Application level attacks on connected vehicle protocols

Ahmed Abdo, Sakib Md Bin Malek, Zhiyun Qian, Qi Zhu, Matthew Barth, Nael Abu-Ghazaleh

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Connected vehicles (CV) applications are an emerging new technology that promises to revolutionize transportation systems. CV applications can improve safety, efficiency, and capacity of transportation systems while reducing their environmental footprints. A large number of CV applications have been proposed towards these goals, with the US Department of Transportation (US DOT) recently initiating three deployment sites. Unfortunately, the security of these protocols has not been considered carefully, and due to the fact that they affect the control of vehicles, vulnerabilities can lead to breakdowns in safety (causing accidents), performance (causing congestion and reducing capacity), or fairness (vehicles cheating the intersection management system). In this paper, we perform a detailed analysis of a recently published CV-based application protocol, Cooperative Adaptive Cruise Control (CACC), and use this analysis to classify the types of vulnerabilities that occur in the context of connected Cyber-physical systems such as CV. We show using simulations that these attacks can be extremely dangerous: we illustrate attacks that cause crashes or stall emergency vehicles. We also carry out a more systematic analysis of the impact of the attacks showing that even an individual attacker can have substantial effects on traffic flow and safety even in the presence of message security standard developed by US DOT. We believe that these attacks can be carried over to other CV applications if they are not carefully designed. The paper also explores a defense framework to mitigate these classes of vulnerabilities in CV applications.

Original languageEnglish (US)
Title of host publicationRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
PublisherUSENIX Association
Pages459-471
Number of pages13
ISBN (Electronic)9781939133076
StatePublished - 2019
Event22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019 - Beijing, China
Duration: Sep 23 2019Sep 25 2019

Publication series

NameRAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses

Conference

Conference22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019
CountryChina
CityBeijing
Period9/23/199/25/19

ASJC Scopus subject areas

  • Computer Science(all)
  • Safety, Risk, Reliability and Quality
  • Law
  • Safety Research

Fingerprint Dive into the research topics of 'Application level attacks on connected vehicle protocols'. Together they form a unique fingerprint.

Cite this