More Web Proxy on the site http://driver.im/

research-article

A Systematic Approach for Automotive Privacy Management

Authors:

Sebastian Pape,

Sarah Syed-Winkler,

Armando Miguel Garcia,

Badreddine Chah,

Matthias Hiller,

Tobias Walcher,

Alexandre Lombard,

Abdeljalil Abbas-Turki,

Reda YaichAuthors Info & Claims

CSCS '23: Proceedings of the 7th ACM Computer Science in Cars Symposium

Article No.: 7, Pages 1 - 12

https://doi.org/10.1145/3631204.3631863

Published: 05 December 2023 Publication History

Abstract

As of today, car manufacturers are currently addressing privacy goals primarily from a legal perspective. However, with the common acceptance of privacy by design, it is important to also address the technical perspective. As of today there is no systematic understanding or even approach how to address privacy requirements. Our contribution is twofold: (i) We propose a system model for the automotive domain to model and analyse a use case for suitable locations of adding privacy enhancing technologies. (ii) As a generic solution, we propose the privacy manager, a generic entity which supports applications in the implementation of privacy enhancing technologies or enforces a certain data flow avoiding that information is leaked in an avoidable way. To evaluate our approach, we apply our system model at two automotive scenarios, platooning and silent testing, and describe how the privacy manager can be used to integrate privacy considerations early on. In general our proposed system model was easily applicable to the two chosen use cases.

References

[1]

Ala’a Al-Momani, Frank Kargl, Robert Schmidt, and Christoph Bösch. 2018. iRide: A Privacy-Preserving Architecture for Self-Driving Cabs Service. In 2018 IEEE Vehicular Networking Conference (VNC). 1–8. https://doi.org/10.1109/VNC.2018.8628378

[2]

Giampaolo Bella, Pietro Biondi, and Giuseppe Tudisco. 2023. A double assessment of privacy risks aboard top-selling cars. Automotive Innovation 6, 2 (2023), 146–163.

[3]

Sam Biddle. 2023. Lexisnexis is selling your personal data to ice so it can try to predict crimes. The Intercept, https://theintercept.com/2023/06/20/lexisnexis-ice-surveillance-license-plates/.

[4]

Sören Bleikertz, Toni Mastelic, Sebastian Pape, Wolter Pieters, and Trajce Dimkov. 2013. Defining the Cloud Battlefield – Supporting Security Assessments by Cloud Customers. In Proceedings of IEEE International Conference on Cloud Engineering (IC2E). 78–87. https://doi.org/10.1109/IC2E.2013.31

Digital Library

[5]

Daisie D Boettner, Gino Paganelli, Yann G Guezennec, Giorgio Rizzoni, and Michael J Moran. 2002. Proton exchange membrane fuel cell system model for automotive vehicle simulation and control. J. Energy Resour. Technol. 124, 1 (2002), 20–27.

[6]

Vanessa Bracamonte, Sebastian Pape, and Sascha Loebner. 2022. All apps do this”: Comparing privacy concerns towards privacy tools and non-privacy tools for social media content. Proceedings on Privacy Enhancing Technologies 3 (2022), 57–78.

[7]

Zekun Cai and Aiping Xiong. 2023. Understand Users’ Privacy Perception and Decision of { V2X} Communication in Connected Autonomous Vehicles. In 32nd USENIX Security Symposium (USENIX Security 23). 2975–2992.

[8]

Badreddine Chah, Alexandre Lombard, Anis Bkakria, Abbas-Turki, and Reda Yaich. 2023. H3PC: Enhanced Security and Privacy-Preserving Platoon Construction Based on Fully Homomorphic Encryption. In IEEE International Conference on Intelligent Transportation Systems (ITSC).

[9]

Badreddine Chah, Alexandre Lombard, Anis Bkakria, Reda Yaich, and Abdeljalil Abbas-Turki. 2023. Privacy, Security, Threat Analysis, Connected and Autonomous Vehicle, Privacy engineering framework.Journal of Ubiquitous Systems & Pervasive Networks (2023).

[10]

Badreddine Chah, Alexandre Lombard, Anis Bkakria, Reda Yaich, Abdeljalil Abbas-Turki, and Stéphane Galland. 2022. Privacy Threat Analysis for connected and autonomous vehicles. Procedia Computer Science 210 (2022), 36–44.

Digital Library

[11]

ETSI. 2014. Intelligent Transport Systems (ITS), Vehicular Communications, Basic Set of Applications. https://www.etsi.org/deliver/etsi_en/302600_302699/30263702/01.03.01_30/en_30263702v010301v.pdf. (2014).

[12]

Cyrus Farivar. 2011. Peeping TomTom. https://www.dw.com/en/tomtom-ceo-apologizes-for-selling-speed-data-to-police/a-15035318.

[13]

International Organization for Standardization. 2021. ISO/SAE 21434: 2021: Road Vehicles: Cybersecurity Engineering.

[14]

International Organization for Standardization. 2022. ISO PAS 5112 - Road vehicles – Guidelines for auditing cybersecurity engineering.

[15]

International Organization for Standardization. 2022. ISO/DIS 24089 - Road vehicles - Software update engineering.

[16]

Sebastian Frank and Arjan Kuijper. 2020. Privacy by Design: Survey on Capacitive Proximity Sensing as System of Choice for Driver Vehicle Interfaces. In CSCS ’20: Computer Science in Cars Symposium, Feldkirchen, Germany, December 2, 2020, Björn Brücher, Oliver Wasenmüller, Mario Fritz, Hans-Joachim Hof, and Christoph Krauß (Eds.). ACM, 6:1–6:9. https://doi.org/10.1145/3385958.3430474

Digital Library

[17]

Gonzalo Munilla Garrido, Johannes Sedlmeir, Ömer Uludağ, Ilias Soto Alaoui, Andre Luckow, and Florian Matthes. 2022. Revealing the landscape of privacy-enhancing technologies in the context of data markets for the IoT: A systematic literature review. Journal of Network and Computer Applications 207 (2022), 103465.

Digital Library

[18]

Quan Geng and Pramod Viswanath. 2015. The optimal noise-adding mechanism in differential privacy. IEEE Transactions on Information Theory 62, 2 (2015), 925–951.

Digital Library

[19]

Khalid Halba and Charif Mahmoudi. 2018. In-vehicle software defined networking: An enabler for data interoperability. In Proceedings of the 2nd International Conference on Information System and Data Mining. 93–97.

Digital Library

[20]

David Harborth, Xinyuan Cai, and Sebastian Pape. 2019. Why Do People Pay for Privacy-Enhancing Technologies? The Case of Tor and JonDonym?. In ICT Systems Security and Privacy Protection - 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings. 253–267. https://doi.org/10.1007/978-3-030-22312-0_18

[21]

David Harborth and Sebastian Pape. 2018. Examining Technology Use Factors of Privacy-Enhancing Technologies: The Role of Perceived Anonymity and Trust. In 24th Americas Conference on Information Systems, AMCIS 2018, New Orleans, LA, USA, August 16-18, 2018. Association for Information Systems. https://doi.org/X

[22]

David Harborth and Sebastian Pape. 2018. JonDonym Users’ Information Privacy Concerns. In ICT Systems Security and Privacy Protection - 33rd IFIP TC 11 International Conference, SEC 2018, Held at the 24th IFIP World Computer Congress, WCC 2018, Poznan, Poland, September 18-20, 2018, Proceedings. 170–184. https://doi.org/10.1007/978-3-319-99828-2_13

[23]

David Harborth and Sebastian Pape. 2019. How Privacy Concerns and Trust and Risk Beliefs Influence Users’ Intentions to Use Privacy-Enhancing Technologies – The Case of Tor. In 52nd Hawaii International Conference on System Sciences (HICSS) 2019. 4851–4860. https://doi.org/10125/59923

[24]

David Harborth and Sebastian Pape. 2019. Investigating Privacy Concerns related to Mobile Augmented Reality Applications. In Proceedings of the 40th International Conference on Information Systems ICIS 2019, Munich, Germany, December 13-15, 2019, Helmut Krcmar, Jane Fedorowicz, Wai Fong Boh, Jan Marco Leimeister, and Sunil Wattal (Eds.). https://doi.org/X

[25]

David Harborth and Sebastian Pape. 2020. How privacy concerns, trust and risk beliefs, and privacy literacy influence users’ intentions to use privacy-enhancing technologies: The case of Tor. ACM SIGMIS Database: The DATABASE for Advances in Information Systems 51, 1 (2020), 51–69.

Digital Library

[26]

David Harborth and Sebastian Pape. 2021. Investigating Privacy Concerns Related to Mobile Augmented Reality Apps - A Vignette Based Online Experiment. Computers in Human Behavior 122 (09 2021). https://doi.org/10.1016/j.chb.2021.106833

[27]

David Harborth, Sebastian Pape, and Kai Rannenberg. 2020. Explaining the Technology Use Behavior of Privacy-Enhancing Technologies: The Case of Tor and JonDonym.Proc. Priv. Enhancing Technol. 2020, 2 (2020), 111–128.

[28]

Andrej Karpathy. 2021. System and method for obtaining training data. US Patent App. 17/250,825.

[29]

Jacob Leon Kröger, Leon Gellrich, Sebastian Pape, Saba Rebecca Brause, and Stefan Ullrich. 2022. Personal information inference from voice recordings: User awareness and privacy concerns.Proc. Priv. Enhancing Technol. 2022, 1 (2022), 6–27.

[30]

Ioannis Krontiris, Kalliroi Grammenou, Kalliopi Terzidou, Marina Zacharopoulou, Marina Tsikintikou, Foteini Baladima, Chrysi Sakellari, and Konstantinos Kaouras. 2020. Autonomous Vehicles: Data Protection and Ethical Considerations. In CSCS ’20: Computer Science in Cars Symposium, Feldkirchen, Germany, December 2, 2020, Björn Brücher, Oliver Wasenmüller, Mario Fritz, Hans-Joachim Hof, and Christoph Krauß (Eds.). ACM, 10:1–10:10. https://doi.org/10.1145/3385958.3430481

Digital Library

[31]

Tian Li, Anit Kumar Sahu, Ameet Talwalkar, and Virginia Smith. 2020. Federated learning: Challenges, methods, and future directions. IEEE signal processing magazine 37, 3 (2020), 50–60.

[32]

Sascha Löbner, Christian Gartner, and Frédéric Tronnier. 2023. Privacy Preserving Data Analysis with the Encode, Shuffle, Analyse Architecture in Vehicular Data Sharing. In Proceedings of the 2023 European Interdisciplinary Cybersecurity Conference, EICC 2023, Stavanger, Norway, June 14-15, 2023, Aleksandra Mileva, Steffen Wendzel, and Virginia N. L. Franqueira (Eds.). ACM, 85–91. https://doi.org/10.1145/3590777.3590791

Digital Library

[33]

Sascha Löbner, Frédéric Tronnier, Sebastian Pape, and Kai Rannenberg. 2021. Comparison of de-identification techniques for privacy preserving data analysis in vehicular data sharing. In Proceedings of the 5th ACM Computer Science in Cars Symposium. 1–11.

Digital Library

[34]

Julia Love. 2023. Police Are Requesting Self-Driving Car Footage for Video Evidence. https://www.bloomberg.com/news/articles/2023-06-29/self-driving-car-video-from-waymo-cruise-give-police-crime-evidence.

[35]

Mozilla. 2023. ‘Privacy Nightmare on Wheels’: Every Car Brand Reviewed By Mozilla — Including Ford, Volkswagen and Toyota — Flunks Privacy Test. https://foundation.mozilla.org/en/blog/privacy-nightmare-on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test/.

[36]

National Automobile Dealers Association and Future of Privacy Forum. 2017. Personal data in your car. https://fpf.org/wp-content/uploads/2017/01/consumerguide.pdf. (2017).

[37]

Trevor Neumann. 2021. Seven Automotive Connectivity Trends Fueling the Future.

[38]

Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union vol. 59.

[39]

Sebastian Pape and David Harborth. 2023. Acceptance Factors of Privacy-Enhancing Technologies on the Basis of Tor and JonDonym. In Human Factors in Privacy Research, Nina Gerber, Alina Stöver, and Karola Marky (Eds.). Springer International Publishing, 299–320. https://doi.org/10.1007/978-3-031-28643-8_15

[40]

Sebastian Pape, Federica Paci, Jan Juerjens, and Fabio Massacci. 2020. Selecting a Secure Cloud Provider: An Empirical Study and Multi Criteria Approach. Information 11, 5 (05 2020). https://doi.org/10.3390/info11050261

[41]

Sebastian Pape and Jelena Stankovic. 2019. An Insight into Decisive Factors in Cloud Provider Selection with a Focus on Security. In Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, ADIoT, Luxembourg City, Luxembourg, September 26-27, 2019, Revised Selected Papers(LNCS, Vol. 11980). Springer International Publishing, Cham, 287–306. https://doi.org/10.1007/978-3-030-42048-2_19

Digital Library

[42]

Mario Raciti and Giampaolo Bella. 2023. How to Model Privacy Threats in the Automotive Domain. In Proceedings of the 9th International Conference on Vehicle Technology and Intelligent Transport Systems. SCITEPRESS - Science and Technology Publications. https://doi.org/10.5220/0011998800003479

[43]

Sara Ramezanian, Gizem Akman, Mohamed Taoufiq Damir, and Valtteri Niemi. 2022. Lightweight Privacy-Preserving Ride-Sharing Protocols for Autonomous Cars. In Computer Science in Cars Symposium, CSCS 2022, Ingolstadt, Germany, 8 December 2022, Björn Brücher, Christoph Krauß, Mario Fritz, Hans-Joachim Hof, and Oliver Wasenmüller (Eds.). ACM, 11:1–11:11. https://doi.org/10.1145/3568160.3570234

Digital Library

[44]

Kai Rannenberg, Sebastian Pape, Frederic Tronnier, and Sascha Löbner. 2021. Study on the technical evaluation of de-identification procedures for personal data in the automotive sector. Technical Report.

[45]

Bruce Schneier. 2023. Self-Driving Cars Are Surveillance Cameras on Wheels. https://www.schneier.com/blog/archives/2023/07/self-driving-cars-are-surveillance-cameras-on-wheels.html.

[46]

Thomas Schober and Gerhard Griessnig. 2022. Cybersecurity Regulations and Standards in the Automotive Domain. In European Conference on Software Process Improvement. Springer, 530–539.

[47]

Stefan Sicklinger. [n. d.]. How the Big Loop powers data-driven development for ADAS/AD.

[48]

Sarah Syed-Winkler, Sebastian Pape, and Ahmad Sabouri. 2022. A Data Protection-Oriented System Model Enforcing Purpose Limitation for Connected Mobility. In Proceedings of the 6th ACM Computer Science in Cars Symposium. 1–11.

Digital Library

[49]

Tomer Toledo. 2007. Driving behaviour: models and challenges. Transport Reviews 27, 1 (2007), 65–84.

[50]

Toyota. 2023. Apology and Notice Concerning Newly Discovered Potential Data Leakage of Customer Information Due to Cloud Settings. https://global.toyota/en/newsroom/corporate/39241625.html.

[51]

Frédéric Tronnier, Sebastian Pape, Sascha Löbner, and Kai Rannenberg. 2022. A discussion on ethical cybersecurity issues in digital service chains. In Cybersecurity of Digital Service Chains: Challenges, Methodologies, and Tools. Springer International Publishing Cham, 222–256.

[52]

United Nations. 2021. UN Regulation No. 155 Uniform provisions concerning the approval of vehicles with regards to cyber security and cyber security management system. https://unece.org/sites/default/files/2021-03/R155e.pdf E/ECE/TRANS/505/Rev.3/Add.154.

[53]

United Nations. 2021. UN Regulation No. 156 - Uniform provisions concerning the approval of vehicles with regards to software update and software updates management system. https://unece.org/sites/default/files/2021-03/R156e.pdf E/ECE/TRANS/505/Rev.3/Add.155.

[54]

Cheng Wang. 2021. Silent Testing for Safety Validation of Automated Driving in Field Operation. Ph. D. Dissertation.

[55]

Cheng Wang, Kai Storms, and Hermann Winner. 2021. Online safety assessment of automated vehicles using silent testing. IEEE Transactions on Intelligent Transportation Systems 23, 8 (2021), 13069–13083.

[56]

Kim Wuyts, Laurens Sion, and Wouter Joosen. 2020. Linddun go: A lightweight approach to privacy threat modeling. In 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 302–309.

[57]

Christian Zimmermann, Markus Sontowski, and Stefan Köpsell. 2019. Attribute-Based Credentials in High-Density Platooning. In ACM Computer Science in Cars Symposium, German Research Center for Artificial Intelligence, Kaiserslautern, Germany, October 8, 2019, Hans-Joachim Hof, Mario Fritz, Christoph Krauß, and Oliver Wasenmüller (Eds.). ACM, 5:1–5:9. https://doi.org/10.1145/3359999.3360491

Digital Library

Cited By

Vielberth MRaab KGlas MGrümer PPernul G(2024)Elevating TARA: A Maturity Model for Automotive Threat Analysis and Risk AssessmentProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670888(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670888
Al-Momani ABalenson DMann ZPape SPetit JBösch C(2024)Navigating Privacy Patterns in the Era of Robotaxis2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00011(32-39)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00011

Index Terms

A Systematic Approach for Automotive Privacy Management
1. Security and privacy

Recommendations

Privacy-enhancing technologies: approaches and development

In this paper, we discuss privacy threats on the Internet and possible solutions to this problem. Examples of privacy threats in the communication networks are identity disclosure, linking data traffic with identity, location disclosure in connection ...
Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security

Federated identity management allows a user to efficiently authenticate and use identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We ...
An Integrative Approach for Measuring Privacy Impact of Identifiers in the Automotive Domain
SOCIALCOM '13: Proceedings of the 2013 International Conference on Social Computing

Information technology is commonly used in automotive applications, and has introduced associated opportunities and threats. At the same time, the dissemination and use of certain privacy-sensitive data (i.e., identifying data) continues to increase, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CSCS '23: Proceedings of the 7th ACM Computer Science in Cars Symposium

December 2023

104 pages

ISBN:9798400704543

DOI:10.1145/3631204

Editors:
Björn Brücher
Intel Germany
,
Christoph Krauß
Darmstadt University of Applied Sciences and INCYDE GmbH
,
Mario Fritz
CISPA Helmholtz Center for Information Security, Germany
,
Hans-Joachim Hof
Technical University of Ingolstadt, Germany
,
Oliver Wasenmüller
University for Applied Science Mannheim, Germany

Copyright © 2023 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 December 2023

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Federal Ministry of Education and Research [Bundesministerium für Bildung und Forschung] (BMBF)
Agence Nationale de la Recherche (ANR)

Conference

CSCS '23

Sponsor:

CSCS '23: Computer Science in Cars Symposium

December 5, 2023

Darmstadt, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
157
Total Downloads

Downloads (Last 12 months)96
Downloads (Last 6 weeks)6

Reflects downloads up to 09 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Vielberth MRaab KGlas MGrümer PPernul G(2024)Elevating TARA: A Maturity Model for Automotive Threat Analysis and Risk AssessmentProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670888(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670888
Al-Momani ABalenson DMann ZPape SPetit JBösch C(2024)Navigating Privacy Patterns in the Era of Robotaxis2024 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW61312.2024.00011(32-39)Online publication date: 8-Jul-2024
https://doi.org/10.1109/EuroSPW61312.2024.00011

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Table of Contents