Security analysis for fixed-time traffic control systems

Abstract Wireless communication is being used as an enabling technology with traditional fixed traffic control systems in this transitional era toward Intelligent Transportation Systems (ITS). Unfortunately, major security concerns have arisen with respect to ever-increasing complexity and interconnectivity, and a noticeable lack of attention for security in these systems. Addressing concerns is a colossal challenge as it requires thorough development and formal analysis of a system model with respect to security. To tackle this challenge, we present a novel formal attack modeling and impact analysis methodology based on the Link Queue Model (LQM) of traffic flow inside a double ring road network, which is equivalent to a grid network with homogeneous links. We develop attack models as functions of tampered traffic control settings (e.g., green time ratios, cycle length, retaining ratios) with outputs equivalent to mobility impacts on the traffic network (e.g., time until system reaches state convergence, asymptotic average network flow). Further, for a given attack model, we define and identify vulnerable states: states that are critical to protect because they lead to negative impacts under the given attack model. Using our methodology we found that for certain vulnerable states, after only a few cycles of tampered control settings an attacker could cause a real impact of 1.5x speed-up in gridlock state convergence or 37%-99% drop in the asymptotic average flow rate. These results imply potentially drastic financial costs for cities and all involved drivers if similar attacks were performed on a real traffic control system.

[1]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[2]  Martin Wachs,et al.  Moving Los Angeles: Short-Term Policy Options for Improving Transportation , 2008 .

[3]  G. Teschl Ordinary Differential Equations and Dynamical Systems , 2012 .

[4]  Wen-Long Jin,et al.  Control of a lane-drop bottleneck through variable speed limits , 2013, 1310.2658.

[5]  Ragib Hasan,et al.  Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things , 2015, 2015 IEEE World Congress on Services.

[6]  Yevgeniy Vorobeychik,et al.  Vulnerability of fixed-time control of signalized intersections to cyber-tampering , 2016, 2016 Resilience Week (RWS).

[7]  Carlos F. Daganzo,et al.  THE CELL TRANSMISSION MODEL, PART II: NETWORK TRAFFIC , 1995 .

[8]  Vikash V. Gayah,et al.  Analysis of Traffic Statics and Dynamics in Signalized Networks: A Poincaré Map Approach , 2017, Transp. Sci..

[9]  Wen-Long Jin,et al.  Analysis and design of a variable speed limit control system at a freeway lane-drop bottleneck: A switched systems approach , 2014, 53rd IEEE Conference on Decision and Control.

[10]  Daniel Krajzewicz,et al.  SUMO - Simulation of Urban MObility An Overview , 2011 .

[11]  Vrizlynn L. L. Thing,et al.  Autonomous Vehicle Security: A Taxonomy of Attacks and Defences , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[12]  Alexandre M. Bayen,et al.  Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security , 2016 .

[13]  Fei-Yue Wang,et al.  Data-Driven Intelligent Transportation Systems: A Survey , 2011, IEEE Transactions on Intelligent Transportation Systems.

[14]  Wen-Long Jin,et al.  Mobility and Environment Improvement of Signalized Networks through Vehicle-to-Infrastructure (V2I) Communications , 2016 .

[15]  Y. Sugiyama,et al.  Traffic jams without bottlenecks—experimental evidence for the physical mechanism of the formation of a jam , 2008 .

[16]  Kevin Lee,et al.  Signal Timing Manual , 2015 .

[17]  Zhen Qian,et al.  Traffic State Estimation for Urban Road Networks Using a Link Queue Model , 2017 .

[18]  Srdjan Capkun,et al.  The security and privacy of smart vehicles , 2004, IEEE Security & Privacy Magazine.

[19]  Prashant Anantharaman,et al.  Jumping the Air Gap: Modeling Cyber-Physical Attack Paths in the Internet-of-Things , 2017, CPS-SPC@CCS.

[20]  Alexandre M. Bayen,et al.  ZUbers against ZLyfts Apocalypse: An Analysis Framework for DoS Attacks on Mobility-As-A-Service Systems , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[21]  Toru Nakamura WHITE PAPER, European transport policy for 2010 : time to decide , 2004 .

[22]  F. Webster TRAFFIC SIGNAL SETTINGS , 1958 .

[23]  Saurabh Amin,et al.  Vulnerability of Transportation Networks to Traffic-Signal Tampering , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).

[24]  Alexandre M. Bayen,et al.  On Cybersecurity of Freeway Control Systems: Analysis of Coordinated Ramp Metering Attacks , 2015 .

[25]  William R. McShane,et al.  A review of pedestrian safety models for urban areas in Low and Middle Income Countries , 2016 .

[26]  Yiheng Feng,et al.  Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control , 2018, NDSS.

[27]  Wang,et al.  Review of road traffic control strategies , 2003, Proceedings of the IEEE.

[28]  Pravin Varaiya,et al.  Max pressure control of a network of signalized intersections , 2013 .

[29]  Suhas N. Diggavi,et al.  Sybil Attack Resilient Traffic Networks: A Physics-Based Trust Propagation Approach , 2018, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[30]  J. Alex Halderman,et al.  Green Lights Forever: Analyzing the Security of Traffic Infrastructure , 2014, WOOT.

[31]  Cesar Cerrudo,et al.  An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks , 2015 .

[32]  Wen-Long Jin,et al.  Point queue models: A unified approach , 2014, 1405.7663.

[33]  Mohammad Abdullah Al Faruque,et al.  Exploiting Wireless Channel Randomness to Generate Keys for Automotive Cyber-Physical System Security , 2016, 2016 ACM/IEEE 7th International Conference on Cyber-Physical Systems (ICCPS).