Skip navigation

Privacy impact assessment of cyber attacks on connected and autonomous vehicles

Privacy impact assessment of cyber attacks on connected and autonomous vehicles

Panda, Sakshyam ORCID: 0000-0001-7274-0073 , Panaousis, Manos ORCID: 0000-0001-7306-4062 , Loukas, George ORCID: 0000-0003-3559-5182 and Kentrotis, Konstantinos (2023) Privacy impact assessment of cyber attacks on connected and autonomous vehicles. In: ARES 2023, the 18th International Conference on Availability, Reliability and Security. Proceedings. 29th August 2023 - 1st September 2023. Benevento, Italy. Association for Computing Machinery (ACM), New York, 93:1-93:9. ISBN 979-8400707728 (doi:https://doi.org/10.1145/3600160.3605073)

[img]
Preview
PDF (Author's Accepted Manuscript)
44374_PANAOUSIS_ Privacy_impact_assessment_of_cyber_attacks_on_connected_and_autonomous_vehicles_(AAM)_2023.pdf - Accepted Version

Download (1MB) | Preview
[img] PDF (Proceedings and Abstracts)
44374_PANAOUSIS_ Privacy_impact_assessment_of_cyber_attacks_on_connected_and_autonomous_vehicles_PROCEEDINGS.pdf - Other
Restricted to Repository staff only

Download (1MB) | Request a copy

Abstract

Connected and autonomous vehicles (CAVs) are vulnerable to security gaps that can result in serious consequences, including cyber-physical and privacy risks. For example, an attacker can reconstruct a vehicle’s location trajectory by knowing the speed and steering wheel position of the vehicle. Such inferences not only lead to safety issues but also significantly threaten privacy. This paper assesses the privacy impacts of cyber threats on vehicular networks. We augment the Privacy Risk Assessment Methodology (PRAM), proposed by the National Institute of Standards and Technology, with cyber threats, with cyber threats, which are, in practice, mapped to PRAM impact metrics. We demonstrate the practical application of the enhanced PRAM methodology through a use case that highlights attacks leading to privacy risks in CAVs. The consideration of cyber attacks for privacy risk assessment addresses a major gap in current practices, which is to integrate privacy risk into cyber risk management.

Item Type: Conference Proceedings
Title of Proceedings: ARES 2023, the 18th International Conference on Availability, Reliability and Security. Proceedings. 29th August 2023 - 1st September 2023. Benevento, Italy
Uncontrolled Keywords: security and privacy; human and societal aspects of security and privacy; applied computing; enterprise computing; general and reference; evaluation
Subjects: H Social Sciences > HD Industries. Land use. Labor > HD61 Risk Management
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty / School / Research Centre / Research Group: Faculty of Engineering & Science
Faculty of Engineering & Science > School of Computing & Mathematical Sciences (CMS)
Related URLs:
Last Modified: 17 Nov 2023 11:36
URI: http://gala.gre.ac.uk/id/eprint/44374

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics