STRIDE-Based Cybersecurity Threat Modeling, Risk Assessment and Treatment of an In-Vehicle Infotainment System-Reference-Cited by-同舟云学术

STRIDE-Based Cybersecurity Threat Modeling, Risk Assessment and Treatment of an In-Vehicle Infotainment System

Published:2024-06-30 Issue:3 Volume:6 Page:1140-1163
ISSN:2624-8921
Container-title:Vehicles
language:en
Short-container-title:Vehicles

Author:

Das Popy¹^ORCID,Asif Md. Rashid Al¹^ORCID,Jahan Sohely¹^ORCID,Ahmed Kawsar²³⁴^ORCID,Bui Francis M.²^ORCID,Khondoker Rahamatullah⁵^ORCID

Affiliation:

1. Department of Computer Science and Engineering, University of Barishal, Barishal 8254, Bangladesh

2. Department of Electrical and Computer Engineering, University of Saskatchewan, 57 Campus Drive, Saskatoon, SK S7N 5A9, Canada

3. Health Informatics Research Lab, Department of Computer Science and Engineering, Daffodil International University, Daffodil Smart City, Dhaka 1216, Bangladesh

4. Department of Information and Communication Technology, Mawlana Bhashani Science and Technology University, Santosh, Tangail 1902, Bangladesh

5. Department of Business Informatics, Faculty of Mathematics, Natural Science & Data Processing (MND), THM University of Applied Sciences, 61169 Friedberg, Germany

Abstract

In modern automobiles, the infotainment system is crucial for enhancing driver and passenger capabilities, offering advanced features such as music, navigation, communication, and entertainment. Leveraging Wi-Fi, cellular networks, NFC, and Bluetooth, the system ensures continuous internet connectivity, providing seamless access to information. However, the increasing complexity of IT connectivity in vehicles raises significant cybersecurity concerns, including potential data breaches and exposure of sensitive information. To enhance security in infotainment systems, this study applied component-level threat modeling to a proposed infotainment system using the Microsoft STRIDE model. This approach illustrates potential component-level security issues impacting privacy and security concerns. The study also assessed these impacts using SAHARA and DREAD risk assessment methodologies. The threat modeling process identified 34 potential security threats, each accompanied by detailed information. Moreover, a comparative analysis is performed to compute risk values for prioritizing treatment, followed by recommending mitigation strategies for each identified threat. These identified threats and associated risks require careful consideration to prevent potential cyberattacks before deploying the infotainment system in automotive vehicles.

Funder

Natural Sciences and Engineering Research Council of Canada

Publisher

MDPI AG

Link

https://www.mdpi.com/2624-8921/6/3/54/pdf

Reference67 articles.

1. Efforts toward realization of connected car society;Watabe;Denso Ten Tech. Rev.,2017

2. (2023, June 09). Hackers Take Remote Control of Tesla’s Brakes and Door Locks from 12 Miles Away. Available online: https://thehackernews.com/2016/09/hack-tesla-autopilot.html.

3. (2023, June 10). Vehicle Cybersecurity: The Jeep Hack and Beyond. Available online: https://insights.sei.cmu.edu/blog/vehicle-cybersecurity-the-jeep-hack-and-beyond.

4. Choi, J., and Jin, S.I. (2019). Security threats in connected car environment and proposal of in-vehicle infotainment-based access control mechanism. Advanced Multimedia and Ubiquitous Engineering: MUE/FutureTech 2018 12, Springer.

5. Takahashi, J., Iwamura, M., and Tanaka, M. (December, January 18). Security threat analysis of automotive infotainment systems. Proceedings of the 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall), Virtual.