Intelligent transportation systems, such as connected vehicles, are able to establish real-time, optimized and collision-free communication with the surrounding ecosystem. Introducing the internet of things (IoT) in connected vehicles relies on deployment of massive scale sensors, actuators, electronic control units (ECUs) and antennas with embedded software and communication technologies. Combined with the lack of designed-in security for sensors and ECUs, this creates challenges for security engineers and architects to identify, understand and analyze threats so that actions can be taken to protect the system assets. This paper proposes a novel STRIDE-based threat model for IoT sensors in connected vehicle networks aimed at addressing these challenges. Using a reference architecture of a connected vehicle, we identify system assets in connected vehicle sub-systems such as devices and peripherals that mostly involve sensors. Moreover, we provide a prioritized set of security recommendations, with consideration to the feasibility and deployment challenges, which enables practical applicability of the developed threat model to help specify security requirements to protect critical assets within the sensor network.

2022 IEEE 95th Vehicular Technology Conference: (VTC2022-Spring)