Information Security Analysis in the Passenger-Autonomous Vehicle Interaction

TL;DR

This paper addresses cybersecurity risks in Passenger-Autonomous Vehicle interactions by proposing a threat-based security requirements elicitation approach, supported by literature review, to enhance data privacy and safety in AV systems.

Contribution

It introduces a threat model-driven method for security requirements elicitation specific to Passenger-AV interactions, aiding in risk management and privacy protection.

Findings

Case-oriented insights from literature review

Applicable to ride-hailing AV systems with supervisory control

Supports security risk mitigation in AV deployment

Abstract

Autonomous vehicles (AV) are becoming a part of humans' everyday life. There are numerous pilot projects of driverless public buses; some car manufacturers deliver their premium-level automobiles with advanced self-driving features. Thus, assuring the security of a Passenger-Autonomous Vehicle interaction arises as an important research topic, as along with opportunities, new cybersecurity risks and challenges occur that potentially may threaten Passenger's privacy and safety on the roads. This study proposes an approach of the security requirements elicitation based on the developed threat model. Thus, information security risk management helps to fulfil one of the principles needed to protect data privacy - information security. We demonstrate the process of security requirements elicitation to mitigate arising security risks. The findings of the paper are case-oriented and are based on the literature review. They are applicable for AV system implementation used by ride-hailing service providers that enable supervisory AV control.