Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio

Ca(r)veat Emptor: Crowdsourcing Data to Challenge the Testimony of In-Car Technology

This Article addresses the situation in which a car acts as a witness against its human driver in a court of law. This possibility has become a reality due to technology embedded in modern-day vehicles that captures data prior to a crash event. The authors contend that it is becoming increasingly difficult for drivers to defend themselves in a meaningful way against the testimony of cars and suggest that crowdsourcing data could be a viable option for assessing the trustworthiness of such evidence. The Article further explores whether crowdsourced data could be used as an additional source of information in the fact-finding process and if such data could provide a counterbalance to the prevailing tendency to fault human drivers rather than their vehicles or the manufactures of their vehicles. The practical importance of this issue in the age of driving automation is highlighted, and lawyers, judges, and lawmakers are urged to remain open-minded regarding the use of this new strategy

Zero Knowledge Arguments for Verifiable Sampling

International audienceIn privacy-preserving machine learning, it is less obvious to verify correct behavior of participants because they are not supposed to reveal their inputs in cleartext to other participants. It is hence important to make federated machine learning robust against data poisoning and related attacks. While input data can be related to a distributed ledger (blockchain), a less studied input is formed by the random sampling parties perform. In this paper, we describe strategies based on zero knowledge proofs to allow parties to prove they perform sampling (and other computations) correctly. We sketch a number of alternative ways to implement our idea and provide some preliminary experimental results

Adapting Future Vehicle Technologies for Smart Traffic Control Systems

Traffic control systems are imperative to the everyday function and quality of life for society. The current methods, such as; SCATS, SCOOT and InSync, provide this solution, but with limited flexibility. With the advances in context-aware technologies and wireless vehicular communication as discussed by Maglaras, and the rise of the Internet of Things allowing inexpensive networking of devices current technologies are becoming rapidly outdated. Some examples of such vehicle technologies are discussed in recent studies, namely, social internet of vehicles, and wireless sensing technologies. As the smart city landscape develops, some of these technological advances can be adapted into smart traffic control systems, improving the transport efficiency throughout the road network, while reducing levels of traffic congestion, amount of air pollution, improving quality of life. Although air pollution can be somewhat mitigated with technologies like Stop-Start, Hybrid or Electric, traffic congestion still has negative effect on the quality of life for the drivers, as well as the residence in the affected areas. As it has been outlined before by Glaesar, reducing traffic congestion remains a crucial goal of these future vehicle technologies. Addressing the traffic congestion problem, this chapter reviews existing technologies and future vehicle concepts that can be a good starting point for future studies of implementing a Smart Traffic Control System (STCS), starting by looking at the importance of STCSs, reviewing existing technologies in use with a focus on the most common, and identifying their shortcomings. Afterward, three potential vehicular technologies; V2X (Vehicle-to-X) communication, vehicle cloud computing (VCC) and vehicle social networks (VSNs) , will be reviewed based on previous works, with their applicability in STCSs based on potential efficiency, security and privacy aspects

Cyber Security of Traffic Signal Control Systems with Connected Vehicles

Our world is becoming increasingly connected through smart technologies. The same trend is emerging in transportation systems, wherein connected vehicles (CVs) and transportation infrastructure are being connected through advanced wireless communication technologies. CVs have great potential to improve a variety of mobility applications, including traffic signal control (TSC), a critical component in urban traffic operations. CV-based TSC (CV-TSC) systems use trajectory data to make more informed control decisions, therefore can accommodate real-time traffic fluctuations more efficiently. However, vehicle-infrastructure connectivity opens new doors to potential cyber attacks. Malicious attackers can potentially send falsified trajectory data to CV-TSC systems and influence signal control decisions. The benefit of CV-TSC systems can be realized only if the systems are secure in cyberspace. Although many CV-TSC systems have been developed within the past decade, few consider cyber security in their system design. It remains unclear exactly how vulnerable CV-TSC systems are, how cyber attacks may be perpetrated, and how engineers can mitigate cyber attacks and protect CV-TSC systems. Therefore, this dissertation aims to systematically understand the cyber security problems facing CV-TSC systems under falsified data attacks and provide a countermeasure to safeguard CV-TSC systems. These objectives are accomplished through four studies. The first study evaluates the effects of falsified data attacks on TSC systems. Two TSC systems are considered: a conventional actuated TSC system and an adaptive CV-TSC system. Falsified data attacks are assumed to change the input data to these systems and therefore influence control decisions. Numerical examples show that both systems are vulnerable to falsified data attacks. The second study investigates how falsified data attacks may be perpetrated in a realistic setting. Different from prior research, this study considers a more realistic but challenging black-box attack scenario, in which the signal control model is unavailable to the attacker. Under this constraint, the attacker has to learn the signal control model using a surrogate model. The surrogate model predicts signal timing plans based on critical traffic features extracted from CV data. The attacker can generate falsified CV data (i.e., falsified vehicle trajectories) to alter the values of critical traffic features and thus influence signal control decisions. In the third study, a data-driven method is proposed to protect CV-TSC systems from falsified data attacks. Falsified trajectories are behaviorally distinct from normal trajectories because they must accomplish a certain attack goal; thus, the problem of identifying falsified trajectories is considered an abnormal trajectory identification problem. A trajectory-embedding model is developed to generate vector representations of trajectory data. The similarity (distance) between each pair of trajectories can be computed based on these vector representations. Hierarchical clustering is then applied to identify abnormal (i.e., falsified) trajectories. In the final study, a testing platform is built upon a virtual traffic simulator and real-world transportation infrastructure in Mcity. The testing platform integrates the attack study and defense study in a unified framework and is used to evaluate the real-world impact of cyber attacks on CV-TSC systems and the effectiveness of defense strategies.PHDCivil EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162931/1/edhuang_1.pd