research-article

Information Security Analysis in the Passenger-Autonomous Vehicle Interaction

Authors:

Mariia Bakhtina,

Raimundas MatuleviciusAuthors Info & Claims

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

Article No.: 151, Pages 1 - 10

https://doi.org/10.1145/3465481.3470045

Published: 17 August 2021 Publication History

Abstract

Autonomous vehicles (AV) are becoming a part of humans’ everyday life. There are numerous pilot projects of driverless public buses; some car manufacturers deliver their premium-level automobiles with advanced self-driving features. Thus, assuring the security of a Passenger–Autonomous Vehicle interaction arises as an important research topic, as along with opportunities, new cybersecurity risks and challenges occur that potentially may threaten Passenger’s privacy and safety on the roads. This study proposes an approach of the security requirements elicitation based on the developed threat model. Thus, information security risk management helps to fulfil one of the principles needed to protect data privacy - information security. We demonstrate the process of security requirements elicitation to mitigate arising security risks. The findings of the paper are case-oriented and are based on the literature review. They are applicable for AV system implementation used by ride-hailing service providers that enable supervisory AV control.

References

[1]

Wissam Abbass, Amine Baina, and Mostafa Bellafkih. 2016. Survey on information system security risk management alignment. In 2016 International Conference on Information Technology for Organizations Development (IT4OD). 1–6. https://doi.org/10.1109/IT4OD.2016.7479260

[2]

N. Ahmed and R. Matulevicius. 2014. A Method for Eliciting Security Requirements from the Business Process Models. In CAiSE (Forum/Doctoral Consortium). 57–64.

[3]

Olga Altuhhova, Raimundas Matulevičius, and Naved Ahmed. 2013. An Extension of Business Process Model and Notation for Security Risk Management. Int. J. Inf. Syst. Model. Des. 4, 4 (Oct. 2013), 93–113.

[4]

Mariia Bakhtina. 2021. Securing Passenger’s Data in Autonomous Vehicles. Master’s thesis. University of Tartu, Institute of Computer Science, Tartu.

[5]

Deborah J. Bodeau, Catherine D. McCollum, and David B. Fox. 2018. Cyber Threat Modeling: Survey, Assessment, and Representative Framework. Technical Report. Homeland Security Systems Engineering and Development Institute (HSSEDI™).

[6]

The MITRE Corporation. [n.d.]. CAPEC - Common Attack Pattern Enumeration and Classification. Retrieved April 21, 2021 from https://capec.mitre.org/

[7]

The MITRE Corporation. [n.d.]. MITRE ATT&CK. Retrieved April 21, 2021 from https://attack.mitre.org/

[8]

Docs.Microsoft.Com. 2009. The STRIDE Threat Model. Retrieved April 21, 2021 from https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)

[9]

Donald Firesmith. 2003. Engineering Security Requirements. Journal of Object Technology 2, 1 (January-February 2003), 53–68.

[10]

Éric Dubois, Patrick Heymans, Nicolas Mayer, and Raimundas Matulevičius. 2010. A Systematic Approach to Define the Domain of Information System Security Risk Management. Springer Berlin Heidelberg, Berlin, Heidelberg, 289–306.

[11]

Zeinab El-Rewini, Karthikeyan Sadatsharan, Daisy Flora Selvaraj, Siby Jose Plathottam, and Prakash Ranganathan. 2020. Cybersecurity challenges in vehicular communications. Vehicular Communications 23 (2020), 100214.

[12]

European Union Agency for Cybersecurity. 2019. ENISA good practices for security of Smart Cars. Retrieved April 21, 2021 from https://www.enisa.europa.eu/publications/smart-cars

[13]

European Union Agency for Cybersecurity. 2021. Recommendations for the security of CAM. Retrieved June 7, 2021 from https://www.enisa.europa.eu/publications/recommendations-for-the-security-of-cam

[14]

Center for Internet Security. [n.d.]. Critical Security Controls, Version 7.1. Technical Report. Center for Internet Security.

[15]

Joint Task Force. 2017. Security and Privacy Controls for Information Systems and Organizations. (2017).

[16]

Daniel Ganji, Haralambos Mouratidis, and Saeed Malekshahi Gheytassi. 2019. Towards a modelling language for managing the requirements of ISO/IEC 27001 standard. In 5th Int. Conf. on Advances and Trends in Software Engineering (SOFTENG). 17–23.

[17]

Marjan P. Hagenzieker, Reanne Boersma, Pablo N. Velasco, Maryna Ozturker, Irene Zubin, and Daniel Heikoop. 2020. Automated buses in Europe: An inventory of pilots. Technical Report. TUDelft. Version 0.5.

[18]

Cabell Hodge, Konrad Hauck, Shivam Gupta, and Jesse C Bennett. 2019. Vehicle cybersecurity threats and mitigation approaches. Technical Report. National Renewable Energy Lab.(NREL), Golden, CO (United States).

[19]

SAE International. 2016. SAE J3061: SURFACE VEHICLE RECOMMENDED PRAC-TICE - Cybersecurity Guidebook for Cyber-Physical Vehicle Systems. Technical Report.

[20]

IPA information technology-promotion agency. 2013. Approaches for Vehicle Information Security. Retrieved April 21, 2021 from https://www.ipa.go.jp/files/000033402.pdf

[21]

Farha Jahan, Weiqing Sun, Quamar Niyaz, and Mansoor Alam. 2019. Security Modeling of Autonomous Systems: A Survey. ACM Comput. Surv. 52, 5, Article 91 (Sept. 2019), 34 pages. https://doi.org/10.1145/3337791

Digital Library

[22]

Shah Khalid Khan, Nirajan Shiwakoti, Peter Stasinopoulos, and Yilun Chen. 2020. Cyber-attacks in the next-generation cars, mitigation techniques, anticipated readiness and future directions. Accident Analysis & Prevention 148 (2020), 105837. https://doi.org/10.1016/j.aap.2020.105837

[23]

Raimundas Matulevičius. 2017. Fundamentals of Secure System Modelling. Springer.

[24]

Nancy R. Mead. 2007. Identifying security requirements using the security quality requirements engineering (SQUARE) method. In Integrating Security and Software Engineering: Advances and Future Visions. IGI Global, 43–69.

[25]

Dimitris Mitropoulos and Diomidis Spinellis. 2017. Fatal injection: a survey of modern code injection attack countermeasures. PeerJ Computer Science 3e136 (November 2017).

[26]

National Highway Traffic Safety Administration. 2016. Cybersecurity Best Practices for Modern Vehicles (Report No. DOT HS 812 333). https://www.nhtsa.gov/staticfiles/nvs/pdf/812333_CybersecurityForModern Vehicles.pdf.

[27]

Simon Parkinson, Paul Ward, Kyle Wilson, and Jonathan Miller. 2017. Cyber Threats Facing Autonomous and Connected Vehicles: Future Challenges. IEEE Transactions on Intelligent Transportation Systems 18, 11(2017), 2898–2915. https://doi.org/10.1109/TITS.2017.2665968

Digital Library

[28]

Argyri Pattakou, Christos Kalloniatis, and Stefanos Gritzalis. 2017. Security and privacy requirements engineering methods for traditional and cloud-based systems: a review. Cloud Comput 2017(2017), 155.

[29]

J. Petit and S. E. Shladover. 2014. Potential Cyberattacks on Automated Vehicles. IEEE Transactions on Intelligent Transportation Systems 16, 2(2014), 546–556.

[30]

Open Web Application Security Project. 2020. OWASP Top Ten. Retrieved April 21, 2021 from https://owasp.org/www-project-top-ten/

[31]

SAE international. 2016. Taxonomy and definitions for terms related to driving automation systems for on-road motor vehicles. SAE International,(J3016)(2016).

[32]

Adam Shostack. 2014. Threat Modeling: Designing for Security(1st ed.). Wiley Publishing.

Digital Library

[33]

Chairs Constantine Stephanidis, Gavriel Salvendy, Members of the Group Margherita Antona, Jessie Y. C. Chen, Jianming Dong, Vincent G. Duffy, Xiaowen Fang, Cali Fidopiastis, Gino Fragomeni, Limin Paul Fu, Yinni Guo, Don Harris, Andri Ioannou, Kyeong ah (Kate) Jeong, Shin’ichi Konomi, Heidi Krömker, Masaaki Kurosu, James R. Lewis, Aaron Marcus, Gabriele Meiselwitz, Abbas Moallem, Hirohiko Mori, Fiona Fui-Hoon Nah, Stavroula Ntoa, Pei-Luen Patrick Rau, Dylan Schmorrow, Keng Siau, Norbert Streitz, Wentao Wang, Sakae Yamamoto, Panayiotis Zaphiris, and Jia Zhou. 2019. Seven HCI Grand Challenges. International Journal of Human–Computer Interaction 35, 14(2019), 1229–1269. https://doi.org/10.1080/10447318.2019.1619259

[34]

Xiaohua Sun, Honggao Chen, Jintian Shi, Weiwei Guo, and Jingcheng Li. 2018. From HMI to HRI: Human-Vehicle Interaction Design for Smart Cockpit. In Human-Computer Interaction. Interaction in Context, M. Kurosu(Ed.). Springer, Springer International Publishing, Cham, 440–454.

[35]

Vrizlynn LL Thing and Jiaxi Wu. 2016. Autonomous Vehicle Security: A Taxonomy of Attacks and Defences. In 2016 IEEE Int. Conference on iThings and GreenCom and CPSCom and SmartData. IEEE, 164–170.

[36]

Michael E. Whitman and Herbert J. Mattord. 2012. Principles of Information Security(4th ed.). Cengage Learning.

Cited By

He PDu XLi YGuo HCui J(2024)An integration methodology of safety and security requirements for autonomous vehiclesJournal of Transportation Safety & Security10.1080/19439962.2024.2400894(1-19)Online publication date: 22-Sep-2024
https://doi.org/10.1080/19439962.2024.2400894
Saporito ATabari PDe Rosa MFuccella VCostagliola G(2024)Exploring the Privacy Horizons: A Survey on HCI & HRIComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65318-6_8(113-125)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65318-6_8
He PDuan HLuo JDu XJia CCui J(2023)An Integration Tool of Safety and Security Requirements for Autonomous Vehicles2023 International Conference on Artificial Intelligence of Things and Systems (AIoTSys)10.1109/AIoTSys58602.2023.00040(118-124)Online publication date: 19-Oct-2023
https://doi.org/10.1109/AIoTSys58602.2023.00040
Show More Cited By

Index Terms

Information Security Analysis in the Passenger-Autonomous Vehicle Interaction
1. Social and professional topics

Index terms have been assigned to the content through auto-classification.

Recommendations

Privacy Risks in Vehicle Grids and Autonomous Cars
CarSys '17: Proceedings of the 2nd ACM International Workshop on Smart, Autonomous, and Connected Vehicular Systems and Services

Traditionally, the vehicle has been the extension of the manual ambulatory system, docile to the drivers' commands. Recent advances in communications, controls and embedded systems have changed this model, paving the way to the Intelligent Vehicle Grid. ...
Motion planning of autonomous vehicles in a non-autonomous vehicle environment without speed lanes

Planning is one of the key problems for autonomous vehicles operating in road scenarios. Present planning algorithms operate with the assumption that traffic is organised in predefined speed lanes, which makes it impossible to allow autonomous vehicles ...
The Impact of Vehicle Appearance and Vehicle Behavior on Pedestrian Interaction with Autonomous Vehicles
AutomotiveUI '17: Proceedings of the 9th International Conference on Automotive User Interfaces and Interactive Vehicular Applications Adjunct

In this paper, we present the preliminary results of a study that aims to investigate the role of an approaching vehicle's behavior and outer appearance in determining pedestrians' decisions while crossing a street. Concerning appearance, some vehicles ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '21: Proceedings of the 16th International Conference on Availability, Reliability and Security

August 2021

1447 pages

ISBN:9781450390514

DOI:10.1145/3465481

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 August 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Horizon 2020 Framework Programme

Conference

ARES 2021

ARES 2021: The 16th International Conference on Availability, Reliability and Security

August 17 - 20, 2021

Vienna, Austria

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
358
Total Downloads

Downloads (Last 12 months)78
Downloads (Last 6 weeks)9

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

He PDu XLi YGuo HCui J(2024)An integration methodology of safety and security requirements for autonomous vehiclesJournal of Transportation Safety & Security10.1080/19439962.2024.2400894(1-19)Online publication date: 22-Sep-2024
https://doi.org/10.1080/19439962.2024.2400894
Saporito ATabari PDe Rosa MFuccella VCostagliola G(2024)Exploring the Privacy Horizons: A Survey on HCI & HRIComputational Science and Its Applications – ICCSA 2024 Workshops10.1007/978-3-031-65318-6_8(113-125)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-65318-6_8
He PDuan HLuo JDu XJia CCui J(2023)An Integration Tool of Safety and Security Requirements for Autonomous Vehicles2023 International Conference on Artificial Intelligence of Things and Systems (AIoTSys)10.1109/AIoTSys58602.2023.00040(118-124)Online publication date: 19-Oct-2023
https://doi.org/10.1109/AIoTSys58602.2023.00040
Gamboa Rosales NCelaya-Padilla JGalván-Tejada CGalván-Tejada JLuna-García HGamboa-Rosales HLópez Robles J(2022)Infotainment technology based on artificial intelligence: Current research trends and future directionsIberoamerican Journal of Science Measurement and Communication10.47909/ijsmc.1442:1Online publication date: 25-Jun-2022
https://doi.org/10.47909/ijsmc.144

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents