Secure digital forensics framework for vehicle maintenance service records

Abstract

Automotive technology is soaring and has reached an advanced phase. Despite their benefits, these advancements may expose vehicles to additional threats, particularly regarding security and data management. Currently, handling maintenance service records is a manual process, which may lead to inaccuracy, unavailability, and limited consumer access. These concerns are compounded by the lack of trustworthy platforms or legitimate sources for retrieving the history of vehicle maintenance service records. The objectives of this research are to identify a list of stakeholders to define their roles and responsibilities, to identify the security requirements that need to be implemented and to establish a secure framework and communication protocol to address these concerns. Stakeholders were identified through a snowball literature review method, and their roles were assessed to ensure comprehensive coverage of the vehicle maintenance ecosystem. The security requirements were derived using Threat and Vulnerability Risk Assessment (TVRA) and Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) threat modelling methodologies and then used in designing the secure frameworks and communication protocol for vehicle maintenance service records. The proposed frameworks that are designed for scheduled and repair maintenance services implement the use of consortium blockchain technology as it provides a decentralised yet controlled access to ensure that only authorised stakeholders can contribute and validate data. This approach helps to protect vehicle maintenance service records from unauthorised access and data manipulation. A secure communication protocol which mainly focuses on the grant access process for new vehicle owners was developed and then formally analysed using the Scyther Tool. This tool is chosen because of its ability to rigorously verify the security of protocols. As a result, this research listed eight stakeholders that are involved in the vehicle maintenance service records. The security requirements identified are then implemented in designing the secure frameworks and secure communication protocol to address and maintain the confidentiality, integrity and availability of vehicle maintenance service records. The integration of these solutions not only safeguards maintenance records but also supports digital forensics in providing a robust foundation for advancing the management and security of vehicle maintenance data.