STRIDE-Based Cybersecurity Threat Modeling, Risk Assessment and Treatment of an In-Vehicle Infotainment System

In modern automobiles, the infotainment system is crucial for enhancing driver and passenger capabilities, offering advanced features such as music, navigation, communication, and entertainment. Leveraging Wi-Fi, cellular networks, NFC, and Bluetooth, the system ensures continuous internet connectiv...

Full description

Saved in:
Bibliographic Details
Published in:Vehicles 2024-09, Vol.6 (3), p.1140-1163
Main Authors: Das, Popy, Asif, Md. Rashid Al, Jahan, Sohely, Ahmed, Kawsar, Bui, Francis M., Khondoker, Rahamatullah
Format: Article
Language:English
Subjects:
Cellular communication
Connectivity
Cybersecurity
infotainment
Interactive computer systems
Interfaces
Internet access
Multimedia
Research methodology
Risk assessment
Security systems
Smartphones
Streaming media
Threat evaluation
threat mitigation
threat modeling
Threat models
Threats
Vehicles
Wireless access points
Wireless communications
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:In modern automobiles, the infotainment system is crucial for enhancing driver and passenger capabilities, offering advanced features such as music, navigation, communication, and entertainment. Leveraging Wi-Fi, cellular networks, NFC, and Bluetooth, the system ensures continuous internet connectivity, providing seamless access to information. However, the increasing complexity of IT connectivity in vehicles raises significant cybersecurity concerns, including potential data breaches and exposure of sensitive information. To enhance security in infotainment systems, this study applied component-level threat modeling to a proposed infotainment system using the Microsoft STRIDE model. This approach illustrates potential component-level security issues impacting privacy and security concerns. The study also assessed these impacts using SAHARA and DREAD risk assessment methodologies. The threat modeling process identified 34 potential security threats, each accompanied by detailed information. Moreover, a comparative analysis is performed to compute risk values for prioritizing treatment, followed by recommending mitigation strategies for each identified threat. These identified threats and associated risks require careful consideration to prevent potential cyberattacks before deploying the infotainment system in automotive vehicles.
ISSN:2624-8921
2624-8921
DOI:10.3390/vehicles6030054