智能网联汽车Wi-Fi隐私泄露风险研究

杨波; 钟永超; 杨浩男; 徐紫枫; 李晓琦; 张玉清

doi:10.19665/j.issn1001-2400.2023.04.021

您当前的位置：

首页 >

文章列表页 >

智能网联汽车Wi-Fi隐私泄露风险研究

网络空间安全专栏 | 更新时间：2023-10-18

- 智能网联汽车Wi-Fi隐私泄露风险研究
- 暂无标题
- 西安电子科技大学学报 2023年50卷第4期页码：215-228
- 作者机构：
  
  1. 海南大学网络空间安全学院,海南海口 570208
  2. 中国科学院大学国家计算机网络入侵防范中心,北京 101408
- 作者简介：
  
  [ "杨波(1995—),男,海南大学硕士研究生,E-mail:[email protected];" ]
  [ "钟永超(1997—),男,海南大学硕士研究生,E-mail:[email protected];" ]
  [ "杨浩男(1997—),男,海南大学硕士研究生,E-mail:[email protected];" ]
  [ "徐紫枫(1990—),男,讲师,博士,E-mail:[email protected];" ]
  [ "李晓琦(1991—),男,副教授,E-mail:[email protected]" ]
  张玉清(1966—),男,教授,E-mail:[email protected]
- 基金信息：
  
  国家自然科学基金(U1836210);海南省重点研发计划(GHYF2022010);海南大学科研启动基金(RZ2100003335)
- DOI：10.19665/j.issn1001-2400.2023.04.021
  中图分类号：
扫描看全文
杨波, 钟永超, 杨浩男, 等. 智能网联汽车Wi-Fi隐私泄露风险研究[J]. 西安电子科技大学学报, 2023,50(4):215-228.
杨波, 钟永超, 杨浩男, 等. 智能网联汽车Wi-Fi隐私泄露风险研究[J]. 西安电子科技大学学报, 2023,50(4):215-228. DOI： 10.19665/j.issn1001-2400.2023.04.021.

DOI：

摘要

针对智能网联汽车隐私泄露风险评估中不完整、主观性强、难以量化损失的问题,提出了一种定性和定量结合的隐私风险评估模型。首先在定性风险评估模型的基础上,提出了新的隐私分类,扩展了现有标准的隐私影响评级;其次,设计了一种基于Wi-Fi的隐私泄露检测方案,解决定量评估中的数据收集问题;最后,对泄露的隐私数据从信息熵、影响等级、个人身份信息类型等多因素进行综合价值度量,引入隐私数据定价模型量化攻击收益,将攻击收益和概率的乘积作为预估损失值。通过3辆智能网联汽车的真车实验,证明了该隐私泄露检测方案的可行性。对隐私数据的定性和定量风险评估表明,扩展的影响评级、隐私度量和定价模型优于现有方案,有效量化了智能网联汽车的隐私泄露风险,定量转换的风险值与定性评估的风险值具有良好的一致性。

Abstract

Aiming at the problems of being incomplete,subjective and difficult to quantify loss in privacy disclosure risk assessment of intelligent connected vehicles,a privacy risk assessment model combining qualitative and quantitative methods is proposed.First,based on the qualitative risk assessment model,a new privacy classification is proposed,which extends the privacy impact rating of the existing standard.Second,a privacy leakage detection scheme based on Wi-Fi is designed to solve the problem of data collection in quantitative evaluation.Finally,the comprehensive value measurement of the leaked privacy data is carried out from the information entropy,influence level,personal identifiable information type and other factors.The privacy data pricing model is introduced to quantify the attack benefits,and the product of attack benefits and probability is taken as the estimated loss value.The feasibility of the privacy leakage detection scheme is proved through the real car experiment on three intelligent connected cars.The qualitative and quantitative risk assessment of privacy data shows that the extended impact rating,privacy measurement and pricing model are superior to those of the existing scheme,and that the scheme effectively quantifies the privacy disclosure risk of intelligent connected vehicles.The risk value of quantitative conversion is in good agreement with that of the risk value of qualitative assessment.

关键词

智能网联汽车Wi-Fi隐私泄露风险评估ISO标准

Keywords

intelligent connected vehiclesWi-Fiprivacy disclosurerisk assessmentISO standards

references

罗康. 医疗数据发布的隐私泄露风险评估系统设计与实现[D]. 贵阳: 贵州大学, 2022.

ISO/SAE. ISO/SAE DIS 21434:2021; Road Vehicle-Cybersecurity Engineering[S]. ISO/SAE International: Geneva, Switzerland, 2021.

MONTEUUIS J P, BOUDGUIGA A, ZHANG J, et al. SARA:Security Automotive Risk Analysis Method[C]// Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. New York: ACM, 2018:3-14.

LAUTENBACH A, ALMGREN M, OLOVSSON T. Proposing HEAVENS 2.0-An Automotive Risk Assessment Model[C]// Proceedings of the 5th ACM Computer Science in Cars Symposium. New York: ACM, 2021:1-12.

RING M, FRKAT D, SCHMIEDECKER M. Cybersecurity Evaluation of Automotive E/E Architectures[C]// ACM Computer Science in Cars Symposium (CSCS 2018). New York: ACM, 2018:1-7.

SION L, VAN LANDUYT D, WUYTS K, et al. Privacy Risk Assessment for Data Subject-Aware Threat Modeling[C]// 2019 IEEE Security and Privacy Workshops (SPW).Piscataway:IEEE, 2019:64-71.

BORGAONKAR R, HIRSCHI L, PARK S, et al. New Privacy Threat on 3G,4G,and Upcoming 5G AKA Protocols[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(3):108-127.

NGUYEN T H, VU T G, TRAN H L, et al. Emerging Privacy and Trust Issues for Autonomous Vehicle Systems[C]// 2022 International Conference on Information Networking (ICOIN).Piscataway:IEEE, 2022:52-57.

LI Z, PEI Q, MARKWOOD I, et al. Location Privacy Violation via GPS-Agnostic Smart Phone Car Tracking[J]. IEEE Transactions on Vehicular Technology, 2018, 67(6):5042-5053.

宋成, 金彤, 倪水平, 等. 一种面向移动终端的K匿名位置隐私保护方案[J]. 西安电子科技大学学报, 2021, 48(3):138-145.

SONG Cheng, JIN Tong, NI Shuiping, et al. A K-Anonymity Location Privacy Protection Scheme for Mobile Terminals[J]. Journal of Xidian University, 2021, 48 (3):138-145.

FRASSINELLI D, PARK S, NÜRNBERGER S. I Know Where You Parked Last Summer:Automated Reverse Engineering and Privacy Analysis of Modern Cars[C]// 2020 IEEE Symposium on Security and Privacy (SP).Piscataway:IEEE, 2020:1401-1415.

YANG W, CHEN X, XIONG Z, et al. A Privacy-Preserving Aggregation Scheme Based on Negative Survey for Vehicle Fuel Consumption Data[J]. Information Sciences, 2021, 570:526-544. DOI:10.1016/j.ins.2021.05.009http://doi.org/10.1016/j.ins.2021.05.009https://linkinghub.elsevier.com/retrieve/pii/S0020025521004552https://linkinghub.elsevier.com/retrieve/pii/S0020025521004552

ZAVVOS E, GERDING E H, YAZDANPANAH V, et al. Privacy and Trust in the Internet of Vehicles[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(8):10126-10141. DOI:10.1109/TITS.2021.3121125http://doi.org/10.1109/TITS.2021.3121125https://ieeexplore.ieee.org/document/9590550/https://ieeexplore.ieee.org/document/9590550/

XIONG W, LAGERSTRÖM R. Threat Modeling of Connected Vehicles:A Privacy Analysis and Extension of Vehiclelang[C]// 2019 International Conference on Cyber Situational Awareness,Data Analytics and Assessment (Cyber SA).Piscataway:IEEE, 2019:1-7.

江秋情. 车联网隐私泄露检测系统的设计与实现[D]. 北京: 北京邮电大学, 2020.

CRONK R J, SHAPIRO S S. Quantitative Privacy Risk Analysis[C]// 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2021:340-350.

SINGH V P, UJJWAL R L. Privacy Attack Modeling and Risk Assessment Method for Name Data Networking[C]// Advances in Computer Communication and Computational Sciences:Proceedings of IC4S 2018.Heidelberg:Springer, 2019:109-119.

DI TIZIO G, MASSACCI F, ALLODI L, et al. An Experimental Approach for Estimating Cyber Risk:A Proposal Building upon Cyber Ranges and Capture the Flags[C]// 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2020:56-65.

WEI Y C, WU W C, LAI G H, et al. PISRA:Privacy Considered Information Security Risk Assessment Model[J]. The Journal of Supercomputing, 2020, 76(3):1468-1481. DOI:10.1007/s11227-018-2371-0http://doi.org/10.1007/s11227-018-2371-0

SION L, VAN L, JOOSEN W. The Never-Ending Story:On the Need for Continuous Privacy Impact Assessment[C]// 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2020:314-317.

申云成. 个人大数据定价方法研究[D]. 成都: 四川大学, 2021.

互联网天地. 《中华人民共和国个人信息保护法》公布[J]. 互联网天地, 2021, 9:3-11.

Internet World. Personal Information Protection Law of the People’s Republic of China Promulgated[J]. Internet World, 2021, 9:3-11.

SILVA P, GONÇALVES C, ANTUNES N, et al. Privacy Risk Assessment and Privacy-Preserving Data Monitoring. Expert Systems with Applications, 2022, 200:116867. DOI:10.1016/j.eswa.2022.116867http://doi.org/10.1016/j.eswa.2022.116867https://linkinghub.elsevier.com/retrieve/pii/S0957417422003153https://linkinghub.elsevier.com/retrieve/pii/S0957417422003153

彭慧波. 数据交易中定价机制研究[D]. 北京: 北京邮电大学, 2019.

SHERAZI H H R, KHAN Z A, IQBAL R, et al. A Heterogeneous IoV Architecture for Data Forwarding in Vehicle to Infrastructure Communication[J]. Mobile Information Systems, 2019, 2019:1-18.

ASTRIDA D N, SAPUTRA A R, ASSAUFI A I. Analysis and Evaluation of Wireless Network Security with the Penetration Testing Execution Standard (PTES)[J]. Sinkron:Jurnal Dan Penelitian Teknik Informatika, 2022, 7(1):147-154.

BHARATI S, PODDER P, MONDAL M, et al. Threats and Countermeasures of Cyber Security in Direct and Remote Vehicle Communication Systems (2020)[J/OL].[2020-06-11]. https://arxiv.org/abs/2006.08723. https://arxiv.org/abs/2006.08723https://arxiv.org/abs/2006.08723

KIM M, SHIN Y, SHON T. MitM Tool Analysis for TLS Forensics[C]// 2021 International Conference on Platform Technology and Service (PlatCon).Piscataway:IEEE, 2021:1-4.

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

信息安全风险评估模型SVRAMIS

一种云平台动态风险访问控制模型