Security and Communication Networks

Review Article

Threat Analysis and Risk Assessment for Connected Vehicles: A Survey

Table 4

Ways to evaluate TARA methods.
StudyEvaluation
HAIDAR et al. [10]They apply TVRA methodology to the pseudonymity mechanisms used for V2X communication aspects of C-ITS.
Dürrwang et al. [8]They evaluate the effectiveness of the method by letting 30 non-security-professional employees of the University of Applied Sciences in Karlsruhe use the method.
Cui and Sabaliauskaite [11]They use US2 to analyze the threat of autonomous vehicles and demonstrate the analysis results.
Hagan et al. [9]They present a realistic use case of a connected car and several attack scenarios.
Macher et al. [12]They apply the SAHARA approach for an automotive battery management system (BMS). For this specific example, the SAHARA approach identifies more hazardous situations than the traditional HARA (34%) approach.
Schmittner et al. [14]The scenario they consider is an attack or failure in the firmware over the air (FOTA) functionality.
Lee et al. [16]Use case 1: enhanced Android app-repackaging attack on in-vehicle network.
Use case 2: viable attack path and effective protection against ransomware in modern cars.
Use case 3: wireless attack on the connected car and security protocol for CAN.
Halabi et al. [21]The evaluation is mainly based on the effectiveness of the defense system compared with other defense strategies that do not consider the attacker’s ability to launch intelligent attacks.
Monteuuis et al. [18]They show SARA feasibility with two uses: vehicle tracking and comfortable emergency brake failure.
Karray et al. [29]They use the modeling of the vehicle speed acquisition system as an example.
Li et al. [27]A typical dynamic scene is used to demonstrate the proposed method. A car equipped with GNSS/INS will go through a city canyon where GNSS navigation signals are blocked. They apply the method to infer a belief for the likelihood of threats and risks for GPS signals.
Kaja et al. [37]The method is benchmarked against EVITA and HEAVENS for validation purposes.