Vulnerability of Transportation Networks to Traffic-Signal Tampering

Lászka, Áron; Potteiger, Bradley; Vorobeychik, Yevgeniy; Koutsoukos, Xenofon; Amin, Saurabh

doi:10.1109/iccps.2016.7479122

Cited by 54 publications

(48 citation statements)

References 14 publications

(19 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Prior to our study, very few studies explored the security problems in the traffic control algorithms. Laszka et al performed a theoretical analysis to estimate the potential congestion an attacker can create assuming that she can arbitrarily compromise multiple signal controllers [30]. A follow-up study was then performed for the same attack goal but with a weak assumption, in which the attacker can only compromise the sensors that collects traffic flow information [26].…”

Section: Related Workmentioning

confidence: 99%

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Chen

Yu-cheng²,

Feng

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Abstract-Connected vehicle (CV) technology will soon transform today's transportation systems by connecting vehicles and the transportation infrastructure through wireless communication. Having demonstrated the potential to greatly improve transportation mobility efficiency, such dramatically increased connectivity also opens a new door for cyber attacks. In this work, we perform the first detailed security analysis of the nextgeneration CV-based transportation systems. As a first step, we target the USDOT (U.S. Department of Transportation) sponsored CV-based traffic control system, which has been tested and shown high effectiveness in real road intersections. In the analysis, we target a realistic threat, namely CV data spoofing from one single attack vehicle, with the attack goal of creating traffic congestion.We first analyze the system design and identify data spoofing strategies that can potentially influence the traffic control. Based on the strategies, we perform vulnerability analysis by exhaustively trying all the data spoofing options for these strategies to understand the upper bound of the attack effectiveness. For the highly effective cases, we analyze the causes and find that the current signal control algorithm design and implementation choices are highly vulnerable to data spoofing attacks from even a single attack vehicle. These vulnerabilities can be exploited to completely reverse the benefit of the CV-based signal control system by causing the traffic mobility to be 23.4% worse than that without adopting such system. We then construct practical exploits and evaluate them under real-world intersection settings. The evaluation results are consistent with our vulnerability analysis, and we find that the attacks can even cause a blocking effect to jam an entire approach. In the jamming period, 22% of the vehicles need to spend over 7 minutes for an original halfminute trip, which is 14 times higher. We also discuss defense directions leveraging the insights from our analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Chen

Yu-cheng²,

Feng

et al. 2018

Proceedings 2018 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…2) Transportation Network: We use the Grid model with Random Edges (GRE) to generate a random network topology [10], which closely resembles real-world transportation networks. 6 For a detailed description of this model, we refer the reader to [10], [11]. We use Daganzo's cell transmission model to simulate traffic flowing through the generated network [8], computing the turn decisions of the vehicles based on a linear program that minimizes total travel time [12].…”

Section: Numerical Resultsmentioning

confidence: 99%

“…https://www.epa.gov/water-research/epanet4 We set these to zero to model existing deployment since we are interested in how to invest in improving security and resilience 5. We set this to zero so that there always exists a feasible deployment 6. We instantiated the model with W = 5, L = 5, p = 0.507, and q = 0.2761 based on[10].…”

mentioning

confidence: 99%

Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening

Lászka¹,

Abbas²,

Vorobeychik³

et al. 2018

2018 IEEE International Conference on Industrial Internet (ICII)

Self Cite

View full text Add to dashboard Cite

As the Industrial Internet of Things (IIot) becomes more prevalent in critical application domains, ensuring security and resilience in the face of cyber-attacks is becoming an issue of paramount importance. Cyber-attacks against critical infrastructures, for example, against smart water-distribution and transportation systems, pose serious threats to public health and safety. Owing to the severity of these threats, a variety of security techniques are available. However, no single technique can address the whole spectrum of cyber-attacks that may be launched by a determined and resourceful attacker. In light of this, we consider a multi-pronged approach for designing secure and resilient IIoT systems, which integrates redundancy, diversity, and hardening techniques. We introduce a framework for quantifying cyber-security risks and optimizing IIoT design by determining security investments in redundancy, diversity, and hardening. To demonstrate the applicability of our framework, we present two case studies in water distribution and transportation systems. Our numerical evaluation shows that integrating redundancy, diversity, and hardening can lead to reduced security risk at the same cost.

show abstract

“…Specific examples that have been already developed include: (1) Resilient observation selection where a Gaussian process regression model is used to determine sensor locations that are resilient to DoS attacks [4] and (2) resilient traffic signal configuration to minimize the congestion impact of tampering attacks [5]. Fig.…”

Section: Discussionmentioning

confidence: 99%

Demo Abstract: SURE: An Experimentation and Evaluation Testbed for CPS Security and Resilience

Neema

Völgyesi

Potteiger

et al. 2016

2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS)

Self Cite

View full text Add to dashboard Cite

In-depth consideration and evaluation of security and resilience is necessary for developing the scientific foundations and technology of Cyber-Physical Systems (CPS). In this demonstration, we present SURE [1], a CPS experimentation and evaluation testbed for security and resilience focusing on transportation networks. The testbed includes (1) a heterogeneous modeling and simulation integration platform, (2) a Web-based tool for modeling CPS in adversarial environments, and (3) a framework for evaluating resilience using attacker-defender games. Users such as CPS designers and operators can interact with the testbed to evaluate monitoring and control schemes that include sensor placement and traffic signal configuration. I. SUMMARYThe fundamental feature of the SURE testbed is to support design and evaluation of networked CPS focusing on security and resilience in the presence of cyber attacks. The testbed integrates (1) a modeling and simulation integration platform called Command-and-Control Wind Tunnel (C2WT) [2] and a web-based collaborative (meta) modeling tool called WebGME [3]. Although the testbed can be customized for different applications and evaluation of various algorithms, this demonstration focuses on urban transportation networks and evaluation of resilient monitoring and control using attackerdefender games.C2WT is a model-based integration framework for heterogeneous and distributed simulations and supports rapid design, synthesis, and evaluation of distributed simulations. In this testbed, C2WT provides an integration framework for the SUMO traffic simulation [6] and the OMNeT++ network simulator [7]. WebGME [3] is a novel, web-and cloud-based collaborative, scalable, and extensible (meta) modeling tool developed recently at our institute. It supports the design of Domain-Specific Modeling Languages as well as creation of corresponding domain models. It also provides a fine-grained version control of models. All design and evaluation tasks require only a web-browser.

show abstract

Vulnerability of Transportation Networks to Traffic-Signal Tampering

Cited by 54 publications

References 14 publications

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control

Synergistic Security for the Industrial Internet of Things: Integrating Redundancy, Diversity, and Hardening

Demo Abstract: SURE: An Experimentation and Evaluation Testbed for CPS Security and Resilience

Contact Info

Product

Resources

About