There are several challenges and threats that may need to be addressed separately, however, it highlights the complexity of future mobility solutions. By just looking at the well-known demonstration where an artist pulled 99 Android phones in a cart to make Google maps think there is a traffic jam, highlights how far beyond we need to think [4].
A first step is to be able to categorise possible attacks towards mobility solutions around cars. Attacks been modelled and described in various research publications, e.g., [5,6]. In [6], for instance, the researchers perform a literature review and establish a taxonomy in which they categorise automotive attack mechanisms into eight main categories, namely engage in deceptive interactions, abuse existing functionality,manipulate system resources, inject unexpected items,employ probabilistic techniques, manipulate timing and state,collect and analyse information, and subvert access control. These categories are further broken down into sub-categories describing the attacks more detailed. For example, this taxonomy identifies manipulation of human behaviour, as a sub-group of engage in deceptive interactions and therefore, also finds a suitable category for the Google maps attack.
The next steps are complex, and many are still researched, as we need to address safety and security as well as the fact that such a system needs to be considered, evaluated, protected against, and prepared for malicious activities on several levels, ranging from a single vehicle, the connected vehicle, and the vehicle as part of mobility solutions and our society aiming to efficiently utilise and manage the transportation infrastructure. Modelling how such a systems of systems environment is affected by misuse and disinformation and how to deal with it is challenging and requires more research.
[1] Qafzezi E., Bylykbashi K., Ampririt P., Ikeda M., Matsuo K., and Barolli L. “A Survey on Advances in Vehicular Networks: Problems and Challenges of Architectures, Radio Technologies, Use Cases, Data Dissemination and Security”, Advanced Information Networking and Applications (AINA) 2022, https://link.springer.com/chapter/10.1007/978-3-030-99619-2_56
[2] Sterbenz, J.P.G., Hutchison, D., Çetinkaya, E.K. et al. Redundancy, diversity, and connectivity to achieve multilevel network resilience, survivability, and disruption tolerance invited paper. Telecommun Syst 56, 17–31 (2014). https://doi.org/10.1007/s11235-013-9816-9
[3] T. Rosenstatter, K. Strandberg, R. Jolak, R. Scandariato and T. Olovsson, “REMIND: A Framework for the Resilient Design of Automotive Systems,” 2020 IEEE Secure Development (SecDev), 2020, pp. 81-95, doi: 10.1109/SecDev45635.2020.00028.
[4] Alex Hern, “Berlin artist uses 99 phones to trick Google into traffic jam alert”, the Guardian, 2020, https://www.theguardian.com/technology/2020/feb/03/berlin-artist-uses-99-phones-trick-google-maps-traffic-jam-alert
[5] Limbasiya T., Teng K. Z., Chattopadhyay S., and Zhou J. “A Systematic Survey of Attack Detection and Prevention in Connected and Autonomous Vehicles” in arXiv:2203.14965, https://arxiv.org/abs/2203.14965
[6] Pekaric I., Sauerwein C., Haselwanter S., and Felderer M. “A taxonomy of attack mechanisms in the automotive domain” in Computer Standards & Interfaces, Volume 78, 2021, https://doi.org/10.1016/j.csi.2021.103539
Written by Thomas Rosenstatter