Cybersecurity in the Transportation Ecosystem

A special issue of Journal of Cybersecurity and Privacy (ISSN 2624-800X). This special issue belongs to the section "Security Engineering & Applications".

Deadline for manuscript submissions: closed (10 October 2022) | Viewed by 20804

Special Issue Editors


E-Mail Website
Guest Editor
ICT Security, Department of Informatics, Athens University of Economics & Business, Athens, Greece
Interests: cybersecurity; critical infrastructure protection (avia-tion, maritime, oil & gas); malware; risk assessment; security management and culture; security in socio-technical systems
Special Issues, Collections and Topics in MDPI journals

E-Mail Website
Guest Editor
Security in Distributed Applications, Hamburg University of Technology, Hamburg, Germany
Interests: communications security; software security; brain computer interfaces; cyber-physical systems; risk management in socio-technical systems

E-Mail Website
Guest Editor
School of Computer Science, University of Nottingham, Nottingham NG8 1BB, UK
Interests: human aspects of cyber security; user authentication and biometrics; usable security; security management and governance; security awareness and culture
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

The transportation ecosystem, including airlines, airports, ships, ports, trains, cars and other vehicles, provides invaluable services to the Government, industry and citizens. The transportation ecosystem collects, stores, and processes vast volumes of valuable data that can be used to monetize the threat vectors. Transportation industries and their digital and information systems, as well as their staff, travelers, and cargo, are rapidly emerging as one of the most attacked industries, where cyberattacks have become more frequent due to the wealth of available data and their high economic value. Moreover, the phenomenon of the growing number of self-driven cars, trains, and metro—and the connected travelers—increases the need for efficient cybersecurity methods and technologies. Today, cyberattacks target the transportation ecosystem not only for the value of the data but also for damaging critical infrastructures or for disrupting critical services. Such attacks can downgrade a country or a company reputation and also pose a severe threat to staff and passenger safety. Relevant indices (e.g., the X-Force Threat Intelligence Index) clearly demonstrate that the transportation industry is now ranked at the 2nd position for cyberattacks (it was 10th in 2019). As such, it represents a significant issue of in-creasing prominence, with the potential for large-scale impact at many levels.

Topics of interest:

  • Information Sharing for Transportation Industries;
  • Cyber Intelligence Methods and Tools for Transportation Industries;
  • Cybersecurity in the Aviation Sector;
  • Airport Information Systems Security;
  • Cyberthreats and Cyberattacks to Airplanes;
  • Cybersecurity in the Maritime Industry;
  • Security of Port Information Systems;
  • Cyberthreats and Cyberattacks to Ships and Ports
  • Cybersecurity in Land Transportation;
  • Cyberthreats and Cyberattacks to Autonomous Vehicles;
  • Cyberthreats to Rail, Metro, Freight;
  • Rail Information Systems Security;
  • Cybersecurity of Vehicle Systems and External Networks Interfaces;
  • Cybersecurity of Space Vehicles and Information Systems;
  • Cybersecurity and Emergency Management in Transportation Industries;
  • Cyberthreat Assessment of the Transportation Sector;
  • Supply Chain Security for Transportation Industries;
  • Surveys or Case Studies of Cyberattacks to Transportation Industries;

The Special Issue has interest in presenting insights into the threats and attacks facing transportation systems, alongside new advances in the safeguards that can be used to protect against them. Within this, we are also keen to receive submissions that span the breadth of the domain, encompassing technical, organizational, and human perspectives on the topic.

Prof. Dimitris A. Gritzalis
Prof. Dieter Gollmann
Prof. Steven Furnell
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Journal of Cybersecurity and Privacy is an international peer-reviewed open access quarterly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 1000 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Published Papers (3 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

Jump to: Review

22 pages, 497 KiB  
Article
A Distributed Model for Privacy Preserving V2I Communication with Strong Unframeability and Efficient Revocation
by Panayiotis Kalogeropoulos, Dimitris Papanikas and Panayiotis Kotzanikolaou
J. Cybersecur. Priv. 2022, 2(4), 778-799; https://doi.org/10.3390/jcp2040040 - 20 Sep 2022
Viewed by 9341
Abstract
Although Vehicle to Infrastructure (V2I) communications greatly improve the efficiency of early warning systems for car safety, communication privacy is an important concern. Although solutions exist in the literature for privacy preserving VANET communications, they usually require high trust assumptions for a single [...] Read more.
Although Vehicle to Infrastructure (V2I) communications greatly improve the efficiency of early warning systems for car safety, communication privacy is an important concern. Although solutions exist in the literature for privacy preserving VANET communications, they usually require high trust assumptions for a single authority. In this paper we propose a distributed trust model for privacy preserving V2I communications. Trust is distributed among a certification authority that issues the vehicles’ credentials, and a signing authority that anonymously authenticates V2I messages in a zero knowledge manner. Anonymity is based on bilinear pairings and partially blind signatures. In addition, our system supports enhanced conditional privacy since both authorities and the relevant RSU need to collaborate to trace a message back to a vehicle, while efficient certificateless revocation is supported. Moreover, our scheme provides strong unframeability for honest vehicles. Even if all the entities collude, it is not possible to frame a honest vehicle, by tracing a forged message back to an honest vehicle. The proposed scheme concurrently achieves conditional privacy and strong unframeabilty for vehicles, without assuming a fully trusted authority. Our evaluation results show that the system allows RSUs to efficiently handle multiple messages per second, which suffices for real world implementations. Full article
(This article belongs to the Special Issue Cybersecurity in the Transportation Ecosystem)
Show Figures

Figure 1

19 pages, 2059 KiB  
Article
Generic Patterns for Intrusion Detection Systems in Service-Oriented Automotive and Medical Architectures
by Andreas Puder, Marcel Rumez, Daniel Grimm and Eric Sax
J. Cybersecur. Priv. 2022, 2(3), 731-749; https://doi.org/10.3390/jcp2030037 - 14 Sep 2022
Cited by 3 | Viewed by 3112
Abstract
To implement new software functions and more flexible updates in the future as well as to provide cloud-based functionality, the service-oriented architecture (SOA) paradigm is increasingly being integrated into automotive electrical and electronic architecture (E/E architectures). In addition to the automotive industry, the [...] Read more.
To implement new software functions and more flexible updates in the future as well as to provide cloud-based functionality, the service-oriented architecture (SOA) paradigm is increasingly being integrated into automotive electrical and electronic architecture (E/E architectures). In addition to the automotive industry, the medical industry is also researching SOA-based solutions to increase the interoperability of devices (vendor-independent). The resulting service-oriented communication is no longer fully specified during design time, which affects information security measures. In this paper, we compare different SOA protocols for the automotive and medical fields. Furthermore, we explain the underlying communication patterns and derive features for the development of an SOA-based Intrusion Detection System (IDS). Full article
(This article belongs to the Special Issue Cybersecurity in the Transportation Ecosystem)
Show Figures

Figure 1

Review

Jump to: Research

15 pages, 1266 KiB  
Review
Automotive Vulnerability Disclosure: Stakeholders, Opportunities, Challenges
by Robin Bolz and Reiner Kriesten
J. Cybersecur. Priv. 2021, 1(2), 274-288; https://doi.org/10.3390/jcp1020015 - 6 May 2021
Cited by 3 | Viewed by 7121
Abstract
Since several years, the overall awareness for the necessity to consider a vehicle as a potentially vulnerable system is facing accelerated growth. In 2015, the safety relevant exploitability of vulnerabilities through cyber attacks was exposed to a broader public for the first time. [...] Read more.
Since several years, the overall awareness for the necessity to consider a vehicle as a potentially vulnerable system is facing accelerated growth. In 2015, the safety relevant exploitability of vulnerabilities through cyber attacks was exposed to a broader public for the first time. Only a few months after this attack has reached public awareness, affected manufacturer implemented one of the first bug bounty programs within the automotive field. Since then, many others followed by adapting some of ITs good practices for handling and responsibly disclose found and reported vulnerabilities for the automotive field. Nevertheless, this work points out that much remains to be done concerning quantity and quality of these measures. In order to cope with this, this present paper deals with what can be learned from IT and which conclusions can be drawn from these findings in the light of special conditions in the automotive environment. Furthermore, current handling and challenges regarding the disclosure process of vulnerabilities in the automotive sector are presented. These challenges are addressed by discussing desirable conditions for a beneficial disclosure culture as well as requirements and responsibilities of all parties involved in the disclosure process. Full article
(This article belongs to the Special Issue Cybersecurity in the Transportation Ecosystem)
Show Figures

Figure 1

Back to TopTop