Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Security and Privacy Challenges and Solutions in Autonomous Driving Systems: A Comprehensive Review

by 

Giuseppe Lippi ;

Mahmoud Aljawarneh ;

Qais Al-Na’amneh ;

Rahaf Hazaymih ;

Lachhman Das Dhomeja

PDF logoPDF

Published: 2025/05/06

Abstract

The rapid advancement of autonomous driving technology has transformed modern transportation, offering enhanced safety, efficiency, and convenience. However, as these vehicles become increasingly connected and reliant on complex software and sensor-based systems, they also become prime targets for a wide range of cyber and privacy threats. This review paper comprehensively examines the current landscape of security and privacy in autonomous driving systems. We explore emerging attack vectors targeting key components such as sensor perception, vehicle-to-everything (V2X) communication, machine learning models, and internal control systems. Particular attention is given to adversarial machine learning, GPS spoofing, Controller Area Network (CAN) bus attacks, and data privacy breaches. In parallel, we evaluate existing defense mechanisms and mitigation strategies, including intrusion detection systems (IDS), secure communication protocols, hardware-based security modules, and privacy-preserving architectures. We also highlight key challenges in securing autonomous systems, identify gaps in current research, and propose directions for future work to build resilient and trustworthy autonomous vehicles. This review aims to provide researchers and practitioners with a consolidated foundation for understanding and advancing the security posture of next-generation autonomous driving technologies.

Keywords

Autonomous vehiclesCybersecurityPrivacySecurity Attacks Defense MechanismsSensor SecurityV2X SecurityAutonomous Driving Systems

Doi Link

https://doi.org/10.63180/jcsra.thestap.2025.3.3

How to Cite the Article

Lippi, G., Aljawarneh, M., Al-Na’amneh, Q., Hazaymih, R., & Dhomeja, L. D. (2025). Security and Privacy Challenges and Solutions in Autonomous Driving Systems: A Comprehensive Review. Journal of Cyber Security and Risk Auditing, 2025(3), 23–41. https://doi.org/10.63180/jcsra.thestap.2025.3.3

Security and Privacy Challenges and Solutions in Autonomous Driving Systems: A Comprehensive Review is licensed under CC BY 4.0CCBY

References

  1. David Bissell, Thomas Birtchnell, Anthony Elliot, and Eric L Hsu. Autonomous automobilities: the social impacts of driverless vehicles. Current Sociology, 68(1):116–134, 2020.
  2. Mohammad Aljaidi, Ayoub Alsarhan, Dimah Al-Fraihat, Ahmed Al-Arjan, Bashar Igried, Subhieh M El-Salhi, Muhammad Khalid, and Qais Al-Na’amneh. Cybersecurity threats in the era of ai: Detection of phishing domains through classification rules. In 2023 2nd International Engineering Conference on Electrical, Energy, and Artificial Intelligence (EICEEAI), pages 1–6. IEEE, 2023.
  3. Shatha Ali, Mohammad Alshinwan, Osama A Khashan, Mohammad Hijjawi, Arar Altawil, Qais AlNa’amneh, Hazem Abu-Adaiq, Hanan Alhardan, Diaa Salama AbdElminaam, Omar Tarawneh, et al. Intrusion detection for wireless sensor networks using parrot algorithm. In Machine Intelligence Applications in Cyber-Risk Management, pages 345–366. IGI Global Scientific Publishing, 2025.
  4. Qais Al-Na’amneh, Mohammad Aljaidi, Ahmad Nasayreh, Hasan Gharaibeh, Rabia Emhamed Al Mamlook, Ameera S Jaradat, Ayoub Alsarhan, and Ghassan Samara. Enhancing iot device security: Cnn-svm hybrid approach for real-time detection of dos and ddos attacks. Journal of Intelligent Systems, 33(1):20230150, 2024.
  5. Qais Al-Na’amneh, Walid Dhifallah, Rahaf Hazaymih, Laith Alzboon, Ayoub Alsarhan, Mohammed Alshinwan, and Rabia Emhamed Al Mamlook. Analysis for detection and mitigation of version number modification attack in the internet of things. 2025.
  6. Qais Al-Na’amneh, Walid Dhifallah, Rahaf Hazaymih, Mohammed Amin Almaiah, Asalla Alsheyab, Mohammad Alshinwan, and Braa Qadoumi. Dis flooding attack impact in rpl-based 6lowpan network. In Machine Intelligence Applications in Cyber-Risk Management, pages 69–84. IGI Global Scientific Publishing, 2025.
  7. Qais Al-Na’amneh, Mahmoud Aljawarneh, and Rahaf Hazaymih. A framework for insider threat detection using role-based profile assessment and threshold. In Utilizing AI in Network and Mobile Security for Threat Detection and Prevention, pages 97–114. IGI Global Scientific Publishing, 2025.
  8. Qais Al-Na’amneh, Mahmoud Aljawarneh, Rahaf Hazaymih, and Rabia Emhamed Al Mamlook. Ethical issues in cyber-security for autonomous vehicles (av) and automated driving: A comprehensive review. Utilizing AI in Network and Mobile Security for Threat Detection and Prevention, pages 173–196, 2025.
  9. Amani Abu-Zaid, Mohammad Aljaidi, Qais Al-Na’amneh, Ghassan Samara, Ayoub Alsarhan, and Braa Qadoumi. Advancements and challenges in the internet of drones security issues: A comprehensive review. Machine Intelligence Applications in Cyber-Risk Management, pages 1–24, 2025.
  10. Liyang Li, Guangsheng Wang, Yuan Zhang, Yujiao Cao, Jian Wang, and Zhiwei Luo. Personalized federated learning scheme for autonomous driving based on correlated differential privacy. Sensors, 21(1):178, 2021.
  11. Scott Drew Pendleton, Hans Andersen, Xinxin Du, Xiaotong Shen, Malika Meghjani, You Hong Eng, Daniela Rus, and Marcelo H Ang. Perception, planning, control, and coordination for autonomous vehicles. Machines, 5(1):6, 2017.
  12. Daniel Bastos, Paulo P Monteiro, Arnaldo SR Oliveira, and Miguel V Drummond. An overview of lidar requirements and techniques for autonomous driving. In 2021 Telecoms Conference (ConfTELE), pages 1–6. IEEE, 2021.
  13. Xiaolin Tang, Kai Yang, Hong Wang, Jiahang Wu, Yechen Qin, Wenhao Yu, and Dongpu Cao. Prediction-uncertainty-aware decision-making for autonomous vehicles. IEEE Transactions on Intelligent Vehicles, 7(4):849–862, 2022.
  14. David Arthur, Christopher Becker, Alex Epstein, Bill Uhl, Scott Ranville, A John, et al. Foundations of automotive software. Technical report, United States. Department of Transportation. National Highway Traffic Safety ..., 2022.
  15. Alessandro De Dominica, Marco De Vincenzi, Roberto Lazzarotti, Fabio Martinelli, and Ilaria Matteucci. A systematic review of security issues in automotive ethernet. ACM Computing Surveys, 56(6):1–38, 2024.
  16. ETSI. Intelligent transport systems (its); security; electronic communications highway (ech); security header and certificate formats. Technical report, ETSI, 2021. Available from ETSI, Accessed: April 2025.
  17. Liyang Chen, Yun Chen, Xiang Li, Hongwei Deng, Yiyang Luo, Jian Zhang, Guang Zeng, Lin Xu, and Tao Luo. A comprehensive review of cybersecurity threats and solutions in autonomous driving systems. Electronics, 13(3):588, 2024.
  18. Amira Guesmi, Muhammad Abdullah Hanif, Bassem Ouni, and Muhammad Shafique. Physical adversarial attacks for camera-based smart systems: Current trends, categorization, applications, research challenges, and future outlook. IEEE Access, 11:109617–109668, 2023.
  19. Amira Guesmi and Muhammad Shafique. Navigating threats: A survey of physical adversarial attacks on lidar perception systems in autonomous vehicles. arXiv preprint arXiv:2409.20426, 2024.
  20. Muhammad Asif Khan, Hamid Menouar, Mohamed Abdallah, and Adnan Abu-Dayya. Lidar in connected and autonomous vehicles-perception, threat model, and defense. IEEE Transactions on Intelligent Vehicles, 2024.
  21. Wahab Ali Gulzar Khawaja. A survey on radar techniques for detection, tracking, and classification of aerial threats. Authorea Preprints, 2023.
  22. Yu Pan, Didi Xie, Yurui Zhao, Xiang Wang, and Zhitao Huang. Overview of radar jamming waveform design. Remote Sensing, 17(7):1218, 2025.
  23. Sagar Dasgupta, Abdullah Ahmed, Mizanur Rahman, and Thejesh N Bandi. Unveiling the stealthy threat: Analyzing slow drift gps spoofing attacks for autonomous vehicles in urban environments and enabling the resilience. arXiv preprint arXiv:2401.01394, 2024.
  24. Zhen Yang, Jun Ying, Junjie Shen, Yiheng Feng, Qi Alfred Chen, Z Morley Mao, and Henry X Liu. Anomaly detection against gps spoofing attacks on connected and autonomous vehicles using learning from demonstration. IEEE Transactions on Intelligent Transportation Systems, 24(9):9462– 9475, 2023.
  25. Yi Zhu, Chenglin Miao, Hongfei Xue, Yunnan Yu, Lu Su, and Chunming Qiao. Malicious attacks against multi-sensor fusion in autonomous driving. In Proceedings of the 30th Annual International Conference on Mobile Computing and Networking, pages 436–451, 2024.
  26. Ziyuan Zhong, Zhisheng Hu, Shengjian Guo, Xinyang Zhang, Zhenyu Zhong, and Baishakhi Ray. Detecting multi-sensor fusion errors in advanced driver-assistance systems. In proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis, pages 493–505, 2022.
  27. Alessandro Giaccaglini. Implementing secured messages for V2X communication. PhD thesis, Politecnico di Torino, 2024.
  28. Xiaoya Xu, Yunpeng Wang, and Pengcheng Wang. Comprehensive review on misbehavior detection for vehicular ad hoc networks. Journal of Advanced Transportation, 2022(1):4725805, 2022.
  29. Peng-Yong Kong. A survey of cyberattack countermeasures for unmanned aerial vehicles. IEEE Access, 9:148244–148263, 2021.
  30. Anastasios Giannaros, Aristeidis Karras, Leonidas Theodorakopoulos, Christos Karras, Panagiotis Kranias, Nikolaos Schizas, Gerasimos Kalogeratos, and Dimitrios Tsolis. Autonomous vehicles: Sophisticated attacks, safety issues, challenges, open topics, blockchain, and future directions. Journal of Cybersecurity and Privacy, 3(3):493–543, 2023.
  31. Yunpeng Zhang, Bidit Das, and Fengxiang Qiao. Sybil attack detection and prevention in vanets: A survey. In Proceedings of the Future Technologies Conference (FTC) 2020, Volume 3, pages 762–779. Springer, 2021.
  32. Wonjin Chung, Jungsub Ahn, and Taeho Cho. Mitm attack detection scheme using monitoring information in v2x communication. In 2023 9th International Conference on Computer and Communications (ICCC), pages 1257–1261. IEEE, 2023.
  33. Aseel Alshuaibi, Mohammed Almaayah, and Aitizaz Ali. Machine learning for cybersecurity issues: A systematic review. Journal of Cyber Security and Risk Auditing, 2025(1):36–46, 2025.
  34. Mozhgan Pourkeshavarz, Mohammad Sabokrou, and Amir Rasouli. Adversarial backdoor attack by naturalistic data poisoning on trajectory prediction in autonomous driving. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 14885–14894, 2024.
  35. Jiacheng Liang, Ren Pang, Changjiang Li, and Ting Wang. Model extraction attacks revisited. In Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, pages 1231–1245, 2024.
  36. Max Panoff, Raj Gautam Dutta, Yaodan Hu, Kaichen Yang, and Yier Jin. On sensor security in the era of iot and cps. SN Computer Science, 2(1):51, 2021.
  37. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199, 2013.
  38. Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, and Dawn Song. Robust physical-world attacks on deep learning visual classification. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 1625–1634, 2018.
  39. Wei Jiang, Tianyuan Zhang, Shuangcheng Liu, Weiyu Ji, Zichao Zhang, and Gang Xiao. Exploring the physical-world adversarial robustness of vehicle detection. Electronics, 12(18):3921, 2023.
  40. Erasmo Notaro. Simulating Malicious Attacks on VANETs for Connected and Autonomous Vehicles. PhD thesis, Politecnico di Torino, 2023.
  41. Dudi Biton, Aditi Misra, Efrat Levy, Jaidip Kotak, Ron Bitton, Roei Schuster, Nicolas Papernot, Yuval Elovici, and Ben Nassi. The adversarial implications of variable-time inference. In Proceedings of the 16th ACM Workshop on Artificial Intelligence and Security, pages 103–114, 2023.
  42. Xuejun Zhao, Wencan Zhang, Xiaokui Xiao, and Brian Lim. Exploiting explanations for model inversion attacks. In Proceedings of the IEEE/CVF international conference on computer vision, pages 682–692, 2021.
  43. European Parliament. General Data Protection Regulation (GDPR). Retrieved from https: //eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679, 2016. [Online, last accessed 20-4-2025].
  44. California Legislative Information. California consumer privacy act (CCPA). 2018. [Online, last accessed 20-4-2025].
  45. Hafiz Syahmi. Privacy and ethical implications of big data utilization in public transportation surveillance. International Journal of Advanced Cybersecurity Systems, Technologies, and Applications, 9(1):1–10, 2025.
  46. Igal Bilik. Comparative analysis of radar and lidar technologies for automotive applications. IEEE Intelligent Transportation Systems Magazine, 15(1):244–269, 2022.
  47. Rhea Mehta and Kavita Jhajharia. Layered distillation training: A study of adversarial attacks and defenses. In 2024 3rd International Conference for Innovation in Technology (INOCON), pages 1–7. IEEE, 2024.
  48. Ning Wang, Yimin Chen, Yang Xiao, Yang Hu, Wenjing Lou, and Y Thomas Hou. Manda: On adversarial example detection for network intrusion detection system. IEEE Transactions on Dependable and Secure Computing, 20(2):1139–1153, 2022.
  49. Ida Mirzadeh, Mohammad Sayad Haghighi, and Alireza Jolfaei. Filtering malicious messages by trust-aware cognitive routing in vehicular ad hoc networks. IEEE Transactions on Intelligent Transportation Systems, 24(1):1134–1143, 2022.
  50. Debasis Kumar and Naveed Muhammad. A survey on localization for autonomous vehicles. IEEE Access, 11:115865–115883, 2023.
  51. B Sasikala and Shubham Sachan. Decoding decision-making: embracing explainable ai for trust and transparency. Exploring the frontiers of artificial intelligence and machine learning technologies, 42, 2024.
  52. Nordine Quadar, Abdellah Chehri, Benoit Debaque, Imran Ahmed, and Gwangil Jeon. Intrusion detection systems in automotive ethernet networks: challenges, opportunities and future research trends. IEEE Internet of Things Magazine, 7(2):62–68, 2024.
  53. Dingwang Wang and Subramaniam Ganesan. Automotive network security. In 2021 IEEE International Conference on Electro Information Technology (EIT), pages 193–196. IEEE, 2021.
  54. KY Prashanth and UM Rohitha. Cryptographic method for secure object segmentation for autonomous driving perception systems. SAE International Journal of Connected and Automated Vehicles, 8(12-08-01-0008), 2025.
  55. Omid Avatefipour and Haroon Malik. State-of-the-art survey on in-vehicle network communication “can-bus” security and vulnerabilities. International Journal of Computer Science and Network, 6(6):1009–1015, 2018.
  56. Claudius Pott, Philipp Jungklass, David Jacek Csejka, Thomas Eisenbarth, and Marco Siebert. Firmware security module: A framework for trusted computing in automotive multiprocessors. Journal of Hardware and Systems Security, 5(2):103–113, 2021.
  57. Saad El Jaouhari and Eric Bouvet. Secure firmware over-the-air updates for iot: Survey, challenges, and discussions. Internet of Things, 18:100508, 2022.
  58. Cynthia Dwork. Differential privacy. In International colloquium on automata, languages, and programming, pages 1–12. Springer, 2006.
  59. Rahul Bhadani. A survey on differential privacy for spatiotemporal data in transportation research. arXiv preprint arXiv:2407.15868, 2024.
  60. Chuan Zhao, Shengnan Zhao, Minghao Zhao, Zhenxiang Chen, Chong-Zhi Gao, Hongwei Li, and Yu-an Tan. Secure multi-party computation: theory, practice and applications. Information Sciences, 476:357–372, 2019.
  61. Chehara Pathmabandu, John Grundy, Mohan Baruwal Chhetri, and Zubair Baig. Privacy for iot: informed consent management in smart buildings. Future Generation Computer Systems, 145:367– 383, 2023.
  62. Badis Hammi, Sherali Zeadally, and Jamel Nebhen. Security threats, countermeasures, and challenges of digital supply chains. ACM Computing Surveys, 55(14s):1–40, 2023.
  63. ISO/SAE. Road vehicles — cybersecurity engineering. International Organization for Standardization, ISO 21434, 2021. Available: https://www.iso.org/standard/70918.html.
  64. UNECE. Regulation on cybersecurity and cybersecurity management system (un regulation no. 155). United Nations Economic Commission for Europe (UNECE), 2021. Available: https://www.unece.org/trans/main/wp29/wp29regs.html.
  65. Jason Carlton. Data Privacy in Connected Vehicle Infotainment Systems: A Comprehensive Framework for Rental Vehicles. PhD thesis, University of Michigan-Dearborn, 2024.