Security Analysis of CV-based Traffic Control System

Time

May 2017 – August 2017

Related publications

  • Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, and Henry X. Liu, One Car to Block Them All: Exposing Congestion Attack on CV-based Traffic Signal Control, To appear in The Network and Distributed System Security Symposium 2018 (NDSS’ 2018), San Diego, United States, February 2018
  • Qi Alfred Chen, Yucheng Yin, Yiheng Feng, Z. Morley Mao, and Henry X. Liu: Exposing Falsified Data Attacks on CV-based Traffic Signal Control, Poster in 26th USENIX Security Symposium (USENIX Security’17), Vancouver, BC, Canada, August 2017

Summary

I worked with Prof. Z. Morley Mao and her Ph.D. student, Qi Alfred Chen at University of Michigan, on a project called “Security Analysis of Connected Vehicle (CV) based Traffic Control System”. In this project, we performed the first detailed security analysis of one representative next-generation CV-based transportation system chosen by USDOT called Intelligent Traffic Signal System (I-SIG). Our overall goal is to try to exploit the vulnerabilities of the system (especially, causing congestion on the road) through sending only one vehicle’s spoofed message. Our related paper “One Car to Block Them All: Exposing Congestion Attack on CV-based Traffic Signal Control” has been accepted by NDSS 2018 and our related poster has been accepted by USENIX Security’17.

Background

  • The development of Connected Vehicle (CV) technology
    • Improve transportation mobility efficiency
    • Come with cyber attack
  • Target one USDOT sponsored CV-based traffic control system
    • Multi-Modal Intelligent Traffic Safety System (MMITSS)
    • CV data spoofing with one single attack car屏幕快照 2017-08-28 20.01.36.png
  • Security analysis of the CV-based traffic control system
    • Congestion (attack highly effective, focus of this paper)
    • Personal Gain (not included, more efforts and time needed)
    • Safety (not included, more efforts and time)

      屏幕快照 2017-08-27 21.46.32.png
      The blocking effect of congestion attack
  • Vulnerability analysis
    • Brute force attack (try all data spoofing options)
    • Analyze high effective cases and design attack strategy (limitations of computation power)
    • Construct practical exploits and evaluate under real-world situations

      屏幕快照 2017-08-28 20.06.39.png
      Example of an arrival table

Details

NDSS submission contribution

  • Implement an attack from the pedestrian app (not included)
  • Brute force result analysis
    • Small-scale analysis (70 cases) (2-stage, 5-stage; full, transition)
    • Standard analysis (~900 cases) (2-stage, 5-stage; full, transition)
  • Exploit implementation
    • Congestion (2-stage, 5-stage; full, transition)
    • Personal Gain (2-stage, 5-stage; full, transition) (not included)
  • Experiment setup and post result analysis
    • Setup experiment environment
    • Post result analysis
  • All parts implemented in C++

屏幕快照 2017-08-26 21.36.05.png     屏幕快照 2017-08-26 21.38.31.png

Attack from the pedestrian app (not included)

  • Attacker side
    • Receive ped map from MMITSS ped map broadcast
    • Bypass error check
    • Send a phase No. to PedRequestServer
  • RSU (Road-Side Unit) side
    • Receive ped request phase
    • Send it to controller

图片 1.png

Brute force result analysis

  • Brute force attack implemented by Alfred
  • Evaluate brute force attack effect
  • Congestion
    • For each snapshot, total travel time Increases
    • 2-stage, 5-stage
    • Full deployment, transition period (EVLS)
  • Personal gain (not included)
    • For each vehicle, travel time decreases
    • 2-stage, 5-stage
    • Full deployment, transition period (EVLS)

      屏幕快照 2017-08-26 22.15.43.png
      Brute force analysis example (congestion)

Exploit Implementation

  1. Design strategy
  2. Code implementation
  3. Attack evaluation (strategic attack analysis; comparison with brute force)
  4. Repeat step 1-3 to iteratively improve the strategy
屏幕快照 2017-08-26 22.30.50.png
Strategy design example
屏幕快照 2017-08-26 22.34.44.png
Strategy attack evaluation example

屏幕快照 2017-08-26 22.35.06.png

Experiment setup

图片 2.png

Experiment post result analysis

Congestion time increases example

Attack total vehicle #: 3888
Total delay w/o attack: 104365
Delay time inc. (abs): 253830
Delay time inc. (%): 243.2

Per vehicle analysis example屏幕快照 2017-08-27 00.12.53.png

Future work

  • Personal gain, safety analysis
  • Combine pedestrian calls into whole system
  • Defense directions based on the analysis
    • Robust algorithm design for the transition period
    • Performance improvement for RSUs
    • Data spoofing detection using infrastructure-controlled sensor

Related code

You can contact me if you want to see the actual implementation. I can add you to the private Github repo.