Journal of Information Processing Systems

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Security Threat Analysis for Remote Monitoring and Control Functions of Connected Car Services

  • Jin Kim (Big Data Convergence Major, Sangmyung University) ;
  • Jinho Yoo (Division of Business Administration, Sangmyung University)
  • Received : 2023.11.06
  • Accepted : 2024.03.06
  • Published : 2024.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

The connected car services are one of the most widely used services in the Internet of Things environment, and they provide numerous services to existing vehicles by connecting them through networks inside and outside the vehicle. However, although vehicle manufacturers are developing services considering the means to secure the connected car services, concerns about the security of the connected car services are growing due to the increasing number of attack cases. In this study, we reviewed the research related to the connected car services that have been announced so far, and we identified the threats that may exist in the connected car services through security threat modeling to improve the fundamental security level of the connected car services. As a result of performing the test to the applications for connected car services developed by four manufacturers, we found that all four companies' applications excessively requested unnecessary permissions for application operation, and the apps did not obfuscate the source code. Additionally, we found that there were still vulnerabilities in application items such as exposing error messages and debugging information.

Keywords

Acknowledgement

This research was funded by a 2021 research Grant from Sangmyung University.

References

  1. S. Lenfle and C. Midler, "The launch of innovative product-related services: lessons from automotive telematics," Research Policy, vol. 38, no. 1, pp. 156-169, 2009. https://doi.org/10.1016/j.respol.2008.10.020
  2. A. Akram and M. Akesson, "Value network transformation by digital service innovation in the vehicle industry," in Proceedings of the 15th Pacific Asia Conference on Information Systems (PACIS), Brisbane, Australia, 2011.
  3. HIS iSuppli Inc., "Embedded Telematics in the Automotive Industry," 2011 [Online]. Available: http://gallery.mailchimp.com/e68b454409061ef6bb1540e01/files/Embedded_Telematics_in_the_Automotive_Industry_sw_iS.pdf.
  4. J. Ohlsson, P. Handel, S. Han, and R. Welch, "Process innovation with disruptive technology in auto insurance: lessons learned from a smartphone-based insurance telematics initiative," in BPM - Driving Innovation in a Digital World. Cham, Switzerland: Springer, 2015, pp. 85-101. https://doi.org/10.1007/978-3-319-14430-6_7
  5. J. E. Park and M. Y. Yoon, "Hyper-connected society and future services," Information & Communications Magazine, vol. 31, no. 4, pp 3-9, 2014.
  6. S. Vimalkumar, P. Hemalatha, and J. Kalaivani, "A review on smart IOT car for accident prevention," Asian Journal of Applied Science and Technololgy, vol. 2, no. 1, pp. 287-292, 2018.
  7. Ernest & Young LLP, "The quest for Telematics 4.0," 2013 [Online]. Available: https://ey-france.relayto.com/e/thequest-for-telematics-4-0-cbfjemrn/QD7KnZgk1.
  8. S. G. Kim, "Rapid market expectations for connected cars under IoT/M2M technology environment," KISTI Market Report, vol. 4, no. 2, pp. 3-6, 2014.
  9. T. UcedaVelez, "Real world threat modeling using the pasta methodology," in Proceedings of the OWASP AppSec Research Conference, Athens, Greece, 2012.
  10. S. R. Do, "Trends in cybersecurity standards and threat analysis techniques," Weekly Tech Trends, vol. 2019, no. 1918, pp. 2-15, 2019.
  11. A. Shostack, Threat Modeling: Designing for Security. Indianapolis, IN: John Wiley & Sons, 2014 (Transl.: in H. Yang, editor, Threat Modeling. Seoul, Korea: Acorn Publishing Co., 2016).
  12. Institute of Information & communications Technology Planning & Evaluation, "Intelligent vehicle security threats and countermeasures report," 2017 [Online]. Available: https://www.itfind.or.kr/report/analysis/read.do?selectedId=02-004-171208-000018.
  13. A. D. Kumar, K. N. R. Chebrolu, R. Vinayakumar, and K. P. Soman, "A brief survey on autonomous vehicle possible attacks, exploits and vulnerabilities," 2018 [Online]. Available: https://doi.org/10.48550/arXiv.1810.04144.
  14. I. Rouf, R. Miller, H. Mustafa, T. Taylor, S. Oh, W. Xu, M. Gruteser, W. Trappe, and I. Seskar, "Security and privacy vulnerabilities of In-Car wireless networks: a tire pressure monitoring system case study," in Proceedings of 19th USENIX Security Symposium (USENIX Security 10), Washington, DC, USA, 2010. https://dl.acm.org/doi/10.5555/1929820.1929848
  15. J. Petit, M. Feiri, and F. Kargl, "Revisiting attacker model for smart vehicles," in Proceedings of 2014 IEEE 6th International Symposium on Wireless Vehicular Communications (WiVeC), Vancouver, Canada, 2014, pp. 1-5. https://doi.org/10.1109/WIVEC.2014.6953258
  16. J. Petit, B. Stottelaar, M. Feiri, and F. Kargl, "Remote attacks on automated vehicles sensors: experiments on camera and LiDAR," in Proceedings of the Black Hat Europe, Amsterdam, The Netherlands, 2015.
  17. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, et al., "Experimental security analysis of a modern automobile," in Proceedings of 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2010, pp. 447-462. https://doi.org/10.1109/SP.2010.34