Quantitative System-Level Security Verification of the IoV Infrastructure

by   Jan Lauinger, et al.

The Internet of Vehicles (IoV) equips vehicles with connectivity to the Internet and the Internet of Things (IoT) to support modern applications such as autonomous driving. However, the consolidation of complex computing domains of vehicles, the Internet, and the IoT limits the applicability of tailored security solutions. In this paper, we propose a new methodology to quantitatively verify the security of single or system-level assets of the IoV infrastructure. In detail, our methodology decomposes assets of the IoV infrastructure with the help of reference sub-architectures and the 4+1 view model analysis to map identified assets into data, software, networking, and hardware categories. This analysis includes a custom threat modeling concept to perform parameterization of Common Vulnerability Scoring System (CVSS) scores per view model domain. As a result, our methodology is able to allocate assets from attack paths to view model domains. This equips assets of attack paths with our IoV-driven CVSS scores. Our CVSS scores assess the attack likelihood which we use for Markov Chain transition probabilities. This way, we quantitatively verify system-level security among a set of IoV assets. Our results show that our methodology applies to arbitrary IoV attack paths. Based on our parameterization of CVSS scores and our selection of use cases, remote attacks are less likely to compromise location data compared to attacks from close proximity for authorized and unauthorized attackers respectively.


Evaluation of Attack Vectors and Risks in Automobiles and Road Infrastructure

The evolution of smart automobiles and vehicles within the Internet of T...

A Novel Approach for Security Situational Awareness in the Internet of Things

Internet of Things (IoT) is characterized by various of heterogeneous de...

Automated Security Assessment for the Internet of Things

Internet of Things (IoT) based applications face an increasing number of...

Technical Report: Automating Vehicle SOA Threat Analysis using a Model-Based Methodology

While the adoption of Service-Oriented Architectures (SOA) eases the imp...

Communication Security in the Internet of Vehicles based Industrial Value Chain

The Internet of Vehicles (IoV) is formed by connecting vehicles to Inter...

Probabilistic QoS-aware Placement of VNF chains at the Edge

Network Function Virtualisation and Software Defined Networking are inno...

The (thin) Bridges of AS Connectivity: Measuring Dependency using AS Hegemony

Inter-domain routing is a crucial part of the Internet designed for arbi...

Please sign up or login with your details

Forgot password? Click here to reset