Approach to Generic Multilevel Risk Assessment of Automotive Mobile Access Systems

Termin, Thomas; Lichte, Daniel; Wolf, Kai-Dietrich

doi:10.3850/978-981-14-8593-0_5778-cd

Cited by 2 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As qualitatively described in Termin et al (2022) and criticized in Termin et al (2021), there are biases compared to the ICM: If protection and intervention are good, but observation is very poor, then the Harnser vulnerability score would be in the midrange. However, according to the ICM, the system would be highly vulnerable, because an intervention can only succeed if an attacker is detected in time -i.e.…”

Section: Introductionmentioning

confidence: 99%

Risk Adjusting of Scoring-based Metrics in Physical Security Assessment

Termin,

Lichte,

Wolf

2023

Proceeding of the 33rd European Safety and Reliability Conference

View full text Add to dashboard Cite

Scoring-based systems are used worldwide to assess safety and security risks. Due to their ease of use, qualitative and semi-quantitative metrics are very popular. However, there may be the possibility that these scores do not accurately reflect the real risk, as was e.g. shown by Braband (2008) or Krisper (2021). In the worst case, this can lead to a misguided investment in measures. To avoid this, an adjustment of the scoring to a quantitative metric is required. The examples of the semi-quantitative Harnser metric and the quantitative vulnerability metric of Lichte et al. ( 2016) from physical security -in this work called intervention capability metric (ICM) -are used to show in this paper how to transfer a well-defined performance mechanism for quantitatively calculating physical vulnerability into consistent scores. To enable the transfer, this paper performs a metrical analysis. The results of the Harnser metric are extended by estimated probability intervals and compared to the results of the ICM. Different types of scales are used. Subsequently, we analyze measures to align the results of these two metrics, such as modifying the assignment of scores to scale categories or adjusting the probability intervals behind the scores. As an output, the metrical analysis generates rating scales for the Harnser scoring system that can be used to replicate quantitative vulnerability values. The results contribute to making more risk-appropriate decisions. Finally, we critically evaluate possibilities and limitations of metrical adaptability and summarize results.

show abstract

Section: Introductionmentioning

confidence: 99%

Risk Adjusting of Scoring-based Metrics in Physical Security Assessment

Termin,

Lichte,

Wolf

2023

Proceeding of the 33rd European Safety and Reliability Conference

View full text Add to dashboard Cite

show abstract

“…The evaluation of security and the justified use of measures to reduce the inherent vulnerability of car security systems is perceived as a special challenge for vendors and users of mobile access systems (MAS), as usually only limited resources are available (Termin et al 2020). The concept of Performance Risk-based Integrated Security Methodology (PRISM) by the Harnser Group (2010) allows conducting a guided qualitative and semi-quantitative security analysis of physical infrastructures.…”

Section: Introductionmentioning

confidence: 99%

“…In order to enable the digital car access service, different interfaces are needed between the systemic actors, e.g. backend, mobile device and locking device (Termin et al 2020). If cars and its inventory are considered attractive for an attacker, a thorough risk analysis is required to protect the economic viability of the business model behind the MAS use case.…”

Section: Introductionmentioning

confidence: 99%

Physical Security Risk Analysis for Mobile Access Systems Including Uncertainty Impact

Termin¹,

Lichte²,

Wolf³

2021

Proceedings of the 31st European Safety and Reliability Conference (ESREL 2021)

Self Cite

View full text Add to dashboard Cite

Protection against car theft, involving organized crime, is a growing threat for car owners as well as fleet management providers. This brings the use of security technologies into automotive industry. The evaluation of security and the justified use of measures to reduce vulnerability of car security systems is perceived as a special challenge for vendors and users of mobile access systems (MAS), as usually only limited resources for design and analysis are available. A lack of adequate reference works and specifications in the form of concrete recommendations for action, guidelines or standards often leads to proprietary security assessments heavily relying on compliance checks. These assessments often lack sufficiency regarding application-specificity and target-orientation in terms of a good cost benefit ratio. This is true for MAS in particular, as they are relatively new products with specific use cases and boundary conditions. The open-available Performance Risk-based Integrated Security Methodology (PRISM) allows a performance-based physical security assessment of critical infrastructures (CRITIS) and initiated a paradigm shift towards performance-based methods within this area. However, PRISM comprises semi-quantitative approaches only and thus does not allow for the consideration of uncertainty impact. Moreover, the approach has not been applied to mobile access systems (MAS) yet. This paper aims at applying the concept of PRISM to the use case of MAS by extending and optimizing it to enable a holistic risk assessment considering uncertainties.

show abstract

Approach to Generic Multilevel Risk Assessment of Automotive Mobile Access Systems

Cited by 2 publications

References 0 publications

Risk Adjusting of Scoring-based Metrics in Physical Security Assessment

Risk Adjusting of Scoring-based Metrics in Physical Security Assessment

Physical Security Risk Analysis for Mobile Access Systems Including Uncertainty Impact

Contact Info

Product

Resources

About