A Survey of Security and Privacy in Connected Vehicles

  • Lotfi Ben OthmaneEmail author
  • Harold Weffers
  • Mohd Murtadha Mohamad
  • Marko Wolf


Electronic control units (ECUs) of a vehicle control the behavior of its devices—e.g., break and engine. They communicate through the in-vehicle network. Vehicles communicate with other vehicles and road side units (RSUs) through vehicular ad-hoc networks (VANets), with personal devices through wireless personal area networks (WPANs), and with service center systems through cellular networks. A vehicle that uses an external network, in addition to the in-vehicle network, is called connected vehicle.

A connected vehicle could benefit from smart mobility applications: applications that use information generated by vehicles, e.g., cooperative adaptive cruise control. However, connecting in-vehicle network, VANet, WPAN, and cellular network increases the count and complexity of threats to vehicles, which makes developing security and privacy solutions for connected vehicles more challenging.

In this work we provide a taxonomy for security and privacy aspects of connected vehicle. The aspects are: security of communication links, data validity, security of devices, identity and liability, access control, and privacy of drivers and vehicles. We use the taxonomy to classify the main threats to connected vehicles, and existing solutions that address the threats. We also report about the (only) approach for verifying security and privacy architecture of connected vehicle that we found in the literature. The taxonomy and survey could be used by security architects to develop security solutions for smart mobility applications.


Near Field Communication Transport Control Protocol Original Equipment Manufacturer Personal Device Secure Socket Layer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work is supported by the Dutch national HTAS innovation program; HTAS being an acronym for High Tech Automotive Systems. More information on this innovation program is accessible via the document[2].pdf. Any opinions expressed in this chapter are those of the authors and do not necessarily reflect those of Dutch national HTAS innovation program.

The authors thank Dr. Arno Spinner, from The Federal Highway Research Institute (BASt), Germany, and Pelin Anguin, from Purdue University, for providing valuable comments on an earlier draft of this book chapter.


  1. 1.
    Brooks R, Sander S, Deng J, Taiber J (2009) Automobile security concerns. IEEE Veh Technol Mag 4(2):52–64CrossRefGoogle Scholar
  2. 2.
    Mahmud S, Shanker S (2006) In-vehicle secure wireless personal area network (swpan). IEEE Trans Veh Technol 55(3):1051–1061CrossRefGoogle Scholar
  3. 3.
    Zhang J, Stojmenovic I (2005) Cellular networks. In: M. Gill (ed) Handbook of security, vol I, Part 2. Wiley, New York, pp 654–663Google Scholar
  4. 4.
    Intelligent Transport Systems (ITS)  Communications Architecture (2010) The European Telecommunications Standards Institute (ETSI) Std. ETSI EN 302 665, Rev. V1.1.1, 09 2010.
  5. 5.
    Koscher K, Czeskis A, Roesner F, Patel S, Kohno T, Checkoway S, McCoy D, Kantor B, Anderson D, Shacham H, Savage S (2010) Experimental security analysis of a modern automobile. In: Proceedings of IEEE symposium on security and privacy, San Diego, CA, May 2010, pp 447–462Google Scholar
  6. 6.
    Johansson KH, Torngren M, Nielsen L (2005) Vehicle applications of controller area network. In: D Hristu-Varsakelis, W Levine (eds) Handbook of networked and embedded control systems. Springer, New York, pp 741–765CrossRefGoogle Scholar
  7. 7.
    Uzcategui R, Acosta-Marum G (2009) Wave: a tutorial. IEEE Commun Mag 47(5):126–133CrossRefGoogle Scholar
  8. 8.
    (2011) ecall: Time saved = lives saved. Scholar
  9. 9.
    van Arem B, van Driel C, Visser R (2006) The impact of cooperative adaptive cruise control on traffic-flow characteristics. IEEE Trans Intell Transp Syst 7(4):429–436CrossRefGoogle Scholar
  10. 10.
    Markoff J Google cars drive themselves, in traffic. Scholar
  11. 11.
    Kihl M (2009) Vehicular network applications and services. Vehicular networks techniques, standards, and applications. Auerbach Publications, Boston, pp 21–39Google Scholar
  12. 12.
    Karagiannis G, Altintas O, Ekici E, Heijenk G, Jarupan B, Lin K, Weil T (2011) Vehicular networking: A survey and tutorial on requirements, architectures, challenges, standards and solutions. IEEE Commun Surv Tutorials 13(4):584–616CrossRefGoogle Scholar
  13. 13.
    Westin A (1967) Privacy and freedom. Atheneum, New YorkGoogle Scholar
  14. 14.
    Shirey R (2007) Internet security glossary, Version 2. RFC 4949 (Informational).
  15. 15.
    Parno B, Perrig A (2005) Challenges in securing vehicular networks. In: Workshop on hot topics in networks (HotNets-IV), College Park, Nov 2005.
  16. 16.
    (2012) Mobile phone spy cell phone monitoring and tracking system.
  17. 17.
    Raya M, Hubaux J-P (2007) Securing vehicular ad hoc networks. J Comput Secur 15(1):39–68Google Scholar
  18. 18.
    Wolf M, Weimerskirch A, Wollinger TJ (2007) State of the art: embedding security in vehicles. EURASIP J Embed Syst 2007:074706CrossRefGoogle Scholar
  19. 19.
    Pedroza G, Idrees M, Apvrille L, Roudier Y (2011) A formal methodology applied to secure over-the-air automotive applications. In: 2011 IEEE Vehicular technology conference (VTC Fall), Sept 2011, pp 1–5Google Scholar
  20. 20.
    Zhou T, Choudhury RR, Ning P, Chakrabarty K (2007) Privacy-preserving detection of sybil attacks in vehicular ad hoc networks. In: The 4th annual international conference on mobile and ubiquitous systems: computing, networking and services, Philadelphia, Aug 2007, pp 1–8.
  21. 21.
    Wolf M, Weimerskirch A, Paar C (2004) Security in automotive bus systems. In: Workshop on embedded security in cars (escar)’04, Bochum, Germany, Nov 2004Google Scholar
  22. 22.
    Schweppe H, Idrees S, Roudier Y, Weyl B, Khayari RE, Henniger O, Scheuermann D, Pedroza G, Apvrille L, Seudie H, Platzdasch H, Sall M (2011) Deliverable d3.3: secure on-board protocols specification. Technical report, July 2011.
  23. 23.
    Bar-El H (2009) Intra-vehicle information security framework. In: Proceedings of the 7th ESCAR embedded security in cars conference, Dïsseldorf, Germany, Nov 2009Google Scholar
  24. 24.
    IEEE (2006) Trial-use standard for wireless access in vehicular environments - security services for applications and management messages. IEEE Std.
  25. 25.
    Kargl F, Papadimitratos P, Buttyan L, Müter M, Wiedersheim B, Schoch E, Thong T-V, Calandriello G, Held A, Kung A, Hubaux J-P (2008) Secure vehicular communication systems: implementation, performance, and research challenges. IEEE Commun Mag, 46(11):110–118CrossRefGoogle Scholar
  26. 26.
    Papadimitratos P, Buttyan L, Holczer T, Schoch E, Freudiger J, Raya M, Ma Z, Kargl F, Kung A, Hubaux J-P (2008) Secure vehicular communication systems: design and architecture. IEEE Commun Mag 46(11):100–109CrossRefGoogle Scholar
  27. 27.
    Raya M, Hubaux J-P (2005) The security of vehicular ad hoc networks. In: The 3rd ACM workshop on security of Ad Hoc and sensor networks, series SASN ’05, Alexandria, VA, Nov 2005, pp 11–21Google Scholar
  28. 28.
    (2011) Secure vehicle communication.
  29. 29.
    Randall S, Houmb S-H (2012) Experience in developing standards for cooperative systems. In: Workshop personal data protection and security aspects related to its applications, BrusselsGoogle Scholar
  30. 30.
    Padgette J, Scarfone K, Chen L (2010) Guide to bluetooth security: recommendations of the national institute of standards and technology. National Institute of Standards and Technology (US), GaithersburgGoogle Scholar
  31. 31.
    Katz J, Lindell, Y (2007) Introduction to modern cryptography. Chapman & Hall/CRC, Boca RatonGoogle Scholar
  32. 32.
    Lu Y, Meier W, Vaudenay S (2005) The conditional correlation attack: a practical attack on bluetooth encryption. In The 25th annual international conference on advances in cryptology, series CRYPTO’05. Springer, Santa Barbara, pp 97–117.
  33. 33.
    Freier A, Karlton P, Kocher P (2011) The secure sockets layer (SSL) protocol version 3.0, internet engineering task force (IETF) Std.
  34. 34.
    Postel J (1981) Transmission control protocol, Std. RFC793.
  35. 35.
    Ravi S, Raghunathan A, Kocher P, Hattangady S (2004) Security in embedded systems: design challenges. ACM Trans Embed Comput Syst 3(3):461–491CrossRefGoogle Scholar
  36. 36.
    L. Wireless Application Protocol Forum. Wireless transport layer security, Std, 2001.
  37. 37.
    Housley R, Ford W, Polk W, Solo D (1999) Internet X.509 public key infrastructure certificate and CRL profile, Std. rfc2459.
  38. 38.
    Jormalainen S, Laine J (1999) Security in WTLS.
  39. 39.
    Saarinen M-JO (1999) Attacks against the WAP WTLS protocol. In: The IFIP TC6/TC11 joint working conference on secure information networks: communications and multimedia security, Leuven, Belgium, Sept 1999, pp 209–215.
  40. 40.
    Golle P, Greene D, Staddon J (2004) Detecting and correcting malicious data in VANETs. In: Proceedings of the 1st ACM international workshop on Vehicular ad hoc networks, series VANET ’04, Philadelphia, Oct 2004, pp 29–37.
  41. 41.
    Su X, Boppana R (2008) Mitigating wormhole attacks using passive monitoring in mobile ad hoc networks. In: IEEE global telecommunications conference, 2008. IEEE GLOBECOM 2008, New Orleans, Dec 2008, pp 1–5Google Scholar
  42. 42.
    Shokri R, Poturalski M, Ravot G, Papadimitratos P, Hubaux J-P (2009) A practical secure neighbor verification protocol for wireless sensor networks. In: Proceedings of the 2nd ACM conference on wireless network security, series WiSec ’09, New York, pp 193–200.
  43. 43.
    Dietzel S, Schoch E, Könings B, Weber M, Kargl F (2010) Resilient secure aggregation for vehicular networks. Netw Mag Glob Internetw 24(1):26–31.
  44. 44.
    Zadeh LA (1975) Fuzzy logic and approximate reasoning. Synthese 30:407–428. doi:10.1007/BF00485052.
  45. 45.
    Hubaux J, Capkun S, Luo J (2004) The security and privacy of smart vehicles. IEEE Secur Privacy 2(3):49–55CrossRefGoogle Scholar
  46. 46.
    (2012) Evita project: E-safety vehicle intrusion protected applications. European commission research grant fp7-ict-224275.
  47. 47.
    Apvrille L, Khayari RE, Henniger O, Roudier Y, Schweppe H, Seudié H, Weyl B, Wolf M (2010) Secure automotive on-board electronics network architecture. In: FISITA 2010 world automotive congress, Budapest, Hungary, May–June 2010Google Scholar
  48. 48.
    (2012) Autosar.
  49. 49.
    Hersteller Initiative Software - Security Working Group (2009) SHE-functional specification v1.1, rev 439Google Scholar
  50. 50.
    Idrees MS, Schweppe H, Roudier Y, Wolf M, Scheuermann D, Henniger O (2011) Secure automotive on-board protocols: a case of over-the-air firmware updates. In Proceedings of the 3rd international conference on Communication technologies for vehicles. Springer, Berlin/Heidelberg, pp 224–238.
  51. 51.
    Studer A, Bai F, Bellur B, Perrig A (2009) Flexible, extensible, and efficient vanet authentication. J Commun Networks 11(6):574–588CrossRefGoogle Scholar
  52. 52.
    Wolf M (2010) A secure and privacy-preserving electronic license plate. In Automotive: safety & security, Stuttgart, Germany, 21–23 June 2010Google Scholar
  53. 53.
  54. 54.
    (2012) Preciosa-privacy enabled capability in co-operative systems and safety applications.
  55. 55.
    Kargl F, Schaub F, Dietzel S (2010) Mandatory enforcement of privacy policies using trusted computing principles. In: AAAI spring symposium: intelligent information privacy management, Stanford, CA, Mar 2010Google Scholar
  56. 56.
    Kung A, Freytag J, Kargl F (2011) Privacy-by-design in ITS applications. In: 2011 IEEE international symposium on a world of wireless, mobile and multimedia networks (WoWMoM), Lucca, Italy, June 2011, pp 1–6Google Scholar
  57. 57.
    Kost M, Freytag J-C, Kargl F, Kung A (2011) Privacy verification using ontologies. In: The 1st international workshop on privacy by design, Vienna, Austria, Aug 2011, pp 627–632Google Scholar
  58. 58.
    Pedroza G, Apvrille L, Knorreck D (2011) AVATAR: a SysML environment for the formal verification of safety and security properties. In: The 11th annual international conference on new technologies of distributed systems (NOTERE), Paris, France, Mar 2011, pp 1–10Google Scholar
  59. 59.
    TTool - an open-source UML and SysML toolkit.
  60. 60.
    Object Management Group Inc (OMG) (2010) OMG systems modeling language (OMG SysML).
  61. 61.
    Blanchet B (2009) Automatic verification of correspondences for security protocols. J Comput Secur 17(4):363–434.
  62. 62.
    Dolev D, Yao AC (1981) On the security of public key protocols. Technical report, StanfordCrossRefGoogle Scholar

Copyright information

© Springer New York 2015

Authors and Affiliations

  • Lotfi Ben Othmane
    • 1
    Email author
  • Harold Weffers
    • 1
  • Mohd Murtadha Mohamad
    • 2
  • Marko Wolf
    • 3
  1. 1.Department of Mathematics and Computer ScienceEindhoven University of TechnologyEindhovenThe Netherlands
  2. 2.Faculty of Computer Science and Information SystemUniversiti Teknologi MalaysiaJohorMalaysia
  3. 3.ESCRYPT GmbH–Embedded SecurityMunichGermany

Personalised recommendations