 2009 .

[16]  Marco Gruteser,et al.  Framework for security and privacy in automotive telematics , 2002, WMC '02.

[17]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[18]  Wouter Joosen,et al.  A Secure Multi-Application Platform for Vehicle Telematics , 2010, 2010 IEEE 72nd Vehicular Technology Conference - Fall.

[19]  Jana Dittmann,et al.  Security threats to automotive CAN networks - Practical examples and selected short-term countermeasures , 2008, Reliab. Eng. Syst. Saf..

[20]  Naim Asaj,et al.  Entropy-based anomaly detection for in-vehicle networks , 2011, 2011 IEEE Intelligent Vehicles Symposium (IV).