A Security Risk Assessment Framework for Smart Car

Kong, Hee-Kyung; Kim, Taesung; Hong, Myoung-Ki

doi:10.1109/imis.2016.42

Cited by 12 publications

(10 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, a study 36 conducted on such methods highlighted the limitations of using existing risk assessment techniques and mitigation strategies as there exists a distinct difference between IT security and CPS security, and these risk assessment methods are not specifically designed for CPS security. From the perspective of CPS, the lack of security testing technology, lack of risk assessment systems, and the lack of behavior audit along with the use of malicious code to gain unauthorized access are the main causes of CPS (e.g., the ICS, 28 unmanned drones, 49 medical monitoring systems, 50 autonomous automotive systems, 51 and distributed robotics 52 ) being vulnerable to cyber attacks which in turn are a major strategic issue for the national economy and the livelihood of the people 28 …”

Section: Related Workmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber‐attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state‐of‐the‐art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model‐based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber‐security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber‐attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.

show abstract

Section: Related Workmentioning

confidence: 99%

Security risks in cyber physical systems—A systematic mapping study

Zahid

Inayat

Daneva

et al. 2021

J Software Evolu Process

View full text Add to dashboard Cite

show abstract

“…Based on the highest threat probability, the vehicle can predict the possible attack scenario and protect itself from the attack. Another risk assessment framework has been proposed in [27]. The proposed security risk assessment framework is based on a conventional security analysis model and attack tree.…”

Section: Risk In Vanetsmentioning

confidence: 99%

RTEAM: Risk-Based Trust Evaluation Advanced Model for VANETs

2021

View full text Add to dashboard Cite

In Vehicular ad hoc networks (VANETs), vehicles share and exchange information regarding road safety and traffic conditions. Thus, trust is established among vehicles to ensure the integrality and reliability of the received reports. Ensuring the security of VANETs is the key to enhance road safety, and for this purpose, several trust establishing, evaluation, and management models have been proposed. When a vehicle receives conflicting reports about an event such as a car accident from its neighboring vehicles, the receiving vehicle must decide which report has to follow. Therefore, the vehicle takes advantage of the available data about the report's sender. Then, the vehicle takes the right action. To this end, we propose a Risk-based Trust Evaluation Advanced Model (RTEAM) based on Multifaceted Trust and Hop-based trust to take action. The proposed model provides a decision-making process according to the risk estimation for each required action of both reports (i.e., reports that deny or confirm the event). The risk is estimated according to the likelihood of taking an incorrect action and its associated impact. Finally, a decision is made corresponding to the action with the lowest risk. The experimental results show that the proposed model shows that the risk-based trust model outperforms a purely trust-based model in terms of undefined cases and true positive rates.

show abstract

“…After determining the values for vehicle context, driver's attitude and sensitivity level of the application, risk is measured according to Equation (3). In this equation, w 1 to w 6 are the weight values of the six factors used in vehicle context determination.…”

Section: Lanementioning

confidence: 99%

“…In practice, not all vehicles are trustworthy [1,2]. A faulty, malicious, or compromised (hacked) [3] vehicle may forward or share fake and inaccurate information, which may cause undesirable things, such as, automobile fatalities and traffic congestion. Therefore, it is highly recommended to evaluate risk before a vehicle takes any decision based on the received information from the surrounding vehicles.…”

Section: Introductionmentioning

confidence: 99%

Risk-Based Decision Methods for Vehicular Networks

Shaikh

Thayananthan

2019

Electronics

View full text Add to dashboard Cite

Vehicular networks play a key role in building intelligent transport systems for smart cities. For the purpose of achieving traffic efficiency, road safety, and traveler comfort, vehicles communicate and collaborate with each other as well as with the fixed infrastructure. In practice, not all vehicles are trustworthy. A faulty or malicious vehicle may forward or share inaccurate or bogus information, which may cause adverse things, such as, road accidents and traffic congestion. Therefore, it is very important to evaluate risk before a vehicle takes any decision. Various risk-based decision systems have already been proposed in the literature. The fuzzy risk-based decision model of vehicular networks is one of them. In this paper, we have proposed various extensions in the fuzzy risk-based decision model to achieve higher robustness, reliability, and completeness. We have presented the theoretical and simulation-based analysis and evaluation of the proposed scheme in a comprehensive manner. In addition, we have analytically cross verified the theoretical and simulation-based results. Qualitative comparison of the proposed scheme has also been presented in this work.

show abstract

A Security Risk Assessment Framework for Smart Car

Cited by 12 publications

References 8 publications

Security risks in cyber physical systems—A systematic mapping study

Security risks in cyber physical systems—A systematic mapping study

RTEAM: Risk-Based Trust Evaluation Advanced Model for VANETs

Risk-Based Decision Methods for Vehicular Networks

Contact Info

Product

Resources

About