Securing Passenger’s Data in Autonomous Vehicles

Abstract

Autonomous vehicles (AV) are becoming a part of humans’ everyday life. This thesis aims to determine how passenger’s personal data can be protected in the autonomous vehicle. On the one hand, during the ride, autonomous vehicles are highly dependent on passenger’s data usage, and the privacy of personal data is mandatory to be guaranteed to AV passengers. On the other hand, assuring the security in the Passenger–AV interaction is a required aspect to address, as along with opportunities, new cybersecurity risks and challenges occur. Firstly, the thesis presents an approach of security risk management in the Passenger-AV interaction based on the ISSRM domain model. The research results in the identified protected assets and a threat model. The security risks are detected based on the proposed threat model, and corresponding security requirements are elicited. Secondly, the thesis demonstrates how the tool-supported business process analysis can be utilised for passenger’s personal data privacy protection. We illustrate how tool-supported GDPR-compliance check can be exploited and how to use data disclosure analysis for preventing passenger’s personal data leakage. Besides, the thesis presents a few designs proposing to adopt privacy-enhancing technologies for personal data protection. The research is conducted in the lab settings in the form of a case study. The findings of the thesis are not dependant on the AV hardware architecture and can be generalised to other scenarios of Passenger–AV interaction. They are suitable for AV systems used by ride-hailing service providers that enable supervisory AV control. The presented data protection approach is also appropriate for other autonomous motor vehicle types that transport people.