智能网联汽车Wi-Fi隐私泄露风险研究

doi:10.19665/j.issn1001-2400.2023.04.021

摘要/Abstract

摘要：

针对智能网联汽车隐私泄露风险评估中不完整、主观性强、难以量化损失的问题,提出了一种定性和定量结合的隐私风险评估模型。首先在定性风险评估模型的基础上,提出了新的隐私分类,扩展了现有标准的隐私影响评级;其次,设计了一种基于Wi-Fi的隐私泄露检测方案,解决定量评估中的数据收集问题;最后,对泄露的隐私数据从信息熵、影响等级、个人身份信息类型等多因素进行综合价值度量,引入隐私数据定价模型量化攻击收益,将攻击收益和概率的乘积作为预估损失值。通过3辆智能网联汽车的真车实验,证明了该隐私泄露检测方案的可行性。对隐私数据的定性和定量风险评估表明,扩展的影响评级、隐私度量和定价模型优于现有方案,有效量化了智能网联汽车的隐私泄露风险,定量转换的风险值与定性评估的风险值具有良好的一致性。

关键词: 智能网联汽车, Wi-Fi, 隐私泄露, 风险评估, ISO标准

Abstract:

Aiming at the problems of being incomplete,subjective and difficult to quantify loss in privacy disclosure risk assessment of intelligent connected vehicles,a privacy risk assessment model combining qualitative and quantitative methods is proposed.First,based on the qualitative risk assessment model,a new privacy classification is proposed,which extends the privacy impact rating of the existing standard.Second,a privacy leakage detection scheme based on Wi-Fi is designed to solve the problem of data collection in quantitative evaluation.Finally,the comprehensive value measurement of the leaked privacy data is carried out from the information entropy,influence level,personal identifiable information type and other factors.The privacy data pricing model is introduced to quantify the attack benefits,and the product of attack benefits and probability is taken as the estimated loss value.The feasibility of the privacy leakage detection scheme is proved through the real car experiment on three intelligent connected cars.The qualitative and quantitative risk assessment of privacy data shows that the extended impact rating,privacy measurement and pricing model are superior to those of the existing scheme,and that the scheme effectively quantifies the privacy disclosure risk of intelligent connected vehicles.The risk value of quantitative conversion is in good agreement with that of the risk value of qualitative assessment.

Key words: intelligent connected vehicles, Wi-Fi, privacy disclosure, risk assessment, ISO standards

中图分类号:

TP309

杨波,钟永超,杨浩男,徐紫枫,李晓琦,张玉清. 智能网联汽车Wi-Fi隐私泄露风险研究[J]. 西安电子科技大学学报, 2023, 50(4): 215-228.

YANG Bo,ZHONG Yongchao,YANG Haonan,XU Zifeng,LI Xiaoqi,ZHANG Yuqing. Research on the Wi-Fi privacy leakage risk of intelligent connected vehicles[J]. Journal of Xidian University, 2023, 50(4): 215-228.

图/表 12

表1

图1

图2

图3

图4

表2

表3

不同ICV隐私检测结果的对比"

实验车辆	信道	实验方法	实验对象	$N i c v c e l l u l a r$	$N i c v w i f i$	$N p h o n e w i f i$
CS75PLUS				0	8	26
VELITE6	Wi-Fi	WC-ETA	ICV,TSP,手机	0	12	0
Malibu XL		中间人		0	0	38
某款BYD^[15]	cellular	YateBTS	ICV,TSP	22	0	0
Renault Zoe^[11]	cellular	OpenBSC	ICV,TSP	18	0	0

表3

表4

表5

表6

图5

表7

参考文献 28

[1]	罗康. 医疗数据发布的隐私泄露风险评估系统设计与实现[D]. 贵阳: 贵州大学, 2022.
[2]	ISO/SAE. ISO/SAE DIS 21434:2021; Road Vehicle-Cybersecurity Engineering[S]. ISO/SAE International: Geneva, Switzerland, 2021.
[3]	MONTEUUIS J P, BOUDGUIGA A, ZHANG J, et al. SARA:Security Automotive Risk Analysis Method[C]// Proceedings of the 4th ACM Workshop on Cyber-Physical System Security. New York: ACM, 2018:3-14.
[4]	LAUTENBACH A, ALMGREN M, OLOVSSON T. Proposing HEAVENS 2.0-An Automotive Risk Assessment Model[C]// Proceedings of the 5th ACM Computer Science in Cars Symposium. New York: ACM, 2021:1-12.
[5]	RING M, FRKAT D, SCHMIEDECKER M. Cybersecurity Evaluation of Automotive E/E Architectures[C]// ACM Computer Science in Cars Symposium (CSCS 2018). New York: ACM, 2018:1-7.
[6]	SION L, VAN LANDUYT D, WUYTS K, et al. Privacy Risk Assessment for Data Subject-Aware Threat Modeling[C]// 2019 IEEE Security and Privacy Workshops (SPW).Piscataway:IEEE, 2019:64-71.
[7]	BORGAONKAR R, HIRSCHI L, PARK S, et al. New Privacy Threat on 3G,4G,and Upcoming 5G AKA Protocols[J]. Proceedings on Privacy Enhancing Technologies, 2019, 2019(3):108-127.
[8]	NGUYEN T H, VU T G, TRAN H L, et al. Emerging Privacy and Trust Issues for Autonomous Vehicle Systems[C]// 2022 International Conference on Information Networking (ICOIN).Piscataway:IEEE, 2022:52-57.
[9]	LI Z, PEI Q, MARKWOOD I, et al. Location Privacy Violation via GPS-Agnostic Smart Phone Car Tracking[J]. IEEE Transactions on Vehicular Technology, 2018, 67(6):5042-5053.
[10]	宋成, 金彤, 倪水平, 等. 一种面向移动终端的K匿名位置隐私保护方案[J]. 西安电子科技大学学报, 2021, 48(3):138-145.
	SONG Cheng, JIN Tong, NI Shuiping, et al. A K-Anonymity Location Privacy Protection Scheme for Mobile Terminals[J]. Journal of Xidian University, 2021, 48 (3):138-145.
[11]	FRASSINELLI D, PARK S, NÜRNBERGER S. I Know Where You Parked Last Summer:Automated Reverse Engineering and Privacy Analysis of Modern Cars[C]// 2020 IEEE Symposium on Security and Privacy (SP).Piscataway:IEEE, 2020:1401-1415.
[12]	YANG W, CHEN X, XIONG Z, et al. A Privacy-Preserving Aggregation Scheme Based on Negative Survey for Vehicle Fuel Consumption Data[J]. Information Sciences, 2021, 570:526-544. doi: 10.1016/j.ins.2021.05.009
[13]	ZAVVOS E, GERDING E H, YAZDANPANAH V, et al. Privacy and Trust in the Internet of Vehicles[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(8):10126-10141. doi: 10.1109/TITS.2021.3121125
[14]	XIONG W, LAGERSTRÖM R. Threat Modeling of Connected Vehicles:A Privacy Analysis and Extension of Vehiclelang[C]// 2019 International Conference on Cyber Situational Awareness,Data Analytics and Assessment (Cyber SA).Piscataway:IEEE, 2019:1-7.
[15]	江秋情. 车联网隐私泄露检测系统的设计与实现[D]. 北京: 北京邮电大学, 2020.
[16]	CRONK R J, SHAPIRO S S. Quantitative Privacy Risk Analysis[C]// 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2021:340-350.
[17]	SINGH V P, UJJWAL R L. Privacy Attack Modeling and Risk Assessment Method for Name Data Networking[C]// Advances in Computer Communication and Computational Sciences:Proceedings of IC4S 2018.Heidelberg:Springer, 2019:109-119.
[18]	DI TIZIO G, MASSACCI F, ALLODI L, et al. An Experimental Approach for Estimating Cyber Risk:A Proposal Building upon Cyber Ranges and Capture the Flags[C]// 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2020:56-65.
[19]	WEI Y C, WU W C, LAI G H, et al. PISRA:Privacy Considered Information Security Risk Assessment Model[J]. The Journal of Supercomputing, 2020, 76(3):1468-1481. doi: 10.1007/s11227-018-2371-0
[20]	SION L, VAN L, JOOSEN W. The Never-Ending Story:On the Need for Continuous Privacy Impact Assessment[C]// 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).Piscataway:IEEE, 2020:314-317.
[21]	申云成. 个人大数据定价方法研究[D]. 成都: 四川大学, 2021.
[22]	互联网天地. 《中华人民共和国个人信息保护法》公布[J]. 互联网天地, 2021, 9:3-11.
	Internet World. Personal Information Protection Law of the People’s Republic of China Promulgated[J]. Internet World, 2021, 9:3-11.
[23]	SILVA P, GONÇALVES C, ANTUNES N, et al. Privacy Risk Assessment and Privacy-Preserving Data Monitoring. Expert Systems with Applications, 2022, 200:116867. doi: 10.1016/j.eswa.2022.116867
[24]	彭慧波. 数据交易中定价机制研究[D]. 北京: 北京邮电大学, 2019.
[25]	SHERAZI H H R, KHAN Z A, IQBAL R, et al. A Heterogeneous IoV Architecture for Data Forwarding in Vehicle to Infrastructure Communication[J]. Mobile Information Systems, 2019, 2019:1-18.
[26]	ASTRIDA D N, SAPUTRA A R, ASSAUFI A I. Analysis and Evaluation of Wireless Network Security with the Penetration Testing Execution Standard (PTES)[J]. Sinkron:Jurnal Dan Penelitian Teknik Informatika, 2022, 7(1):147-154.
[27]	BHARATI S, PODDER P, MONDAL M, et al. Threats and Countermeasures of Cyber Security in Direct and Remote Vehicle Communication Systems (2020)[J/OL].[2020-06-11]. https://arxiv.org/abs/2006.08723.
[28]	KIM M, SHIN Y, SHON T. MitM Tool Analysis for TLS Forensics[C]// 2021 International Conference on Platform Technology and Service (PlatCon).Piscataway:IEEE, 2021:1-4.

隐私评级风险矩阵	属性描述	直接PII	间接PII
司机身份与财产信息(高度敏感)	驾驶员身份证行驶证等身份信息、指纹虹膜等生物特征以及银行卡社保卡等个人信息	严重的	主要的
行踪轨迹与驾驶行为信息(敏感)	驾驶员注意力、速度、转向和制动以及车辆的经度、与纬度等人车绑定信息	主要的	中等水平
车辆身份与状态信息(不敏感)	VIN、剩余续航里程、累计里程、车内温度、pm2.5、燃油量等车辆信息	中等水平	可忽略不计

车辆	终端	TSP域名	隐私字段名
VELITE6	ICV	sgmlink1.amap.com	VIN/convoy/PhoneNumber/Vehicle_Odo/Fuel_Information/ powerpercent
		open.kaolafm.com	albumName/playUrl/PhoneNumber
		p1.music.126.net	songlist
		restapi.amap.com	location/direction
Malibu XL	手机	api.shanghaionstar.com	dealerName/latitude/longitude/PhoneNumber/distance/address/ignitionPOI/parkPOI/speedAverage/speedMaximum/tripMileage/drivescore/startDate/last trip distance/odometer/fuel tank info/vehicle range/lifetime fuel econ/last trip fuel economy/email/Addresss/birthDate/gender/jobTitle/msn/languagePreference/qq/userName/workPhoneNumber/governmentId
		www.onstar.com.cn	nickName/VIN/statisticsDate/countDate/FuelConsumption(8)/ FuelRatio(8)/Mileage(8)/fuelCost(9)

终端	协议	TSP域名	隐私字段名	敏感性	关联性	评级
ICV	HTTP	content.wecar.map.qq.com	Songlist	敏感	间接	中等
ICV	HTTP	m5.amap.com	latitude\longitude\direction\distance	敏感	间接	中等
ICV	HTTP	wecarplat.map.qq.com	VIN	不敏感	间接	忽略
ICV	HTTPS	cloud.eryanet.com	altitude\speed	敏感	间接	中等
手机	HTTP	scrm.changan.com.cn	ownerName\idcard\registdate\ productTime\dealername\maintaindata\ mileage\phoneNumber	高度敏感	直接	严重
手机	HTTPS	scrm.changan.com.cn	education\email\familymember\gender\ income\marriage\occupation\ purchaseDate	高度敏感	直接	严重2
手机	HTTPS	m.iov.changan.com.cn	oil\oilAvrgCostYesterday\ feeCostYesterday\ remainedOilMile\totalMeterYesterday\ totalOdometer\faceImg\ignitionPOI\ parkPOI\address	高度敏感	直接	严重2

攻击可行性评估	经过的时间	专业经验	对项目专业的了解	机会窗口	装备	总计	等级	P
开放Wi-Fi监听HTTP	1	0	0	1	4	6	高	0.474
破解Wi-Fi密码监听HTTP	4	3	0	1	4	12	高	0.247
使用WC-ETA和中间人攻击	17	6	3	4	4	34	非常低	0.006

序号	终端	攻击方式	协议	信息熵	影响权重	类型权重	隐私度量	攻击收益/元
1	ICV	开放或破解	HTTP	1.822	1	2.585	4.710	3.768
2	ICV	WC-ETA	HTTPS	2.585	1	2.585	6.682	5.346
3	手机	开放或破解	HTTP	3.637	2	4.000	29.096	23.277
4	手机	WC-ETA	HTTPS	4.430	2	4.954	43.892	35.114