th

• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
1

• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
2

• ITS add information and communications technology to
– transportation infrastructure
– Individual and fleet vehicles
– traffic management centers (TMC)
• The Federal Highway Authority
– wanted ITS deployments in 75 major cities
– wanted them in 10 years (from January 2000)
– got what they wanted (over 100 “major” cities so far)
3

• To a civil engineer
• To an electrical engineer
• To a software engineer
4

• Sensors
– cameras (CCTV and VIVDS)
– inductor loops
– RFID antennas and tags
• Computing and Output Displays
– traffic lights
– dynamic message signs (DMS)
– servers, PCs, and laptops
5

• Software Applications Used by the Public
– travel times
– flow management
– passive (informational) mapping
• Software Applications Used by the TMCs
– incident management
– data archiving
– active (controller) mapping
• Plenty More on Both Sides
6

• Intelligent Transportation Systems: A Primer
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
7

• Communication between systems are generally proprietary
• Some standards exist under NTCIP (National Transportation
Communications for ITS Protocol)
– DMS sign communication
– CCTV camera high-level control
– C2C applications
• Many NTCIP protocols use XML and HTTP-like communication
8

• National Transportation Communications for ITS Protocol (NTCIP)
– Comprised of working groups to standardize protocols
– Both hardware and software protocols
– Working body for message format and markup
• Standardization
– Goal of NTCIP working groups is to get work ratified
– Protocols tend to be request or request-response
– Messages use simple proprietary markups
• Now tend to use XML
9

• [128][30][2][TRAVEL TIME TO][LF][CULEBRA RD]
[LF][5-7 MINUTES][EL]
• Not self-describing
• Request-only protocol
• No security built into the schema
10

• [1] [30][2] [LEFT LANE CLOSED] [LF] [NEXT TWO MILES]
[LF] [CHANGE LANES] [EL]
• Attack only works per sign
• Physical access control limits value of attack
• Proprietary manufacturer’s hardware prevents “scalability”
11

• <xml><token>A39F7ED2</token><message><mfr>Gideon
</mfr><dms>[1][30][2][LEFT LANE CLOSED][LF][NEXT
TWO MILES][LF][CHANGE LANES][EL]</dms></mfr>
</message></xml>
• Application layer generally builds in security
— authentication — authorization
• Attacks scale to a facility, city, or (soon) a state
• Is the attack too “expensive” to be worth it?
— encryption
12

• Passive Informational Mapping
– traffic data
– lane closures
– weather sensor information
• Active Control
– TMS Map and main GUI
– CCTV Camera control
– DMS and LCS control
– Police/EMS deployment
13

• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
• Conclusions
14

• Currently, ITS is mainly infrastructure-driven
– CCTV cameras deployed on road
– DMS and LCS over highways
– inductor loops in ground
– TMC centers as centralized hub
• Move ITS to be vehicle-driven
– vehicle as mobile all-in-one sensor
– cell phone or in-vehicle-navigation system as TMC
– wireless communication to transmit data for analysis
15

• Automated Vehicle Location systems
– geopositional systems (GPS)
– inertia navigation systems (INS)
– cell-phone positioning systems
• Convergent technologies in use today
– Smart parking (Japan, San Francisco)
– City transit and school buses
– Police department and EMS vehicles
– FedEx and UPS
16

• Probe data standards
– SAE J1939 (heavy-duty vehicles)
– SAE J1979 (“regular” vehicles)
• (a) Probe data is carried on CANbus
• (b) An onboard unit extracts and send probe/GPS data to a roadside unit
• (c) Roadside unit packages all messages to an ITS message for TMC
• (d) TMC accepts the data from roadside units for processing
• (e) Other applications compute relevant information for end user
— mapping — travel times — data archiving — env. systems
• (f) Users get updates on internal screen display
17

• Integrated heavy-duty vehicle probe data into Texas Department of
Transportation fleet vehicles
• Incorporated the system into commercial fleet management for sparse system deployments (truck stops) in Texas
• Applied automated vehicle location technology for municipal heavy-duty vehicles in Florida
• More advanced and expensive technologies and routing algorithms in use
– shipping companies
– large department stores
– police and emergency vehicles
18

• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Challenges and Security Primitives
• Conclusions
19

• Federal Highway Administration (FHWA) Initiative
– fostering software and engineering research
– applications research and development
• Directly links road vehicles to their physical surroundings
– improve safety and efficiency
– Vehicle-to-infrastructure (V2I) communication
– later, vehicle-to-vehicle (V2V) communication
20

• Safety
– On US highways (2006):
• Nearly 43,000 fatalities, 3 million injuries
• Over $230 billion cost to society
• Efficiency
– Traffic jams waste time and fuel
– In 2007, American drivers lost over four billion hours and six billion gallons of fuel due to heavy traffic congestion
• Profit
– Safety features and high-tech devices have become product differentiators
21

• Inexpensive to deploy and more accurate
• Security and privacy issues abound
• What are the consequences of opting out?
RSU
TMC
22

• Ubiquity and utility of V2I communication make them targets for attack
• Attacks may have deadly consequences
• VII working group
– Over one hundred VII applications
– Zero for security
23

• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Conclusions
24

• Greedy drivers
• Snoops
• Pranksters
• Industrial insiders
• Malicious attackers
25

• Distributed Denial of Service (DDoS)
– Attempts to overwhelm network
– Dangerous if users rely on the service
• Message Suppression Attacks
– Drop congestion alerts
• Fabrication
– Lie about congestion ahead or lie about identity
• Alteration Attacks
– Replay transmissions to simulate congestion
26

• Each vehicle should only have one identity
– Prevents spoofed congestion or platoon rerouting
– Allows use of external mechanisms for emergency vehicles
• Drivers value their privacy
– Legal requirements vary from country to country
– …and from state to state
– …and from city to city
27

• Applications will require real-time responses
– Increases vulnerability to DDoS
– Unreliable communication medium, like the “old days”
• Key distribution: Manufacturers or Government
– Manufacturers requires cooperation, interoperability, user’s trust
– Government: Handled at the state level; also requires cooperation and interoperability
28

• Initially, only a small number of vehicles will have access
– Limited support deployment of infrastructure
• Low tolerance for errors implies strong need for resiliency
– With so many cars, even if the application works 99.99999% of the time, it likely will fail on a car in motion
– Life-and-death applications must be resilient to this
– Focus on prevention, rather than detection and recovery
– Safety-related apps may not have margin for driver reaction time
29

• Prevents attacks
– Attackers on road cannot spoof vehicles
– Attackers cannot modify messages to simulate congestion
• Alternately, use entanglement
– Each vehicle broadcasts its ID and which vehicles it has passed
– Establishes relative ordering
– Evaluates report consistency using aggregation
30

• May only need to deliver content to any vehicle, rather than a specific one
– Authenticate to anonymization service with permanent ID
– Anonymization service can issue a temporary ID
• Example environments: toll roads, border facilities
– Controlled entrance and exit points
– All IDs are issued temporarily by the same authorit
31

• Secure Aggregation
– Count vehicles to report congestion
– Disregard outliers
• Key Establishment
– Session keys for vehicle platooning
– Session keys for automatic cruise control
• Message Authentication and Expiration
– Prevent replay attacks
– Prevent Sybil attacks
32

• Intelligent Transportation Systems: A Primer
• Vehicle Infrastructure Communication Standards
• Embedded Commercial Fleet Vehicle Technology
• Vehicle Infrastructure Initiative
• Challenges and Security Primitives
33

• ITS systems add information and communications technology to transportation infrastructure, individual and fleet vehicles, and TMCs
• ITS systems are distributed in nature, with internal and public-facing access points, and as demand grows, so does the attack surface area
• ITS and online vehicle infrastructure have security/privacy vulnerabilities
• Weaknesses in common with other web services and apps
• Unique weaknesses related to vehicular networks
• Potentially fatal losses due to insecure applications
34

• Vehicle networks exist today and are moving from
– Fleet vehicles using proprietary and custom units
– Individuals’ vehicles using inexpensive, mass-produced on-board units
• Adversaries and attacks are rampant
— authentication — authorization
— availability — key management
— privacy
—initialization
• Security primitives exist and when applied can prevent attacks
– VII working group does not build security into standards
– Building security in early will prevent serious and possibly fatal attacks
35

36