An automated consistency management approach for a privacy-aware electric vehicle architecture

Modern vehicles contain a number of highly connected embedded systems that generate, store, and process information and exchange it with their environment. Since a large part of this information is privacy-critical, privacy laws such as the GDPR of the European Union apply to it. In this work, we ev...

Full description

Saved in:
Bibliographic Details
Published in:Microprocessors and microsystems 2024-09, Vol.109, p.105074, Article 105074
Main Authors: Stancke, Jonathan, Plappert, Christian, Jäger, Lukas
Format: Article
Language:English
Subjects:
Automated consistency management
Automotive cybersecurity and privacy
Connected car
Device Identifier Composition Engine (DICE)
Electric vehicles
General Data Protection Regulation (GDPR)
Hardware Security Module (HSM)
ISO 15118
Threat mitigation
Trusted computing
Trusted Platform Module (TPM)
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Modern vehicles contain a number of highly connected embedded systems that generate, store, and process information and exchange it with their environment. Since a large part of this information is privacy-critical, privacy laws such as the GDPR of the European Union apply to it. In this work, we evaluate the privacy-criticality of exemplary data and data flows of the electric driving domain on a reference architecture. We categorize the ECUs of the architecture based on the criticality of the data they process and propose measures and technologies as building blocks that provide adequate privacy protection according to the requirements given by the GDPR. To ensure that all requirements are met by the reference architecture, we propose a more principled solution that simplifies the mapping between an architecture and the measures. For this purpose, we propose an architecture description template in JSON and an algorithm for automated consistency checks that outputs the measures and the security extension needed per Electronic Control Unit (ECU) to comply with derived privacy requirements.
ISSN:0141-9331
DOI:10.1016/j.micpro.2024.105074