Abstract
Vehicle-to-Vehicle (V2V) communication allows vehicles to exchange information to work cooperatively which promotes safety, mobility, and entertainment applications. The U.S. Department of Transportation (US-DOT) is mandating this technology to be equipped in all new vehicles in the U.S. by 2021. However, such a cooperative system opens new cybersecurity threats and vulnerabilities. Broadcasted basic safety messages influence operations that require integrity assurance to prohibit unauthorized modification, guarantee the authenticity of the source, and safeguard sensitive data to uphold privacy. Vehicular Public Key Infrastructure (V-PKI) is a critical component to secure this prominent transportation technology. The Security Credential Management System (SCMS) is the leading candidate design for V-PKI that facilitates trusted communications by managing security certificates for authorized devices while protecting the privacy of vehicular users. This research focuses on threat analysis to the proposed SCMS for its main use cases. Using the Microsoft Threat Modeling tool, the work identifies threats into six categories of the STRIDE threat classification model: Spoofing Identity, Tampering with Data, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. The tool also recommends mitigation strategies to each threat, matching with current SCMS defense mechanics. The research explores different attack schemes detrimental to the safety of individuals that vehicular communications technology is meant to protect. These attacks use compromised private keys of V-PKI to cause accidents, track specific vehicles, and cause hysteria within the system. The work confirms SCMS readiness as a vital V-PKI for vehicular networks and recommends several defense enhancements.