Security Threats in Intelligent Transportation Systems and Their Risk Levels
Abstract
:1. Introduction
2. ETSI ITS-S Communication Architecture
- -
- A lower “access technologies” layer (ITS-S access technologies layer) allowing the integration of all existing and future access technologies, provided that each new access technology respects the rules of integration to the architecture (specified in ISO 21218). Today, vehicular WiFi (IEEE 802.11p, with ISO M5, ETSI ITS G5, IEEE P1609 variants), urban WiFi (IEEE 802.11n/b/g/ac), cellular (2G, 3G, 4G, etc.), satellite and 6LoWPAN sensor networks (IEEE 802.14) are already supported.
- -
- An ITS-S networking & transport layer allowing both localized communications (ISO FNTP, ETSI GeoNetworking, IPv6) for direct exchanges between vehicles and infrastructure (V2V, V2R) and remote communications (IPv6) with distant peers. GeoNetworking is designed to use vehicular WiFi only; however IPv6 allows transmission over any locally available technology (IPv6 transmission can also be done over an existing IPv4 access network when IPv6 is not deployed).
- -
- A "services" layer (ITS-S facilities layer) allowing applications to benefit from shared services, in particular standardized messaging, a database (LDM), datagram tagging services (time-stamping, geo-stamping), reliable positioning (fusion of data from several sources: GPS, roadside beacons, CAN bus, etc.). This layer also has the ability to direct datagrams to the most suitable communication stack according to the communication profile and the current capabilities of the ITS station.
- -
- An “applications” layer where all applications can benefit from the shared or communication services of the lower layers without being constrained. To benefit from these services, the applications must make their communication needs known by providing the management entity with the characteristics of each of the data flows likely to be transmitted by the application.
- -
- Two cross-layers: (1) A vertical (cross-layer) management entity, allowing management of the internal functionalities of the ITS-S (in particular the functionalities available in each layer) to determine which access technologies are available in a given place and at a given time, and to manage the data flows (ISO 24102-6) as best as possible. (2) A vertical entity (cross-layer) of security, allowing all layers to benefit from the mechanisms necessary to secure communications (encryption, authentication, etc.).
3. Risk Analysis Study
3.1. Risk Analysis Study in ITSs
3.1.1. TVRA Brief Description
3.1.2. Risk Analysis
3.1.3. Target of Evaluation (ToE)
- There is a passenger in the vehicle;
- Threats require between one day and one week to be identified and developed;
- Attackers are experts.
- In-vehicle communication between sensors, AU and OBU via Controller Area Network (CAN),
- Communication between two vehicles (V2V), and
- Communication between vehicle and adjacent RSU (V2I).
- A threat agent with programmable radio transmitters/receivers.
- A valid ITS-S (node of a system)
- ∘
- used as an attack proxy by a remote threat agent;
- ∘
- providing false or misleading information;
- ∘
- using programmable radio transmitters/receivers.
3.1.4. Security Objectives
- Availability: ITS entities and applications require a high level of availability for data and services, and require that at all times, authorized entities should never be denied access to requisite services.
- Authentication: Authentication ensures that entities involved in communication are correctly identified and authentic. Entity authorization is necessary for applications that need definition of the rights that an entity (vehicle or infrastructure) has.
- Integrity: Integrity ensures that exchanged information and data used inside the vehicle (sensor data, data used by software, etc...) are not modified.
- Confidentiality: Confidentiality consists of preventing sensitive information from reaching the wrong people.
- Privacy: Privacy is a crucial security concern because ITS systems share private information, including positional data, via wireless communications. The key to developing an ITS security solution is to consider policies that guarantee the protection of private data.
Threats in ITSs
3.1.5. Risk Analysis
4. Risk Determination
5. Countermeasures
6. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Ahmad, Farhan, Asma Adnane, and Virginia N. L. Franqueira. 2016. A systematic approach for cyber security in vehicular networks. Journal of Computational Chemistry 4: 38–62. [Google Scholar] [CrossRef] [Green Version]
- Al-Kahtani, Mohammed Saeed. 2012. Survey on security attacks in Vehicular Ad hoc Networks (VANETs). Paper presented at the 2012 6th International Conference on Signal Processing and Communication Systems, Gold Coast, QLD, Australia, December 12–14; pp. 1–9. [Google Scholar]
- Aneja, Mannat Jot Singh, Tarunpreet Bhatia, Gaurav Sharma, and Gulshan Shrivastava. 2018. Artificial Intelligence Based Intrusion Detection System to Detect Flooding Attack in VANETs. In Handbook of Research on Network Forensics and Analysis Techniques. Hershey: IGI Global. [Google Scholar] [CrossRef] [Green Version]
- Atanassov, Nikolay, and Md Minhaz Chowdhury. 2021. Mobile Device Threat: Malware. Paper presented at the 2021 IEEE International Conference on Electro Information Technology (EIT), Mt. Pleasant, MI, USA, May 14–15; pp. 007–013. [Google Scholar] [CrossRef]
- Baiad, Raghad, Hadi Otrok, Sami Muhaidat, and Jamal Bentahar. 2014. Cooperative cross layer detection for blackhole attack in vanet-olsr. Paper presented at the 2014 International Wireless Communications and Mobile Computing Conference (IWCMC), Nicosia, Cyprus, August 4–8; pp. 863–68. [Google Scholar]
- Boukerche, Azzedine, and Qi Zhang. 2019. Countermeasures against Worm Spreading: A New Challenge for Vehicular Networks. CM Computing Surveys 52: 1–25. [Google Scholar] [CrossRef]
- Baza, Mohamed, Mahmoud Nabil, Mohamed M. E. A. Mahmoud, Niclas Bewermeier, Kemal Fidan, Waleed Alasmary, and Mohamed Abdallah. 2022. Detecting Sybil Attacks Using Proofs of Work and Location in VANETs. IEEE Transactions on Dependable and Secure Computing 19: 39–53. [Google Scholar] [CrossRef]
- Chim, Tat Wing, Sm Yiu, Lucas C. K. Hui, and Victor O. K. Li. 2011. SPECS: Secure and privacy enhancing communications schemes for VANETs. Ad Hoc Networks 9: 189–203. [Google Scholar] [CrossRef] [Green Version]
- Daeinabi, Ameneh, and Akbar Ghaffarpour Rahbar. 2013. Detection of malicious vehicles (DMV) through monitoring in Vehicular Ad-Hoc Networks. Multimedia Tools and Applications 66: 325–38. [Google Scholar] [CrossRef]
- ETSI. 2003. ETSI: Telecommunications and Internet Protocol Harmonization Over Networks (TIPHON) Release 4; Protocol Framework Definition; Methods and Protocols for Security; Part 1: Threat Analysis. Technical Specification ETSI TS 102 165-1 V4.1.1. Sophia Antipolis: ETSI. [Google Scholar]
- ETSI. 2010. ETSI EN 302 665—Intelligent Transport Systems (ITS). Communication Architecture, v1.1.1. Sophia Antipolis: ETSI. [Google Scholar]
- ETSI. 2011. ETSI: Telecommunications and Internet Converged Services and Protocols for Advanced Networking (TISPAN); Methods and Protocols; Part 1: Method and Proforma for Threat, Risk, and Vulnerability Analysis. ETSI TS 102 165-1 V4.2.3. Sophia Antipolis: ETSI. [Google Scholar]
- Eziama, Elvin, Kemal Tepe, Ali Balador, Kenneth Sorle Nwizege, and Luz M. S. Jaimes. 2018. Malicious Node Detection in Vehicular Ad-Hoc Network Using Machine Learning and Deep Learning. Paper presented at the 2018 IEEE Globecom Workshops (GC Wkshps), Abu Dhabi, United Arab Emirates, December 9–13; pp. 1–6. [Google Scholar] [CrossRef]
- Galluccio, Laura, and Giacomo Morabito. 2019. Impact of worm propagation on vehicular sensor networks exploiting V2V communications. Paper presented at the 2019 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), Barcelona, Spain, October 21–23; pp. 1–6. [Google Scholar] [CrossRef]
- Gu, Pengwenlong, Rida Khatoun, Youcef Begriche, and Ahmed Serhrouchni. 2017. Support Vector Machine (SVM) Based Sybil Attack Detection in Vehicular Networks. Paper presented at the 2017 IEEE Wireless Communications and Networking Conference (WCNC), San Francisco, CA, USA, March 19–22; pp. 1–6. [Google Scholar]
- Hortelano, Jorge, Juan Carlos Ruiz, and Pietro Manzoni. 2010. Evaluating the usefulness of watchdogs for intrusion detection in VANETs. Paper presented at the 2010 IEEE International Conference on Communications Workshops, Cape Town, South Africa, May 23–27; pp. 1–5. [Google Scholar]
- Hsiao, Hsu-Chun, Ahren Studer, Chen Chen, Adrian Perrig, Fan Bai, Bhargav Bellur, and Aravind Iyer. 2011. Flooding-resilient broadcast authentication for vanets. Paper presented at the 17th Annual International Conference on Mobile Computing and Networking, Las Vegas, NV, USA, September 19–23; pp. 193–204. [Google Scholar]
- Hu, Yih-Chun, Adrian Perrig, and David B. Johnson. 2006. Wormhole attacks in wireless networks. IEEE Journal on Selected Areas in Communications 24: 370–80. [Google Scholar]
- IEEE. 2010. IEEE Standard for Wireless Access in Vehicular Environments (WAVE)-Networking Services. IEEE Std 1609. Piscataway: IEEE. [Google Scholar]
- Inedjaren, Youssef, Mohamed Maachaoui, Besma Zeddini, and Jean-Pierre Barbot. 2021. Blockchain-based distributed management system for trust in VANET. Vehicular Communications 30: 100350. [Google Scholar] [CrossRef]
- Kerrache, Chaker Abdelaziz, Nasreddine Lagraa, Carlos T. Calafate, and Abderrahmane Lakas. 2017. TFDD: A trust-based framework for reliable data delivery and DoS defense in VANETs. Vehicular Communications 9: 254–67. [Google Scholar] [CrossRef] [Green Version]
- Kumar, Ankit, and Madhavi Sinha. 2019. Design and analysis of an improved AODV protocol for black hole and flooding attack in vehicular ad-hoc network (VANET). Journal of Discrete Mathematical Sciences and Cryptography 22: 453–63. [Google Scholar] [CrossRef]
- Kumar, Ankit, Vijayakumar Varadarajan, Abhishek Kumar, Pankaj Dadheech, Surendra Singh Choudhary, V. D. Ambeth Kumar, B. K. Panigrahi, and Kalyana C. Veluvolu. 2021. Black hole attack detection in vehicular ad-hoc network using secure AODV routing algorithm. Microprocessors and Microsystems 80: 103352. [Google Scholar] [CrossRef]
- Le, Duc T., Khanh Q. Dang, Quyen L.T. Nguyen, Soha Alhelaly, and Ammar Muthanna. 2021. A Behavior-Based Malware Spreading Model for Vehicle-to-Vehicle Communications in VANET Networks. Electronics 10: 2403. [Google Scholar] [CrossRef]
- Lee, ByungKwan, EunHee Jeong, and Ina Jung. 2013. A DTSA (detection technique against a sybil attack) protocol using SKC (session key based certificate) on VANET. International Journal of Security and Its Applications 7: 1–10. [Google Scholar]
- Leinmüller, Tim, Christian Maihöfer, Elmar Schoch, and Frank Kargl. 2006. Improved security in geographic ad hoc routing through autonomous position verification. Paper presented at the 3rd International Workshop on Vehicular Ad Hoc Networks, Los Angeles, CA, USA, September 29; pp. 57–66. [Google Scholar]
- Liu, Bo, Wanlei Zhou, Longxiang Gao, HaiBo Zhou, Tom H. Luan, and Sheng Wen. 2018. Malware Propagations in Wireless Ad Hoc Networks. IEEE Transactions on Dependable and Secure Computing 5: 1016–26. [Google Scholar] [CrossRef]
- Mahmood, Adnan, Wei Zhang, Quan Z. Sheng, Sarah Ali Siddiqui, and Abdulwahab Aljubairy. 2019. Trust Management for Software-Defined Heterogeneous Vehicular Ad Hoc Networks. In Security, Privacy and Trust in the IoT Environment. Berlin: Springer. [Google Scholar]
- Manish Kumar, Vanita Jain, Achin Jain, Uttam Singh Bisht, and Neha Gupta. 2019. Evaluation of black hole attack with avoidance scheme using AODV protocol in VANET. Journal of Discrete Mathematical Sciences and Cryptography 22: 277–91. [Google Scholar] [CrossRef]
- Memon, Imran, Ling Chen, Qasim Ali Arain, Hina Memon, and Gencai Chen. 2018. Pseudonym changing strategy with multiple mix zones for trajectory privacy protection in road networks. International Journal of Communication Systems 31: e3437. [Google Scholar] [CrossRef]
- Moalla, Rim, Houda Labiod, Brigitte Lonc, and Noemie Simoni. 2012. Risk analysis study of ITS communication architecture. Paper presented at the 2012 Third International Conference on The Network of the Future (NOF), Tunis, Tunisia, November 21–23; pp. 1–5. [Google Scholar] [CrossRef]
- Mokdad, Lynda, Jalel Ben-Othman, and Anh Tuan Nguyen. 2015. DJAVAN: Detecting jamming attacks in Vehicle Ad hoc Networks. Performance Evaluation 87: 47–59. [Google Scholar] [CrossRef]
- Montgomery, Paul Y. 2011. Receiver-autonomous spoofing detection: Experimental results of a multi-antenna receiver defense against a portable civil GPS spoofer. In Radionavigation Laboratory Conference Proceedings. Austin: The University of Texas at Austin. [Google Scholar]
- Nguyen, Anh Tuan, Lynda Mokdad, and Jalel Ben Othman. 2013. Solution of detecting jamming attacks in vehicle ad hoc networks. Paper presented at the 16th ACM International Conference on Modeling, Analysis & Simulation of Wireless and Mobile Systems, Barcelona, Spain, November 3–8; pp. 405–10. [Google Scholar]
- Rafiq, Gulzaib, Batool Talha, Matthias Patzold, Jose Gato Luis, Gianluca Ripa, Iacopo Carreras, Cristina Coviello, Stefano Marzorati, Gonzalo Perez Rodriguez, German Herrero, and et al. 2013. What? s new in intelligent transportation systems?: An overview of european projects and initiatives. IEEE Vehicular Technology Magazine 8: 45–69. [Google Scholar] [CrossRef]
- Raghav1, R. S., R. Danu, A. Ramalingam, and G. K. Kumar. 2013. Detection of Node Impersonation for Emergency Vehicles in VANET. International Journal of Engineering Research & Technology (IJERT) 2: 3383–89. [Google Scholar]
- Rahbari, Mina, and Mohammad Ali Jabreil Jamali. 2011. Efficient detection of sybil attack based on cryptography in VANET. arXiv arXiv:1112.2257. [Google Scholar] [CrossRef]
- Raya, Maxim, Panos Papadimitratos, and Jean-Pierre Hubaux. 2006. Securing vehicular communications. IEEE Wireless Communications 13: 8–15. [Google Scholar] [CrossRef] [Green Version]
- Reddy, D. Srinivas, V. Bapuji, A. Govardhan, and S. S. V. N. Sarma. 2017. Sybil attack detection technique using session key certificate in vehicular ad hoc networks. Paper presented at the 2017 International Conference on Algorithms, Methodology, Models and Applications in Emerging Technologies (ICAMMAET), Chennai, India, February 16–18; pp. 1–5. [Google Scholar] [CrossRef]
- Safi, Seyed Mohammad, Ali Movaghar, and Misagh Mohammadizadeh. 2009. A novel approach for avoiding wormhole attacks in VANET. Paper presented at the 2009 Second International Workshop on Computer Science and Engineering, Qingdao, China, October 28–30; vol. 2, pp. 160–65. [Google Scholar]
- Savekar, Mrugnayana S., and Sandeep A. Thorat. 2020. Identifying Impersonation Attack in VANET using KNN and SVM Approach. International Journal of Future Generation Communication and Networking 13: 1266–74. [Google Scholar]
- Sharma, Prinkle, Hong Liu, Honggang Wang, and Shelley Zhang. 2017. Securing wireless communications of connected vehicles with artificial intelligence. Paper presented at the 2017 IEEE International Symposium on Technologies for Homeland Security (HST), Waltham, MA, USA, April 25–26; pp. 1–7. [Google Scholar]
- Song, Joo-Han, Vincent W. S. Wong, and Victor C. M. Leung. 2008. Secure location verification for vehicular ad-hoc networks. Paper presented at the IEEE GLOBECOM 2008-2008 IEEE Global Telecommunications Conference, New Orleans, LA, USA, November 30–December 4; pp. 1–5. [Google Scholar]
- Stępień, Krzysztof, and Aneta Poniszewska-Marańda. 2021. Security Measures with Enhanced Behavior Processing and Footprint Algorithm against Sybil and Bogus Attacks in Vehicular Ad Hoc Network. Sensors 21: 3538. [Google Scholar] [CrossRef] [PubMed]
- TamilSelvan, Komathy Subramanian, and Rajeswari Rajendiran. 2013. A holistic protocol for secure data transmission in VANET. International Journal of Advanced Research in Computer and Communication Engineering 2: 4840–46. [Google Scholar]
- Tobin, John, Christina Thorpe, and Liam Murphy. 2017. An Approach to Mitigate Black Hole Attacks on Vehicular Wireless Networks. Paper presented at the 2017 IEEE 85th Vehicular Technology Conference (VTC Spring), Sydney, NSW, Australia, June 4–7; pp. 1–7. [Google Scholar] [CrossRef]
- Tu, Shanshan, Muhammad Waqas, Sadaqat Ur Rehman, Talha Mir, Ghulam Abbas, Ziaul Haq Abbas, Zahid Halim, and Iftekhar Ahmad. 2021. Reinforcement Learning Assisted Impersonation Attack Detection in Device-to-Device Communications. IEEE Transactions on Vehicular Technology 70: 1474–79. [Google Scholar] [CrossRef]
- U.S. Department of Transportation. 2017. National ITS Architecture V8.0. Available online: http://local.iteris.com/arc-it/ (accessed on 20 February 2022).
- Verma, Karan, and Halabi Hasbullah. 2015. Bloom-filter based IP-CHOCK detection scheme for denial of service attacks in VANET. Security and Communication Networks 8: 864–78. [Google Scholar] [CrossRef]
- Verma, Karan, Halabi Hasbullah, and Ashok Kumar. 2013. Prevention of DoS attacks in VANET. Wireless personal communications 73: 95–126. [Google Scholar] [CrossRef]
- Wahab, Omar Abdel, Hadi Otrok, and Azzam Mourad. 2014. A dempster–shafer based tit-for-tat strategy to regulate the cooperation in vanet using qos-olsr protocol. Wireless Personal Communications 75: 1635–67. [Google Scholar] [CrossRef]
- Wei, Lei, Hongmao Qin, Yunpeng Wang, Zhao Zhang, and Guizhen Yu. 2018. Virus-traffic coupled dynamic model for virus propagation in vehicle-to-vehicle communication networks. Vehicular Communications 14: 26–38. [Google Scholar] [CrossRef]
- Yang, Ming, Shuang Wei, Rongwang Jiang, Faizan Ali, and Boxiong Yang. 2021. Single-message-based cooperative authentication scheme for intelligent transportation systems. Computers & Electrical Engineering 96: 107390. [Google Scholar] [CrossRef]
- Yao, Xuanxia, Xinlei Zhang, Huansheng Ning, and Pengjian Li. 2017. Using trust model to ensure reliable data acquisition in VANETs. Ad Hoc Networks 55: 107–18. [Google Scholar] [CrossRef]
- Zhong, Hong, Shunshun Han, Jie Cui, Jing Zhang, and Yan Xu. 2019. Privacy-preserving authentication scheme with full aggregation in VANET. Information Sciences 476: 211–21. [Google Scholar] [CrossRef]
- Zhou, Man, Lansheng Han, Hongwei Lu, and Cai Fu. 2020. Distributed collaborative intrusion detection system for vehicular Ad Hoc networks based on invariant. Computer Networks 172: 107174. [Google Scholar] [CrossRef]
Attack | Asset | Vulnerability | Threat | Solution | Violated Security Requirement |
---|---|---|---|---|---|
Sybil Attack | Infrastructure communication | Flaws in the routing table and unencrypted messages | Data leakage on back-end channel | Verification of the position of neighboring nodes (Leinmüller et al. 2006), VANET PKI (Raya et al. 2006) | Authentication/ Availability |
User privacy disclosure | Vehicle user | Vulnerabilities of OBU; unsecured wireless communication | Revelation of user identity | Holistic approach to data transmission (TamilSelvan and Rajendiran 2013) | Privacy/ Authentication |
Eavesdropping | Information | Nature of message delivery via a wireless communication channel | Revelation of sensitive information and private user IDs | Strong encryption of messages for user communication | Privacy/ Authentication |
Impersonation attack | Information | Unsecured wireless communication channel | Message changes Message modifications | Use variable MAC and IP addresses for V2V and V2I communications (Al-Kahtani 2012), Authenticate via digital certificates (Al-Kahtani 2012) | Authentication |
Spoofing attack | Information | Vulnerable wireless communication channel | Manipulation and abandonment of messages | Multi-antenna system with known motions (Montgomery 2011); secure verification in the region (Song et al. 2008) | Authentication |
Sensor impersonation | Vehicle | Defects of vehicle equipments | Disclosure of sensitive information | SPECS (Chim et al. 2011) | Authentication |
Wormhole attack | Infrastructure communication | Unencrypted back-end communication channel | Delete messages | Packet leash (Hu et al. 2006); HEAP (Safi et al. 2009) | Confidentiality/ Authentication |
Attack | Asset | Vulnerability | Threat | Solution | Violated Security Requirement |
---|---|---|---|---|---|
Jamming attacks at vehicle level | Vehicle | OBU vulnerabilities | Unauthorized manipulation of the routing table | Frequency hopping; multiple radio transceivers | Availability |
Jamming attacks | Information | Vulnerabilities of OBU; unsecured wireless communication channel | Prevents vehicles from receiving sensitive information and using network services | Assign IP addresses to the vehicles and delete duplicate IP addresses when forwarding the message (Nguyen et al. 2013); DJAVAN (Mokdad et al. 2015) | Availability |
Malware integration | Vehicle/vehicle user | Software fault (weak message propagation algorithm) | Leakage of sensitive private information | Update the antivirus; sandbox approach (Hortelano et al. 2010) | Availability/ authentication |
MITM attacks | Information | Unencrypted messages; unsecured wireless communication channel | Editing message with incorrect information and compromised messages | Strong cryptographic techniques (Daeinabi and Rahbar 2013) | Availability |
MITM attacks between RSU and cental entity | Infrastructure communication | Hardware malfunction; software defects; unencrypted communication channel | Modifications of messages transmitted to other vehicles via RSU and the central entity | Strong cryptographic techniques (Wahab et al. 2014) | Availability |
JellyFish/ intelligent cheater | Information | Vulnerabilities of end-to-end congestion control protocols | Disorder, delay or periodically drop packets that are supposed to be transmitted | End-to-end control mechanisms with long-term monitoring | Availability |
Flooding attacks | Vehicle/ infrastructure | Unsecured wireless communication channel | Network resources are no longer available to legitimate users | Flood-resilient broadcast authentication for VANET (Baiad et al. 2014) | Availability |
Blackhole attack | Information | Unsecure communication protocols | Prevents vehicles and infrastructure from receiving important messages and alerts | Watchdog mechanism (Yao et al. 2017), Trust model based on weights (Hsiao et al. 2011) | Availability |
Threat Group | Attack | Impact | Risk | ||||
---|---|---|---|---|---|---|---|
Factor | Range | Value | Potential | Likelihood | |||
Sybil attack | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Restricted | 3 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | High intensity | 2 | |||||
Eavesdropping | Time | ≤1 week | 1 | Moderate | Possible | Medium | Major |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | Medium (interested) | 3 | |||||
Asset impact | Medium | 2 | |||||
Intensity | Single instance | 0 | |||||
Impersonation attack | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Restricted | 3 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | Moderate intensity | 1 | |||||
User Privacy Disclosure | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | Single instance | 2 | |||||
Spoofing Attack | Time | ≤1 week | 1 | High | Unlikely | Medium | Minor |
Expertise | Expert | 6 | |||||
Knowledge | Sensitive | 7 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | Medium (interested) | 3 | |||||
Asset impact | Medium | 2 | |||||
Intensity | Single instance | 0 | |||||
Malware Integration | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Sensitive | 7 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Standard | 0 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | Single instance | 0 | |||||
Jamming Attacks | Time | ≤1 week | 1 | Moderate | Possible | Medium | Major |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Bespoke | 7 | |||||
Motivation | Medium (interested) | 3 | |||||
Asset impact | Medium | 2 | |||||
Intensity | Single instance | 0 | |||||
Blackhole Attack | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | Single instance | 0 | |||||
Flooding Attack | Time | ≤1 week | 1 | Moderate | Possible | High | Critical |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | High (commited) | 3 | |||||
Asset impact | High | 3 | |||||
Intensity | Moderate intensity | 1 | |||||
MITM | Time | ≤1 week | 1 | Moderate | Possible | Medium | Major |
Expertise | Expert | 6 | |||||
Knowledge | Public | 0 | |||||
Opportunity | Moderate | 4 | |||||
Equipment | Specialized | 3 | |||||
Motivation | Medium (interested) | 3 | |||||
Asset impact | Medium | 2 | |||||
Intensity | Single instance | 0 |
Very low (indifferent) | 0 |
Low (curious) | 1 |
Medium (interested) | 2 |
High (commited) | 3 |
Very High (focused) | 4 |
Needed Capabilities | Motivation | ||
---|---|---|---|
Low (1) | Moderate (2) | High (4) | |
No rating (4) | Possible | Possible | Likely |
Basic (3) | Unlikely | Possible | Likely |
Moderate (2) | Unlikely | Possible | Possible |
Extensive (1) | Unlikely | Unlikely | Possible |
Factor | Range | Value |
---|---|---|
Time | ≤1 week | 1 |
≤2 week | 2 | |
≤1 month | 4 | |
≤2 months | 7 | |
≤3 months | 10 | |
≤5 months | 15 | |
≤6 months | 17 | |
≥6 months | 19 | |
Expertise | Laymen | 0 |
Proficient | 3 | |
Expert | 6 | |
Multiple experts | 8 | |
Knowledge | Public | 0 |
Restricted | 3 | |
Sensitive | 7 | |
Critical | 11 | |
Opportunity | Unnecessary/unlimited access | 0 |
Easy | 1 | |
Moderate | 4 | |
Difficult | 10 | |
None | 999 | |
Equipment | Standard | 0 |
Specialized | 4 | |
Bespoke | 7 | |
Multiple bespoke | 9 |
Impact | Explanation | Value |
---|---|---|
Low | The concerned party is not harmed very strongly; the possible damage is low | 1 |
Medium | The threat addresses the interests of providers/subscribers and cannot be neglected | 2 |
High | A basis of business is threatened and severe damage might occur in this context | 3 |
Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. |
© 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Zeddini, B.; Maachaoui, M.; Inedjaren, Y. Security Threats in Intelligent Transportation Systems and Their Risk Levels. Risks 2022, 10, 91. https://doi.org/10.3390/risks10050091
Zeddini B, Maachaoui M, Inedjaren Y. Security Threats in Intelligent Transportation Systems and Their Risk Levels. Risks. 2022; 10(5):91. https://doi.org/10.3390/risks10050091
Chicago/Turabian StyleZeddini, Besma, Mohamed Maachaoui, and Youssef Inedjaren. 2022. "Security Threats in Intelligent Transportation Systems and Their Risk Levels" Risks 10, no. 5: 91. https://doi.org/10.3390/risks10050091
APA StyleZeddini, B., Maachaoui, M., & Inedjaren, Y. (2022). Security Threats in Intelligent Transportation Systems and Their Risk Levels. Risks, 10(5), 91. https://doi.org/10.3390/risks10050091