Likelihood of Threats to Connected Vehicles

##plugins.themes.academic_pro.article.sidebar##

Published Nov 1, 2014
https://doi.org/10.47164/ijngc.v5i3.69
Download
PDF
Statistic

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...
Volume 5, Issue 3, November 2014

##plugins.themes.academic_pro.article.main##

LOTFI BEN OTHMANE
Fraunhofer Institute for Secure Information Technology, Germany
RUCHITH FERNANDO
Purdue University, USA
ROHIT RANCHAL
Purdue University, USA
BHARAT BHARGAVA
Purdue University, USA
ERIC BODDEN
Technische Universit¨at Darmstadt, Germany

Abstract

Modern vehicles are connected vehicles whose electronic control units communicate through their in-vehicle networks and they communicate with neighboring vehicles, road side units, personal devices, and service centers. This provides cyber-attackers with the opportunity to communicate with the vehicles and to stage attacks. This paper reports about a case study for estimating the likelihoods of threats for connected vehicles; it provides the results of a survey that we conducted to estimate the likelihoods of 7 threats to connected vehicles. The experts rated 6 threats as very unlikely and one as almost impossible. The levels of the rating scale that we used are: almost impossible, very unlikely, unlikely, likely, and highly likely. The survey shows that attacks on connected vehicles require fast attacks (before being discovered or a change in the attack context occurs) and be staged by experts who have deep knowledge about the targets. It also shows that developing such attacks does not require long time, neither expensive equipment and tools. Thus, cyber-attacks on connected vehicles are not lab experiments anymore; they are real threats for the society.

##plugins.themes.academic_pro.article.details##

How to Cite
LOTFI BEN OTHMANE, RUCHITH FERNANDO, ROHIT RANCHAL, BHARAT BHARGAVA, & ERIC BODDEN. (2014). Likelihood of Threats to Connected Vehicles. International Journal of Next-Generation Computing, 5(3), 290–303. https://doi.org/10.47164/ijngc.v5i3.69
Crossref
Scopus
Google Scholar
Europe PMC

References

  1. Alberts, C. J. and Dorofee, A. 2002. Managing Information Security Risks: The Octave Approach. AddisonWesley Longman Publishing Co., Inc., Boston, MA, USA.
  2. ben Othmane, L., Ranchal, R., Fernando, R., Bhargava, B., and Bodden, E. 2014. Incorporating attacker capabilities in risk estimation and mitigation. Tech. Rep. TUD-CS-2014-0799, Center of Advanced Security Research Darmstadt, Darmstadt, Germany. Apr. http://www.tk.informatik.tu-darmstadt.de/fileadmin/user_upload/Group_CASED/Publikationen/TUD-CS-2014-0799.pdf.
  3. ben Othmane, L., Weffers, H., and Klabbers, M. 2013. Using attacker capabilities and motivations in estimating security risk. In Workshop on Risk Perception in IT Security and Privacy. Newcastle, UK.
  4. ben Othmane, L., Weffers, H., Mohamad, M. M., and Wolf, M. 2014. Wireless Sensor Networks (WSN) For Vehicular and Space Applications: Architecture and Implementation. Springer, Norwell, MA, Chapter A survey of security and privacy in connected vehicles. in press.
  5. Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., Koscher, K., Czeskis, A., Roesner, F., and Kohno, T. 2011. Comprehensive experimental analyses of automotive attack surfaces. In Proc. of the 20th USENIX conference on Security. Berkeley, CA, 6–6.
  6. EVITA project. 2014. E-safety vehicle intrusion protected applications (evita). http://www.evita-project.org/. accessed on Jan. 2014.
  7. Gosset, W. S. 1908. The probable error of a mean. Biometrika 6, 1 (Mar.), 1–25. (Student).
  8. Hern, A. 2014. Self-driving cars irresistible to hackers, warns security executive. http://www.theguardian.com/ technology/2014/jan/28/self-driving-cars-irresistible-hackers-security-executive. (The Guardian).
  9. Hoppe, T., Kiltz, S., and Dittmann, J. 2011. Security threats to automotive CAN networks–practical examples and selected short-term countermeasures. Reliability Engineering & System Safety 96, 1, 11 – 25. Special Issue on Safecomp 2008.
  10. Intellidrive project. Intellidrive for safety, mobility, and user fee project: Driver performance and distraction evaluation. http://www.its.umn.edu/Research/ProjectDetail.html?id=2011091. accessed on Jan. 2014.
  11. ISO (the International Organization for Standardization) and IEC(the International Electrotechnic Commission). 2008. Information technology security techniques methodology for IT security evaluation.
  12. Likert, R. 1932. A technique for the measurement of attitudes. Archives of Psychology 22, 140 (Jun.).
  13. Miller, C. and Valasek, C. 2013. Adventures in automotive networks and control units. http://www.youtube.com/watch?v=n70hIu9lcYo. Presented at DEF CON 21 Hacking Conference. Accessed on Mar. 2014.
  14. Miller, C. and Valasek, C. 2014a. Adventures in automotive networks and control units. http://blog.ioactive.com/2013/08/car-hacking-content.html. Accessed on March 2014.
  15. Miller, C. and Valasek, C. 2014b. A survey of remote automotive attack surfaces. http://illmatics.com/remote attack surfaces.pdf. Presented at DEF CON 22 Hacking Conference. Accessed on Sep. 2014.
  16. OVERSEE project. 2014. Open vehicular secure platform (oversee). https://www.oversee-project.com/.accessed on Jan. 2014.
  17. Rouf, I., Miller, R., Mustafa, H., Taylor, T., Oh, S., Xu, W., Gruteser, M., Trappe, W., and Seskar, I.2010. Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study. In Proc. of the 19th USENIX Conference on Security. Berkeley, CA, 21–21.
  18. Ruddle, A. 2010. Security risk analysis approach for on-board vehicle networks. In The Fully Networked Car Workshop at the Geneva International Moto Show. Geneva, Switzerland. http://evita-project.org/ Publications/Rud10.pdf.
  19. Ruddle, A., Ward, D., Weyl, B., Idrees, S., Roudier, Y., Friedewald, M., Leimbach, T., Fuchs, A., Grgens, S., Henniger, O., Rieke, R., Ritscher, M., Broberg, H., Apvrille, L., Pacalet, R., and Pedroza, G.2009. Deliverable d2.3: Security requirements for automotive on-board networks based on dark-side scenarios. http://evita-project.org/Deliverables/EVITAD2.3.pdf.
  20. Seltman, H. 2014. Experimental design and analysis. http://www.stat.cmu.edu/ hseltman/309/Book/Book.pdf.
  21. SeVeCom project. 2014. Secure vehicular communication eu funded project. http://www.sevecom.org. accessed on Jan. 2014.
  22. Stoneburner, G., Goguen, A., and Feringa, A. 2002. Risk management guide for information technology systems – recommendations of the national institute of standards and technology. http://csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf. Special Publication 800-30, accessed in May 2013.
  23. Szczesny, J. 2014. Car-hacking: A new fear for drivers of tech-loaded vehicles. http://www.nbcnews.com/business/autos/car-hacking-new-fear-drivers-tech-loaded-vehicles-n78046. (NBC News).
  24. Van Herrewege, A., Singelee, D., and Verbauwhede, I. 2011. Canauth-a simple, backward compatible broadcast authentication protocol for can bus. In ECRYPT Workshop on Lightweight Cryptography 2011.
  25. van Ude, J. 2014. Hijacking a VW lupo via the CANbus. https://www.youtube.com/watch?v=0VZgU9ac_QI, accessed on Sep. 2013.
  26. Wohlin, C., Runeson, P., Host, M., Ohlsson, M., Regnell, B., and Wesslen, A. 2012. Experimentation in Software Engineering. Springer-Verlag, Berlin Heidelberg.
  27. Woo, S., Jo, H., and Lee, D. 2014. A practical wireless attack on the connected car and security protocol for in-vehicle can. IEEE Transactions on Intelligent Transportation Systems PP, 99, 1–14. To appear.
  28. Zadeh, L. 1978. Fuzzy sets as a basis for a theory of possibility. Fuzzy Sets and Systems 1, 1, 3–28.