Risk Analysis for Connected and Autonomous Vehicles (CAVs)

Abstract

CAVs (Connected and Autonomous Vehicles) are vehicles which can drive them- selves with minimal or no human intervention. However, because CAV technology relies on a network of interconnected systems communicating via a share network or the cloud, there are numerous methods by which the system can be hacked, com- promising its confidentiality, integrity, or availability (CIA). Research is required to understand the security risks surrounding CAVs and develop solutions. To this end, this study focuses on CAV technological infrastructure, divided into internal and external, and identified the security requirements by reference to the CIA triad. The internal environment components include GPS, LiDAR, CAN, and ECU, with attacks on CAN and GPS found to be the most severe. The external environment includes V2V, V2I, and V2X communications systems. Among the network attacks studied were Denial of Service (DoS), replay, impersonation, Sybil and black-hole, the most severe of these were external black-hole and replay attacks. Unlike other studies that only focus on CAV risks and potential solutions, this study assessed risk using a literature review, the STRIDE threat modelling framework, and the DREAD analysis framework to assess the level of risk. Most threats were rated as medium or high risk, and the most frequently violated requirement of the CIA triad was found to be the availability of CAVs.