Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart Cars

Abstract

Smart cars are among the essential components and major drivers of future cities and connected world. The interaction among connected entities in this vehicular internet of things (IoT) domain, which also involves smart traffic infrastructure, restaurant beacons, emergency vehicles, etc., offer several real-time applications and provide safer and pleasant driving experience to consumers. With more than 100 million lines of code and hundreds of sensors, these connected vehicles (CVs) expose a large attack surface, which can be remotely compromised and exploited by malicious attackers. Security and privacy are big concerns that deter the adoption of smart cars, which if not properly addressed will have grave implications with risk to human life and limb. In this paper, we present a formalized dynamic groups and attribute-based access control (ABAC) model (referred as CV-ABAC-G) for smart cars ecosystem, where the model not only considers system wide attributes-based security policies but also takes into account the individual user privacy preferences for allowing or denying service notifications, alerts and operations to on-board resources. Further, we introduce a novel notion of groups in vehicular IoT, which are dynamically assigned to moving entities like connected cars, based on their current GPS coordinates, speed or other attributes, to ensure relevance of location and time sensitive notification services, to provide administrative benefits to manage large numbers of entities, and to enable attributes inheritance for fine-grained authorization policies. We present proof of concept implementation of our model in AWS cloud platform demonstrating real-world uses cases along with performance metrics.