UC Irvine

Massive deployment of embedded systems including various sensors, on-board and road-side computing units, wireless communication among vehicles and infrastructure via enabling technology of the Internet of Things (IoT), and intelligent algorithms are changing the transportation sector, leading to novel systems known as Intelligent Transportation Systems (ITS). However, with these newer technologies come unforeseen safety and security concerns. Research has shown that effects of attacks on the peripherals or the Electronic Controller Units (ECUs) in modern vehicles may cause congestion, but more importantly endanger passengers and passersby. An attack vector on one component/subsystem of an ITS will tend to lead to effects on other components/subsystems due to the connectivity between them. In 2014, a whopping 15000+ existing wireless devices (sensors and controller) deployed across 45 U.S. states and 10 countries were found to be potentially vulnerable to exploits that could lead to remote modifications of traffic timing control. The situation will be exacerbated in the future with the increase in autonomy level and the reliance on sensors and communications.

In spite of the recent interest and importance of ITS security, there have been few efforts to consolidate, structure, and unify this large body of research. There has also been an increasing divergence between academic research and industrial practice in the area, each of which has evolved independently with little interaction and in some cases with little understanding of the assumptions, issues, trade-offs, and scales considered by the other. In addition to a lack of a clear consolidation and summary of related ITS security works, research on modeling/analysis tools for ITS security is also lacking.

For these reasons, this dissertation tackles these challenges by providing 1) a consolidation in ITS security research in terms of both V2X and IoT aspects (with a focus on battery systems) and 2) two methodologies to model and analyze the performance of ITS under attacks. Both methodologies are designed to be standalone open-sourced tools that ITS designers, engineers, and researchers may utilize to promote the growth of ITS security The first methodology focuses on modeling attacks and analyzing their impacts on vulnerable connected Fixed-Time Traffic Signal Control Systems. The second methodology is presented hand-in-hand with an attack taxonomy that focuses on a more advanced ITS system use-case called Vehicular Communication (V2X) Advisory Speed Limit Control (ASL) and involves the study of various attack types on different components of the ITS.