Security Threats in Intelligent Transportation Systems and Their Risk Levels

Zeddini, Besma; Morsey, Mohamed; Inedjaren, Youssef

doi:10.3390/risks10050091

Cited by 12 publications

(8 citation statements)

References 44 publications

(31 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Zeddini et al [53] proposed a qualitative risk analysis of Intelligent Transport Systems based on the ETSI-TVRA [35] methodology. According to the ETSI Intelligent Transport Systems-Station (ITS-S) Communication Architecture, first the system is modelled focusing on its assets and then weaknesses are identified for each one.…”

Section: Ebios Risk Managermentioning

confidence: 99%

“…Finally, ITSRM 2 is too strict in the process of computing the residual risk, narrowing down its flexibility. The work proposed by Zeddini et al [53] is noteworthy, producing an extensive list of attacks, the vulnerabilities that cause them, the threats they pose on each asset and proposed countermeasures, all within the scope of ITSs, based on the ETSI-TVRA methodology. However it appears to be a mostly manual process and a theoretical approach.…”

Section: Comparative Analysismentioning

confidence: 99%

“…Many risk analysis and threat modelling methodologies exist from academic [17,22,37,39,42,44,46,50,53], corporate [7,38,49] and national organizations [3,15,19,24,34] perspectives. Regarding the limitations of existing risk analysis and threat modelling approaches, several of them are too technical [49,53] and thus require deep knowledge in order to be applied, while others are too generic [7,34] and provide non-insightful but high-level results. Also, some of them are very well-documented [19,24,49], while others are mainly targeted to non-English speaking users [3,15].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems

Lyvas

Μαλιάτσος

Menegatos

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Recent technological advances allow us to design and implement sophisticated infrastructures to assist users' everyday life; technological paradigms such as Intelligent Transportation Systems (ITS) and Multi-modal Transport are excellent instances of those cases. Therefore, a systematic risk evaluation process in conjunction with proper threat identification are essential for environments like those mentioned above as they involve human safety. Threat modelling is the process of identifying and understanding threats while risk analysis is the process of identifying and analyzing potential risks. This research initially focuses on the most widely-used threat modelling and risk analysis approaches and reviewing their characteristics. Then, it presents a service-oriented dynamic risk analysis approach that focuses on Cyber-Physical Systems (CPS) by adopting threat modelling characteristics and by blending other methods and well-established sources to achieve automation in several stages. Finally, it provides the qualitative features of the proposed method and other related threat modelling and risk analysis approaches with a discussion regarding their similarities, differences, advantages and drawbacks.

show abstract

Section: Ebios Risk Managermentioning

confidence: 99%

Section: Comparative Analysismentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems

Lyvas

Μαλιάτσος

Menegatos

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Programmers tend to make mistakes or build on other programmers' mistakes due to a lack of time, awareness, and dependence on old code [2]. It has been reported and exploited that there are numerous types of software vulnerabilities, including SQL injection, Cross-site scripting, Buffer overflow, Race condition, Integer overflow, OS command injection, missing authentication, and path traversal [3]. Even the slightest vulnerability in software can lead to financial, intellectual, or data loss.…”

Section: Introductionmentioning

confidence: 99%

An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

et al. 2022

View full text Add to dashboard Cite

Buffer Overflow (BOF) has been a ubiquitous security vulnerability for more than three decades, potentially compromising any software application or system. This vulnerability occurs primarily when someone attempts to write more bytes of data (shellcode) than a buffer can handle. To date, this primitive attack has been used to attack many different software systems, resulting in numerous buffer overflows. The most common type of buffer overflow is the stack overflow vulnerability, through which an adversary can gain admin privileges remotely, which can then be used to execute shellcode. Numerous mitigation techniques have been developed and deployed to reduce the likelihood of BOF attacks, but attackers still manage to bypass these techniques. A variety of mitigation techniques have been proposed and implemented on the hardware, operating system, and compiler levels. These techniques include No-EXecute (NX) and Address Space Layout Randomization (ASLR). The NX bit prevents the execution of malicious code by making various portions of the address space of a process inoperable. The ASLR algorithm randomly assigns addresses to various parts of the logical address space of a process as it is loaded in memory for execution. Position Independent Executable (PIE) and ASLR provide more robust protection by randomly generating binary segments. Read-only relocation (RELRO) protects the Global Offset Table (GOT) from overwriting attacks. StackGuard protects the stack by placing the canary before the return address in order to prevent stack smashing attacks. Despite all the mitigation techniques in place, hackers continue to be successful in bypassing them, making buffer overflow a persistent vulnerability. The current work aims to describe the stack-based buffer overflow vulnerability and review in detail the mitigation techniques reported in the literature as well as how hackers attempt to bypass them.

show abstract

“…Due to the wide proliferation of the automotive industry, the smart transportation system has emerged as a significant part of the smart city concept to introduce luxury and safety services to a variety of citizens through establishing fast secured connections between mobile nodes on the road and the intelligent city infrastructure [1], [2]. One of the advanced technologies that has emerged with smart cities to improve the effectiveness of transportation networks is the vehicular adhoc network (VANET).…”

Section: Introductionmentioning

confidence: 99%

An Efficient Authentication Protocol Based on Chebyshev Chaotic Map for Intelligent Transportation

Abdal-Ghafour

nasr²,

Abdelfatah

2022

Journal of Engineering Research

View full text Add to dashboard Cite

For meeting the demands of safety, traffic management, and high mobility, vehicular adhoc network (VANET) has become a promising component for smart transportation systems. However, the wireless environment of vehicular network leads to various challenges in the communication security. Hence, several authentication schemes have previously been proposed to address VANET security issues but their procedures disregard the balance between effectiveness and security. Thus, this paper presents a new decentralized authentication protocol that relies on lightweight functions such as the Chebyshev chaotic map and logical shift operator to achieve the high mobility requirement. In order to reduce the number of messages transferred over the network, this protocol attempts to eliminate any redundant authentication steps during its authentication stage. Additionally, the new protocol solves key management problems by applying a little modification to the public key infrastructure to ignore certificates transmission over the network. The proposed design incorporates the self-authentication concept to safeguard the vehicle trip route on the road. Moreover, the performance evaluation is conducted to verify that the proposed protocol outperforms the most related scheme in terms of security and efficiency aspects. Finally, the Scyther simulation validates the security robustness of the new protocol.

show abstract

Security Threats in Intelligent Transportation Systems and Their Risk Levels

Cited by 12 publications

References 44 publications

A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems

A Hybrid Dynamic Risk Analysis Methodology for Cyber-Physical Systems

An In-Depth Survey of Bypassing Buffer Overflow Mitigation Techniques

An Efficient Authentication Protocol Based on Chebyshev Chaotic Map for Intelligent Transportation

Contact Info

Product

Resources

About