Date of Award

2-15-2024

Publication Type

Dissertation

Degree Name

Ph.D.

Department

Civil and Environmental Engineering

Keywords

AV Epidemic;Cybersecurity;Information Theory;ITS;Privacy;Re-identification

Supervisor

Yong Kim

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Abstract

This dissertation addresses cybersecurity and privacy risks in ITS, focusing on the escalating cyberattacks on AVs and data breaches in areas like smart cards. We explore novel malware threats to AVs and hacker strategies impacting physical infrastructure, underscoring the need for enhanced security in the evolving AV sector. This dissertation also emphasizes the importance of researching privacy risks, especially with the rise in privacy breaches and extortion attempts involving sensitive personal information. Understanding the implications of publicly shared data is crucial in this context. Chapter 1 raises research questions regarding the two main pillars, cybersecurity and privacy issues in ITS. Based on the questions, Chapters 2, 3 and 4 deal with these questions, presenting key insights this research found. Chapter 2 focuses on a case of vehicle hacking, specifically examining the implications of Stuxnet-style malware. Stuxnet attack methodology provides a critical context for understanding potential threats to AV systems. This chapter introduces a mathematical model to analyze how similar malware could spread both temporally and spatially in the context of AVs. Inspired by epidemiology and ecology, this approach conceptualizes malware as an infectious disease to study its propagation dynamics. This is the first attempt to apply such a model to the spread of Stuxnet-style malware in AV environments, paving the way for future research on the temporal and geographic spread of infectious malware in AV networks. Chapter 3 delves into the privacy risks associated with the public sharing of COVID-19 patients' travel records during the pandemic. This measure, intended for public health safety, inadvertently risked exposing sensitive personal travel details. The chapter examines how combining these records with other open-data sources might allow for the re-identification of individuals' private information. We quantify these re-identification risks, focusing on the volume and accuracy of the shared records, along with the variety of locations that the patients visited. This analysis is crucial for understanding the privacy implications of such data-sharing practices in public health contexts. Chapter 4 introduces a method to quantify privacy risks using information theory, measuring information as entropy units. We use synthetic data to model individual travel patterns, combining these into a unit termed a cube that encapsulates both time and space elements. The study focuses on how adding these cubes affects privacy risk, particularly by assessing the novel information each cube contributes. This allows us to quantify the distinct information within various data sequences, using joint and conditional entropy to understand uncertainty fluctuations as more cubes are added. Lastly, Chapter 5 concludes this dissertation’s insights that potential malware attacks can bring about magnificent physical destructions by manipulating infected AVs, privacy risks may emerge with the combination of external observations data, and information theory-based methodologies can quantify the risks in individual pieces of information. These insights can emphasize the necessity of our research.

Download

Share

COinS