西安电子科技大学学报 ›› 2023, Vol. 50 ›› Issue (4): 215-228.doi: 10.19665/j.issn1001-2400.2023.04.021

• 网络空间安全专栏 • 上一篇    下一篇

智能网联汽车Wi-Fi隐私泄露风险研究

杨波1,2(),钟永超1,2(),杨浩男1,2(),徐紫枫1(),李晓琦1,2(),张玉清1,2()   

  1. 1.海南大学 网络空间安全学院,海南 海口 570208
    2.中国科学院大学 国家计算机网络入侵防范中心,北京 101408
  • 收稿日期:2023-02-22 出版日期:2023-08-20 发布日期:2023-10-17
  • 通讯作者: 张玉清
  • 作者简介:杨波(1995—),男,海南大学硕士研究生,E-mail:yangb@nipc.org.cn;|钟永超(1997—),男,海南大学硕士研究生,E-mail:zhongyc@nipc.org.cn;|杨浩男(1997—),男,海南大学硕士研究生,E-mail:yanghn@nipc.org.cn;|徐紫枫(1990—),男,讲师,博士,E-mail:zfxu@hainanu.edu.cn;|李晓琦(1991—),男,副教授,E-mail:csxqli@hainanu.edu.cn
  • 基金资助:
    国家自然科学基金(U1836210);海南省重点研发计划(GHYF2022010);海南大学科研启动基金(RZ2100003335)

Research on the Wi-Fi privacy leakage risk of intelligent connected vehicles

YANG Bo1,2(),ZHONG Yongchao1,2(),YANG Haonan1,2(),XU Zifeng1(),LI Xiaoqi1,2(),ZHANG Yuqing1,2()   

  1. 1. School of Cyberspace Security,Hainan University,Haikou 570208,China
    2. National Computer Network Intrusion Prevention Center,University of Chinese Academy of Sciences,Beijing 101408,China
  • Received:2023-02-22 Online:2023-08-20 Published:2023-10-17
  • Contact: Yuqing ZHANG

摘要:

针对智能网联汽车隐私泄露风险评估中不完整、主观性强、难以量化损失的问题,提出了一种定性和定量结合的隐私风险评估模型。首先在定性风险评估模型的基础上,提出了新的隐私分类,扩展了现有标准的隐私影响评级;其次,设计了一种基于Wi-Fi的隐私泄露检测方案,解决定量评估中的数据收集问题;最后,对泄露的隐私数据从信息熵、影响等级、个人身份信息类型等多因素进行综合价值度量,引入隐私数据定价模型量化攻击收益,将攻击收益和概率的乘积作为预估损失值。通过3辆智能网联汽车的真车实验,证明了该隐私泄露检测方案的可行性。对隐私数据的定性和定量风险评估表明,扩展的影响评级、隐私度量和定价模型优于现有方案,有效量化了智能网联汽车的隐私泄露风险,定量转换的风险值与定性评估的风险值具有良好的一致性。

关键词: 智能网联汽车, Wi-Fi, 隐私泄露, 风险评估, ISO标准

Abstract:

Aiming at the problems of being incomplete,subjective and difficult to quantify loss in privacy disclosure risk assessment of intelligent connected vehicles,a privacy risk assessment model combining qualitative and quantitative methods is proposed.First,based on the qualitative risk assessment model,a new privacy classification is proposed,which extends the privacy impact rating of the existing standard.Second,a privacy leakage detection scheme based on Wi-Fi is designed to solve the problem of data collection in quantitative evaluation.Finally,the comprehensive value measurement of the leaked privacy data is carried out from the information entropy,influence level,personal identifiable information type and other factors.The privacy data pricing model is introduced to quantify the attack benefits,and the product of attack benefits and probability is taken as the estimated loss value.The feasibility of the privacy leakage detection scheme is proved through the real car experiment on three intelligent connected cars.The qualitative and quantitative risk assessment of privacy data shows that the extended impact rating,privacy measurement and pricing model are superior to those of the existing scheme,and that the scheme effectively quantifies the privacy disclosure risk of intelligent connected vehicles.The risk value of quantitative conversion is in good agreement with that of the risk value of qualitative assessment.

Key words: intelligent connected vehicles, Wi-Fi, privacy disclosure, risk assessment, ISO standards

中图分类号: 

  • TP309