Security Risks and Designs in the Connected Vehicle Ecosystem: In-Vehicle and Edge Platforms

IF 5.3 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Open Journal of Vehicular Technology Pub Date : 2024-12-30 DOI:10.1109/OJVT.2024.3524088

Marco De Vincenzi;John Moore;Bradley Smith;Sanjay E. Sarma;Ilaria Matteucci

{"title":"Security Risks and Designs in the Connected Vehicle Ecosystem: In-Vehicle and Edge Platforms","authors":"Marco De Vincenzi;John Moore;Bradley Smith;Sanjay E. Sarma;Ilaria Matteucci","doi":"10.1109/OJVT.2024.3524088","DOIUrl":null,"url":null,"abstract":"The evolution of Connected Vehicles (CVs) has introduced significant advancements in both in-vehicle and vehicle-edge platforms, creating a highly connected ecosystem. These advancements, however, have heightened exposure to cybersecurity risks. This work reviews emerging security challenges in the CV ecosystem from a new perspective, focusing on the integration of in-vehicle platforms such as the infotainment system and vehicle-edge platforms. By analyzing case studies such as Android Automotive, Message Queuing Telemetry Transport (MQTT), and the Robot Operating System (ROS), we identify the primary security threats, including malware attacks, data manipulation, and Denial of Service (DoS) attacks. The discussion extends to privacy concerns and the lack of trust-building mechanisms in CVs, highlighting how these gaps can be exploited. To mitigate these risks, we retrieve solutions drawn from the broader field of Internet of Things (IoT) security research, including Multi-Factor Authentication (MFA) and trust-based systems. The proposed framework aims to increase the trustworthiness of devices within the CV ecosystem. Finally, we identify future research directions in adaptive mechanisms and cross-domain security.","PeriodicalId":34270,"journal":{"name":"IEEE Open Journal of Vehicular Technology","volume":"6 ","pages":"442-454"},"PeriodicalIF":5.3000,"publicationDate":"2024-12-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10818588","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of Vehicular Technology","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/10818588/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

The evolution of Connected Vehicles (CVs) has introduced significant advancements in both in-vehicle and vehicle-edge platforms, creating a highly connected ecosystem. These advancements, however, have heightened exposure to cybersecurity risks. This work reviews emerging security challenges in the CV ecosystem from a new perspective, focusing on the integration of in-vehicle platforms such as the infotainment system and vehicle-edge platforms. By analyzing case studies such as Android Automotive, Message Queuing Telemetry Transport (MQTT), and the Robot Operating System (ROS), we identify the primary security threats, including malware attacks, data manipulation, and Denial of Service (DoS) attacks. The discussion extends to privacy concerns and the lack of trust-building mechanisms in CVs, highlighting how these gaps can be exploited. To mitigate these risks, we retrieve solutions drawn from the broader field of Internet of Things (IoT) security research, including Multi-Factor Authentication (MFA) and trust-based systems. The proposed framework aims to increase the trustworthiness of devices within the CV ecosystem. Finally, we identify future research directions in adaptive mechanisms and cross-domain security.

查看原文本刊更多论文

互联汽车生态系统中的安全风险和设计：车载和边缘平台

互联汽车（cv）的发展为车载和车载边缘平台带来了重大进步，创造了一个高度互联的生态系统。然而，这些进步也增加了网络安全风险。这项工作从一个新的角度审视了自动驾驶汽车生态系统中出现的安全挑战，重点关注车载平台（如信息娱乐系统和车辆边缘平台）的集成。通过分析Android Automotive、消息队列遥测传输（MQTT）和机器人操作系统（ROS）等案例研究，我们确定了主要的安全威胁，包括恶意软件攻击、数据操纵和拒绝服务（DoS）攻击。讨论扩展到隐私问题和简历中缺乏信任建立机制，突出了如何利用这些差距。为了降低这些风险，我们从更广泛的物联网（IoT）安全研究领域中检索解决方案，包括多因素身份验证（MFA）和基于信任的系统。提出的框架旨在提高CV生态系统中设备的可信度。最后，展望了自适应机制和跨域安全的研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊