Electronic Control Units (ECUs) of a vehicle control the behavior of its devices–e.g., break and engine. They communicate through the in-vehicle network. Vehicles communicate with other vehicles and Road Side Units (RSUs) through Vehicular Ad-hoc Networks (VANets), with personal devices through Wireless Per- sonal Area Networks (WPANs), and with service center systems through cellular networks. A vehicle that uses an external network, in addition to the in-vehicle network, is called connected vehicle.
A connected vehicle could benefit from smart mobility applications: applications that use information generated by vehicles, e.g., cooperative adaptive cruise control. However, connecting in-vehicle network, VANet, WPAN, and cellular network in- creases the count and complexity of threats to vehicles, which makes developing security and privacy solutions for connected vehicles more challenging.
In this work we provide a taxonomy for security and privacy aspects of connected vehicle. The aspects are: security of communication links, data validity, security of devices, identity and liability, access control, and privacy of drivers and vehicles. We use the taxonomy to classify the main threats to connected vehicles, and existing solutions that address the threats. We also report about the (only) approach for verifying security and privacy architecture of connected vehicle that we found in the literature. The taxonomy and survey could be used by security architects to develop security solutions for smart mobility applications.
