A Framework for Assessing the Security of the Connected Car Infrastructure

Paper in proceeding, 2011

In this paper, a framework for assessing the security of the connected car infrastructure is presented. The framework includes a model of the infrastructure and a security assessment tree. The model consists of a managed infrastructure and the vehicle communication. The managed infrastructure is further divided into five parts; automotive company applications’ centre, third party applications’ centre, trusted network, untrusted network, and the Internet backbone. The model clarifies the different communication possibilities between the managed infrastructure and the vehicle. Furthermore, the assessment tree defines four categories that need to be addressed in securing vehicular services; the actors, Vehicle–to–X communication technologies, network paths, and the dependability and security attributes. Moreover, we demonstrate the benefit of the framework by means of two scenarios. In this way, the communication in these scenarios are mapped to the model, which makes it possible to analyse the security issues for the scenarios according to the assessment tree. The intention with such an analysis is to identify possible weaknesses of services in the connected car.