摘要
针对智能网联汽车隐私泄露风险评估中不完整、主观性强、难以量化损失的问题,提出了一种定性和定量结合的隐私风险评估模型。首先在定性风险评估模型的基础上,提出了新的隐私分类,扩展了现有标准的隐私影响评级;其次,设计了一种基于Wi-Fi的隐私泄露检测方案,解决定量评估中的数据收集问题;最后,对泄露的隐私数据从信息熵、影响等级、个人身份信息类型等多因素进行综合价值度量,引入隐私数据定价模型量化攻击收益,将攻击收益和概率的乘积作为预估损失值。通过3辆智能网联汽车的真车实验,证明了该隐私泄露检测方案的可行性。对隐私数据的定性和定量风险评估表明,扩展的影响评级、隐私度量和定价模型优于现有方案,有效量化了智能网联汽车的隐私泄露风险,定量转换的风险值与定性评估的风险值具有良好的一致性。
Aiming at the problems of being incomplete,subjective and difficult to quantify loss in privacy disclosure risk assessment of intelligent connected vehicles,a privacy risk assessment model combining qualitative and quantitative methods is proposed.First,based on the qualitative risk assessment model,a new privacy classification is proposed,which extends the privacy impact rating of the existing standard.Second,a privacy leakage detection scheme based on Wi-Fi is designed to solve the problem of data collection in quantitative evaluation.Finally,the comprehensive value measurement of the leaked privacy data is carried out from the information entropy,influence level,personal identifiable information type and other factors.The privacy data pricing model is introduced to quantify the attack benefits,and the product of attack benefits and probability is taken as the estimated loss value.The feasibility of the privacy leakage detection scheme is proved through the real car experiment on three intelligent connected cars.The qualitative and quantitative risk assessment of privacy data shows that the extended impact rating,privacy measurement and pricing model are superior to those of the existing scheme,and that the scheme effectively quantifies the privacy disclosure risk of intelligent connected vehicles.The risk value of quantitative conversion is in good agreement with that of the risk value of qualitative assessment.
作者
杨波
钟永超
杨浩男
徐紫枫
李晓琦
张玉清
YANG Bo;ZHONG Yongchao;YANG Haonan;XU Zifeng;LI Xiaoqi;ZHANG Yuqing(School of Cyberspace Security,Hainan University,Haikou 570208,China;National Computer Network Intrusion Prevention Center,University of Chinese Academy of Sciences,Beijing 101408,China)
出处
《西安电子科技大学学报》
EI
CAS
CSCD
北大核心
2023年第4期215-228,共14页
Journal of Xidian University
基金
国家自然科学基金(U1836210)
海南省重点研发计划(GHYF2022010)
海南大学科研启动基金(RZ2100003335)。
