Insider Threats in Emerging Mobility-as-a-Service Scenarios

TL;DR

This paper examines insider threats in Mobility-as-a-Service (MaaS) ecosystems, classifying risks across different tiers and proposing countermeasures to enhance security and privacy in federated transportation services.

Contribution

It introduces a tiered classification of insider threats in MaaS and suggests targeted countermeasures for each level, addressing security challenges in federated mobility services.

Findings

Classified insider threats across MaaS tiers

Proposed specific countermeasures for each threat level

Enhanced understanding of security risks in federated MaaS

Abstract

Mobility as a Service (MaaS) applies the everything-as-a-service paradigm of Cloud Computing to transportation: a MaaS provider offers to its users the dynamic composition of solutions of different travel agencies into a single, consistent interface. Traditionally, transits and data on mobility belong to a scattered plethora of operators. Thus, we argue that the economic model of MaaS is that of federations of providers, each trading its resources to coordinate multi-modal solutions for mobility. Such flexibility comes with many security and privacy concerns, of which insider threat is one of the most prominent. In this paper, we follow a tiered structure --- from individual operators to markets of federated MaaS providers --- to classify the potential threats of each tier and propose the appropriate countermeasures, in an effort to mitigate the problems.