Over the last few years the increasing of electronic and digital components in cars has improved the safety and driving experience of the vehicles. Although, the higher number of externally-communicating units has led to a growth in the dimension of the attack surfaces of each vehicle and, consequently, novel cybersecurity risks and threats are arising. Since smart cars are increasingly complex and involve multiple components, appropriate security measures need to be implemented to mitigate the potential risks, especially as attacks threaten the security, safety and even the privacy of vehicle passengers and all other road users, including pedestrians.
In this work we propose a Risk Assessment exercise applied to an automotive scenario, according to the MAGERIT methodology and with the support of the PILAR/EAR commercial tool, in order to seek whether both the methodology and the tool may prove to be useful in the automotive field, with specific attention paid to communication peripherals and cloud, which may potential threaten personal data en route from/to connected vehicles. For this purpose, we introduce an overview of the Risk Assessment process according to ISO/IEC 27005, followed by a description of Magerit. Moreover, we also provide a regression analysis study of the algorithm implemented in Pilar for the purposes of reverse engineering, to better understand the values calculated by the tool in the demo. The latter follows a description of the case study within a STRIDE threat modeling analysis preparatory to the demo itself.
- Email: marioraciti@pm.me
- LinkedIn: linkedin.com/in/marioraciti
- Twitter: twitter.com/tsumarios