IRIS

Mobility-as-a-Service (MaaS) is transforming smart cities by promoting affordability, inclusivity, multimodal efficiency, and environmental sustainability. This platform collects, uses, and shares sensitive user information, such as geolocation, payment, and personal data, to enable its service offerings. These information are valuable targets for attackers; thus, securing them requires a holistic approach that addresses the platform's security and privacy requirements. However, despite the growing adoption of MaaS, their privacy risk assessment is still an open issue. In this study, we present a threat-driven approach that leverages LINDDUN privacy threat analysis to support the Threat, Vulnerability, and Risk Assessment (TVRA) methodology. We demonstrate the utility of our approach through a simple case study of the trip booking fulfillment process. The main result of this study, alongside the threat-driven approach, is the identification of twenty soft privacy threats in MaaS and their corresponding controls. Additionally, leveraging the NIST 800-53 framework, our study extends privacy risk assessment literature by addressing specific privacy risks in MaaS.

Towards a Privacy Resilient Mobility-as-a-Service (MaaS): A Threat-driven Approach / Ekpo, Otuekong; Casola, Valentina; De Benedictis, Alessandra. - (2024), pp. 217-224. (Intervento presentato al convegno 6th IEEE International Conference on Smart Systems and Technologies, SST 2024 tenutosi a hrv nel 2024) [10.1109/sst61991.2024.10755473].

Towards a Privacy Resilient Mobility-as-a-Service (MaaS): A Threat-driven Approach

Casola, Valentina;De Benedictis, Alessandra
2024

Abstract

Mobility-as-a-Service (MaaS) is transforming smart cities by promoting affordability, inclusivity, multimodal efficiency, and environmental sustainability. This platform collects, uses, and shares sensitive user information, such as geolocation, payment, and personal data, to enable its service offerings. These information are valuable targets for attackers; thus, securing them requires a holistic approach that addresses the platform's security and privacy requirements. However, despite the growing adoption of MaaS, their privacy risk assessment is still an open issue. In this study, we present a threat-driven approach that leverages LINDDUN privacy threat analysis to support the Threat, Vulnerability, and Risk Assessment (TVRA) methodology. We demonstrate the utility of our approach through a simple case study of the trip booking fulfillment process. The main result of this study, alongside the threat-driven approach, is the identification of twenty soft privacy threats in MaaS and their corresponding controls. Additionally, leveraging the NIST 800-53 framework, our study extends privacy risk assessment literature by addressing specific privacy risks in MaaS.
2024
Towards a Privacy Resilient Mobility-as-a-Service (MaaS): A Threat-driven Approach / Ekpo, Otuekong; Casola, Valentina; De Benedictis, Alessandra. - (2024), pp. 217-224. (Intervento presentato al convegno 6th IEEE International Conference on Smart Systems and Technologies, SST 2024 tenutosi a hrv nel 2024) [10.1109/sst61991.2024.10755473].
4.1 Articoli in Atti di convegno
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11588/993150
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 0
  • ???jsp.display-item.citation.isi??? ND
social impact