Complex Networks: Computer Security of Intelligent Transportation Systems

Emerging Intelligent Transportation Systems (ITS’s) are vulnerable to a number of computer security attacks. Unfortunately, security concerns are addressed neither during the research phase, nor during product design, but rather at the end of product development. Waiting to secure the system until this late phase increases development costs and diminishes the effectiveness of the controls. CISR has assessed the vulnerabilities in emergent in-vehicle ITS’s. We are now developing controls and processes to mitigate the exposure of future ITS’s to malicious attacks. When possible these are borrowed from existing computer security techniques; however, the unique nature of ITS’s requires the development of a number of novel approaches.

Our vulnerability assessment concluded that ITS’s present serious threats to security, to an extent greater than previously described. The scope of vulnerable applications extends beyond control functions to include perception enhancement functions and telematics applications. Ironically, intelligent transportation systems can be exploited to cause “intelligent” collisions with severe consequences.

Securing the system infrastructure presents a number of unique challenges. For example, CISR has explored the issues in securing inter-vehicle communication (IVC) networks. The networks are a sub-class of mobile ad hoc networks (MANETs). They have no fixed infrastructure and instead rely on the mobile nodes themselves to provide network functionality. However, due to mobility constraints, driver behavior, and high mobility, IVC networks exhibit characteristics that are dramatically different than those of many generic MANETs studied so far. CISR has explored these differences through simulations and mathematical models, investigated the security implications, and proscribed ITS-specific controls to mitigate new exposures.