TY - GEN
T1 - Application level attacks on connected vehicle protocols
AU - Abdo, Ahmed
AU - Malek, Sakib Md Bin
AU - Qian, Zhiyun
AU - Zhu, Qi
AU - Barth, Matthew
AU - Abu-Ghazaleh, Nael
N1 - Funding Information:
This material is partially supported by the National Science Foundation (NSF) grant CNS-1646641 (CNS-1839511) and CNS-1724341. It is also partially supported by UC Lab Fees grant LFR-18-548554. All opinions and statements reported here represent those of the authors.
Publisher Copyright:
© 2019 RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Connected vehicles (CV) applications are an emerging new technology that promises to revolutionize transportation systems. CV applications can improve safety, efficiency, and capacity of transportation systems while reducing their environmental footprints. A large number of CV applications have been proposed towards these goals, with the US Department of Transportation (US DOT) recently initiating three deployment sites. Unfortunately, the security of these protocols has not been considered carefully, and due to the fact that they affect the control of vehicles, vulnerabilities can lead to breakdowns in safety (causing accidents), performance (causing congestion and reducing capacity), or fairness (vehicles cheating the intersection management system). In this paper, we perform a detailed analysis of a recently published CV-based application protocol, Cooperative Adaptive Cruise Control (CACC), and use this analysis to classify the types of vulnerabilities that occur in the context of connected Cyber-physical systems such as CV. We show using simulations that these attacks can be extremely dangerous: we illustrate attacks that cause crashes or stall emergency vehicles. We also carry out a more systematic analysis of the impact of the attacks showing that even an individual attacker can have substantial effects on traffic flow and safety even in the presence of message security standard developed by US DOT. We believe that these attacks can be carried over to other CV applications if they are not carefully designed. The paper also explores a defense framework to mitigate these classes of vulnerabilities in CV applications.
AB - Connected vehicles (CV) applications are an emerging new technology that promises to revolutionize transportation systems. CV applications can improve safety, efficiency, and capacity of transportation systems while reducing their environmental footprints. A large number of CV applications have been proposed towards these goals, with the US Department of Transportation (US DOT) recently initiating three deployment sites. Unfortunately, the security of these protocols has not been considered carefully, and due to the fact that they affect the control of vehicles, vulnerabilities can lead to breakdowns in safety (causing accidents), performance (causing congestion and reducing capacity), or fairness (vehicles cheating the intersection management system). In this paper, we perform a detailed analysis of a recently published CV-based application protocol, Cooperative Adaptive Cruise Control (CACC), and use this analysis to classify the types of vulnerabilities that occur in the context of connected Cyber-physical systems such as CV. We show using simulations that these attacks can be extremely dangerous: we illustrate attacks that cause crashes or stall emergency vehicles. We also carry out a more systematic analysis of the impact of the attacks showing that even an individual attacker can have substantial effects on traffic flow and safety even in the presence of message security standard developed by US DOT. We believe that these attacks can be carried over to other CV applications if they are not carefully designed. The paper also explores a defense framework to mitigate these classes of vulnerabilities in CV applications.
UR - http://www.scopus.com/inward/record.url?scp=85103438630&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85103438630&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85103438630
T3 - RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
SP - 459
EP - 471
BT - RAID 2019 Proceedings - 22nd International Symposium on Research in Attacks, Intrusions and Defenses
PB - USENIX Association
T2 - 22nd International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2019
Y2 - 23 September 2019 through 25 September 2019
ER -