Intersection Management, Cybersecurity, and Local Government: ITS Applications, Critical Issues, and Regulatory Schemes

This article focuses on the cybersecurity issues of intersection management—an element of transportation management systems—for local governments. Until relatively recently, concerns about and research needs for intersection cybersecurity have been largely ignored, and local governments have focused on other types of cyber threats, relying instead on private sector vendors to provide equipment that is safe against attacks. To address the gap in the literature, this article provides a short overview of the types of components used in intelligent transportation systems (ITS) and reviews the critical issues for local governments. Further, it discusses some current efforts to remediate the vulnerabilities in ITS and examines the current regulatory framework. This review of the issues is augmented by an analysis of local government perspectives using the Delphi method. The article concludes with some recommendations

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

In Autonomous Vehicles (AVs), one fundamental pillar is perception, which leverages sensors like cameras and LiDARs (Light Detection and Ranging) to understand the driving environment. Due to its direct impact on road safety, multiple prior efforts have been made to study its the security of perception systems. In contrast to prior work that concentrates on camera-based perception, in this work we perform the first security study of LiDAR-based perception in AV settings, which is highly important but unexplored. We consider LiDAR spoofing attacks as the threat model and set the attack goal as spoofing obstacles close to the front of a victim AV. We find that blindly applying LiDAR spoofing is insufficient to achieve this goal due to the machine learning-based object detection process. Thus, we then explore the possibility of strategically controlling the spoofed attack to fool the machine learning model. We formulate this task as an optimization problem and design modeling methods for the input perturbation function and the objective function. We also identify the inherent limitations of directly solving the problem using optimization and design an algorithm that combines optimization and global sampling, which improves the attack success rates to around 75%. As a case study to understand the attack impact at the AV driving decision level, we construct and evaluate two attack scenarios that may damage road safety and mobility. We also discuss defense directions at the AV system, sensor, and machine learning model levels.Comment: Accepted at the ACM Conference on Computer and Communications Security (CCS), 201

Self-reliant misbehavior detection in V2X networks

The safety and efficiency of vehicular communications rely on the correctness of the data exchanged between vehicles. Location spoofing is a proven and powerful attack against Vehicle-to-everything (V2X) communication systems that can cause traffic congestion and other safety hazards. Recent work also demonstrates practical spoofing attacks that can confuse intelligent transportation systems at road intersections. In this work, we propose two self-reliant schemes at the application layer and the physical layer to detect such misbehaviors. These schemes can be run independently by each vehicle and do not rely on the assumption that the majority of vehicles is honest. We first propose a scheme that uses application-layer plausibility checks as a feature vector for machine learning models. Our results show that this scheme improves the precision of the plausibility checks by over 20% by using them as feature vectors in KNN and SVM classifiers. We also show how to classify different types of known misbehaviors, once they are detected. We then propose three novel physical layer plausibility checks that leverage the received signal strength indicator (RSSI) of basic safety messages (BSMs). These plausibility checks have multi-step mechanisms to improve not only the detection rate, but also to decrease false positives. We comprehensively evaluate the performance of these plausibility checks using the VeReMi dataset (which we enhance along the way) for several types of attacks. We show that the best performing physical layer plausibility check among the three considered achieves an overall detection rate of 83.73% and a precision of 95.91%. The proposed application-layer and physical-layer plausibility checks provide a promising framework toward the deployment of on self-reliant misbehavior detection systems

Cyber Security of Traffic Signal Control Systems with Connected Vehicles

Our world is becoming increasingly connected through smart technologies. The same trend is emerging in transportation systems, wherein connected vehicles (CVs) and transportation infrastructure are being connected through advanced wireless communication technologies. CVs have great potential to improve a variety of mobility applications, including traffic signal control (TSC), a critical component in urban traffic operations. CV-based TSC (CV-TSC) systems use trajectory data to make more informed control decisions, therefore can accommodate real-time traffic fluctuations more efficiently. However, vehicle-infrastructure connectivity opens new doors to potential cyber attacks. Malicious attackers can potentially send falsified trajectory data to CV-TSC systems and influence signal control decisions. The benefit of CV-TSC systems can be realized only if the systems are secure in cyberspace. Although many CV-TSC systems have been developed within the past decade, few consider cyber security in their system design. It remains unclear exactly how vulnerable CV-TSC systems are, how cyber attacks may be perpetrated, and how engineers can mitigate cyber attacks and protect CV-TSC systems. Therefore, this dissertation aims to systematically understand the cyber security problems facing CV-TSC systems under falsified data attacks and provide a countermeasure to safeguard CV-TSC systems. These objectives are accomplished through four studies. The first study evaluates the effects of falsified data attacks on TSC systems. Two TSC systems are considered: a conventional actuated TSC system and an adaptive CV-TSC system. Falsified data attacks are assumed to change the input data to these systems and therefore influence control decisions. Numerical examples show that both systems are vulnerable to falsified data attacks. The second study investigates how falsified data attacks may be perpetrated in a realistic setting. Different from prior research, this study considers a more realistic but challenging black-box attack scenario, in which the signal control model is unavailable to the attacker. Under this constraint, the attacker has to learn the signal control model using a surrogate model. The surrogate model predicts signal timing plans based on critical traffic features extracted from CV data. The attacker can generate falsified CV data (i.e., falsified vehicle trajectories) to alter the values of critical traffic features and thus influence signal control decisions. In the third study, a data-driven method is proposed to protect CV-TSC systems from falsified data attacks. Falsified trajectories are behaviorally distinct from normal trajectories because they must accomplish a certain attack goal; thus, the problem of identifying falsified trajectories is considered an abnormal trajectory identification problem. A trajectory-embedding model is developed to generate vector representations of trajectory data. The similarity (distance) between each pair of trajectories can be computed based on these vector representations. Hierarchical clustering is then applied to identify abnormal (i.e., falsified) trajectories. In the final study, a testing platform is built upon a virtual traffic simulator and real-world transportation infrastructure in Mcity. The testing platform integrates the attack study and defense study in a unified framework and is used to evaluate the real-world impact of cyber attacks on CV-TSC systems and the effectiveness of defense strategies.PHDCivil EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162931/1/edhuang_1.pd

Project BeARCAT : Baselining, Automation and Response for CAV Testbed Cyber Security : Connected Vehicle & Infrastructure Security Assessment

Connected, software-based systems are a driver in advancing the technology of transportation systems. Advanced automated and autonomous vehicles, together with electrification, will help reduce congestion, accidents and emissions. Meanwhile, vehicle manufacturers see advanced technology as enhancing their products in a competitive market. However, as many decades of using home and enterprise computer systems have shown, connectivity allows a system to become a target for criminal intentions. Cyber-based threats to any system are a problem; in transportation, there is the added safety implication of dealing with moving vehicles and the passengers within