Practical Security and Privacy Threat Analysis in the Automotive Domain: Long Term Support Scenario for Over-the-Air Updates

Alexandr Vasenev, Florian Stahl, Hayk Hamazaryan, Zhendong Ma, Lijun Shan, Joerg Kemmerich, Claire Loiseaux

2019

Abstract

Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario “long term support”, its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotive-specific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases.

Download


Paper Citation


in Harvard Style

Vasenev A., Stahl F., Hamazaryan H., Ma Z., Shan L., Kemmerich J. and Loiseaux C. (2019). Practical Security and Privacy Threat Analysis in the Automotive Domain: Long Term Support Scenario for Over-the-Air Updates.In Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS, ISBN 978-989-758-374-2, pages 550-555. DOI: 10.5220/0007764205500555


in Bibtex Style

@conference{vehits19,
author={Alexandr Vasenev and Florian Stahl and Hayk Hamazaryan and Zhendong Ma and Lijun Shan and Joerg Kemmerich and Claire Loiseaux},
title={Practical Security and Privacy Threat Analysis in the Automotive Domain: Long Term Support Scenario for Over-the-Air Updates},
booktitle={Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,},
year={2019},
pages={550-555},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007764205500555},
isbn={978-989-758-374-2},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 5th International Conference on Vehicle Technology and Intelligent Transport Systems - Volume 1: VEHITS,
TI - Practical Security and Privacy Threat Analysis in the Automotive Domain: Long Term Support Scenario for Over-the-Air Updates
SN - 978-989-758-374-2
AU - Vasenev A.
AU - Stahl F.
AU - Hamazaryan H.
AU - Ma Z.
AU - Shan L.
AU - Kemmerich J.
AU - Loiseaux C.
PY - 2019
SP - 550
EP - 555
DO - 10.5220/0007764205500555