Provisioning Security in a Next Generation Mobility as a Service System

The urban mobility landscape is evolving at an amazing rate, with the number of mobility services growing rapidly around the world. This evolution has brought about the concept of Mobility-as-a-Service (MaaS) in providing transportation services. MaaS capitalises on the Internet of Things to provide access to seamless multi- and inter-modal mobility to the end-user. A well implemented MaaS scheme involves many stakeholders, including passengers, producing, sharing, and consuming (personal) data. In order to encourage MaaS uptake in the general population, participating stakeholders must be confident of the ensuing data privacy and security, as part of their interactions with the system. In this paper, we use STRIDE Threat Modeling framework to analyse the threats that may arise in a MaaS ecosystem. From these threats, we develop mitigations that can be used to eliminate and/or reduce such threats. This threat elicitation and their accompanying mitigations can be used as springboards to establish the necessary security to engender trust in MaaS usage.

Automated summary

The urban mobility landscape is rapidly evolving with the growth of mobility services worldwide. This has led to the concept of Mobility-as-a-Service (MaaS) which aims to provide seamless multi- and inter-modal transportation services to users. In order to promote MaaS adoption among the general population, stakeholders must have confidence in data privacy and security within the system.