Practical Security and Privacy Threat Analysis in the Automotive Domain: Long Term Support Scenario for Over-the-Air Updates

Keeping a vehicle secure implies provide of a long-term support, where over-the-air updates (OTA) play an essential role. Clear understanding of OTA threats is essential to counter them efficiently. Existing research on OTA threats often exclude human actors, such as drivers and maintenance personnel, as well as leave aside privacy threats. This paper addresses the gap by investigates security and privacy OTA threats relevant for vehicle manufacturers for the whole product lifecycle. We report on a practical scenario "long term support", its data flow elements, and outcomes of threat analyses. We apply state of the art approaches, such as STRIDE (extended with an automotive template) and LINDDUN, to an automotive case and consider an automotive-specific UNECE OTA threat catalogue. Outcomes indicate complementarity of these methods and provide inputs to studies how well they address practical automotive cases.