TY - GEN
T1 - User-Centric Security and Privacy Threats in Connected Vehicles
T2 - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, 2023 International Conference on Pervasive Intelligence and Computing, 2023 International Conference on Cloud and Big Data Computing, 2023 International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
AU - Stingelova, Beata
AU - Thrakl, Clemens Thaddaus
AU - Wronska, Laura
AU - Jedrej-Szymankiewicz, Sandra
AU - Khan, Sajjad
AU - Svetinovic, Davor
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The increasing equipment of cars with smart systems and their networking with other devices is leading to a growing network of connected vehicles. Connected cars are Internet of Things (IoT) devices that communicate bidirectionally with other systems, enabling internet access and data exchange. Artificial Intelligence (AI) offers benefits such as autonomous driving, driver assistance programs, and monitoring. The increasing connectivity of cars also brings new risks to users' privacy. Our study focuses on privacy threats in connected cars from a user perspective. Our study provides a comprehensive threat model analysis based on a combination of STRIDE and LINDDUN. We analyze the various threats and vulnerabilities that arise from connecting cars to the internet and other devices, including Vehicle-to-Vehicle (V2V), Vehicle-to-Vloud (V2C), and Vehicle-to-Device (V2D). We conduct our study based on a theoretical model of a modern-day connected vehicle of another study. Our study shows that several types of threats can negatively impact the privacy of connected car users. This encapsulates the potential risks, such as the inadvertent disclosure of personal data due to the vehicle's interconnectedness with other devices, including smartphones, and the subsequent susceptibility to unauthorized access, while also highlighting the need for robust security measures indicated by our comprehensive threat modeling, to safeguard against a wide array of identified cybersecurity threats.
AB - The increasing equipment of cars with smart systems and their networking with other devices is leading to a growing network of connected vehicles. Connected cars are Internet of Things (IoT) devices that communicate bidirectionally with other systems, enabling internet access and data exchange. Artificial Intelligence (AI) offers benefits such as autonomous driving, driver assistance programs, and monitoring. The increasing connectivity of cars also brings new risks to users' privacy. Our study focuses on privacy threats in connected cars from a user perspective. Our study provides a comprehensive threat model analysis based on a combination of STRIDE and LINDDUN. We analyze the various threats and vulnerabilities that arise from connecting cars to the internet and other devices, including Vehicle-to-Vehicle (V2V), Vehicle-to-Vloud (V2C), and Vehicle-to-Device (V2D). We conduct our study based on a theoretical model of a modern-day connected vehicle of another study. Our study shows that several types of threats can negatively impact the privacy of connected car users. This encapsulates the potential risks, such as the inadvertent disclosure of personal data due to the vehicle's interconnectedness with other devices, including smartphones, and the subsequent susceptibility to unauthorized access, while also highlighting the need for robust security measures indicated by our comprehensive threat modeling, to safeguard against a wide array of identified cybersecurity threats.
KW - Artificial Intelligence
KW - Connected Cars
KW - Cyberphysical Systems
KW - IoT
KW - Threat Modeling
UR - http://www.scopus.com/inward/record.url?scp=85182600751&partnerID=8YFLogxK
U2 - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361381
DO - 10.1109/DASC/PiCom/CBDCom/Cy59711.2023.10361381
M3 - Conference contribution
AN - SCOPUS:85182600751
T3 - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
SP - 690
EP - 697
BT - 2023 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress, DASC/PiCom/CBDCom/CyberSciTech 2023
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 14 November 2023 through 17 November 2023
ER -
