Automotive Cybersecurity Part - 3: Threat Modeling

December 20, 2024
Automotive CybersecurityPenetration TestinInfotainment SystemsThreat Modeling

🚗 Threat Modeling for Cars

As connected vehicles become more complex and internet enabled, cybersecurity becomes a top priority. In this article, we explore detailed methodologies like STRIDE, VAST, and PASTA to model threats and improve the security posture of Cyber Physical Vehicles (CPVs), focusing specifically on head units (HU) and telematics control units (TCU).

🛡️ Threat modeling

It Is the structured process of identifying, evaluating, and prioritizing potential threats in a system from an attacker’s point of view. It helps determine

  • The system’s assets
  • Potential attack vectors
  • Relevant trust boundaries
  • Mitigation strategies for each threat

🧾 The STRIDE Model

Developed by Microsoft, STRIDE stands for

  • 🕵️‍♂️ Spoofing Impersonating identities (e.g., session hijacking)
  • 🛠️ Tampering Unauthorized data manipulation (e.g., SQL injection)
  • 🧾 Repudiation Untraceable user actions (e.g., poor logging)
  • 🔓 Information Disclosure Unintended data leaks (e.g., verbose exceptions)
  • 🚫 Denial of Service Making systems unavailable
  • 🧗‍♂️Elevation of Privilege Gaining unauthorized high-level access

Each component and interaction is analyzed for threats from these categories.

✅ Sample Threat Modeling Process

1. Create Asset Register

Assets include:
- Radio chipset
- WiFi and Bluetooth interface
- Applications processor
- Camera input
- Secure Key Store

2. Draw a Data Flow Diagram (DFD)

Depict flows between HU, TCU, GSM, and OEM backend.

3. Define Trust Boundaries

Example

  • wlan0 accepts only MAC from HU
  • Root auto logins based on IP from network pool

4. Identify Threats & Vulnerabilities

STRIDE per interaction is recommended for efficiency.

Example threats

  • Evil Twin WiFi attacks
  • Bluejacking via Bluetooth
  • OTA update interception via GSM

🚗 Attack Tree Modeling

Attack trees map attacker goals (root node) and steps to achieve them (leaf nodes).

Example tree: Getting private key from TCU

  • Sniffing GSM exchange
  • Rogue BTS session hijack
  • Exploiting SSH/HTTP services

🧾 VAST and PASTA Frameworks

VAST (Visual, Agile, and Simple Threat)

  • Divides modeling into application and infrastructure layers
  • Ideal for Agile environments
  • Uses Process Flow Diagrams (PFDs) over DFDs

PASTA (Process for Attack Simulation and Threat Analysis)

7 Stages

  1. Define business/security objectives
  2. Define technical scope
  3. Decompose system
  4. Identify threat agents
  5. Identify vulnerabilities
  6. Model exploits
  7. Risk/impact analysis

🛜 Example: Evil Twin Attack

Asset: TCU
Threat: MITM over WiFi
Attack: HU connects to attacker’s AP broadcasting same SSID
Result: Private key/session hijack

🧠 Final Thoughts

Effective threat modeling is essential to safeguard connected vehicle components. STRIDE, VAST, and PASTA provide structured methods to uncover vulnerabilities and build secure architectures that defend against real world threats.

← Previous: Pre-Engagement

Next: → Risk Management