Threat Analysis of the Security Credential Management System for Vehicular Communications

Abstract

Vehicle-to-Vehicle (V2V) communication allows vehicles to exchange information to work cooperatively which promotes safety, mobility, and entertainment applications. The U.S. Department of Transportation (US-DOT) is mandating this technology to be equipped in all new vehicles in the U.S. by 2021. However, such a cooperative system opens new cybersecurity threats and vulnerabilities to consider. Broadcasted basic safety messages influence operations that require integrity assurance to prohibit unauthorized modification, guarantee the authenticity of the source, and safeguard sensitive data to uphold privacy. Vehicular Public Key Infrastructure (V-PKI) is a critical component to secure this prominent transportation technology. The Security Credential Management System (SCMS) is the leading candidate design for V-PKI that facilitates trusted communications by managing security certificates for authorized devices while protecting the privacy of vehicular users. This research focuses on identifying and analyzing threats to the proposed SCMS for its main use cases. Using the Microsoft Threat Modeling tool, this work identifies threats into six categories of the STRIDE threat classification model: Spoofing Identity, Tampering with Data, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This tool recommends mitigation strategies to each threat, to which this research matches to current SCMS defense mechanics. This work ensures SCMS readiness as a vital V-PKI for vehicular networks.