understanding the security of traffic signal
play

Understanding the Security of Traffic Signal Infrastructure Zhenyu - PowerPoint PPT Presentation

Oct 22, 2022 •387 likes •906 views

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

  1. Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

  2. Outline ◮ Introduction ◮ Background ◮ Security Analysis ◮ Attacks and Mitigations ◮ Conclusion Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 2

  3. Outline ◮ Introduction ◮ Background ◮ Security Analysis ◮ Attacks and Mitigations ◮ Conclusion Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 3

  4. Introduction Traffic signal systems have introduced large regional networks and operation centers to help alleviate traffic congestion. ◮ Traditional traffic signal systems use rotating gears and wheels to control the traffic bulbs. - Simple, but lack of flexibility. ◮ Modern traffic signal systems have achieved a efficient control over the vehicle traffic via numerous technologies. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 4

  5. Modern Traffic Signal System source: https://www.orangetraffic.com/product/mtq-traffic-light-distribution-and-control-cabinet/ Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 5

  6. Modern Traffic Signal System source: https://www.orangetraffic.com/product/mtq-traffic-light-distribution-and-control-cabinet/ Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 6

  7. Introduction Is it secure? Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 7

  8. Introduction Is the traffic signal system secure? ◮ Previous research mainly focus on the traffic controller and network vulnerabilities. - [1, 2, 3] ◮ However, traffic signal systems are actually comprised of many components! - E.g., traffic controller, fail-safe systems, surveillance cameras, et, al. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 8

  9. Outline ◮ Introduction ◮ Background ◮ Security Analysis ◮ Attacks and Mitigations ◮ Conclusion Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 9

  10. Roadside Cabinets ◮ A modern traffic signal systems is comprised of many hardware components. ◮ These components are normally placed in a roadside cabinet. ◮ Cabinet standards are applied to the components inside the cabinet. - TS-2 cabinet standard and ITS cabinet standard. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 10

  11. Cabinet Standards ◮ The TS-2 Cabinet Standard was initially commissioned by National Electrical Manufacturers Association (NEMA) in 1998. - A replacement of NEMA TS-1 standard. - Using serial communication to replace hardwired I/O. ◮ The ITS Cabinet Standard is designed to supersede the NEMA TS-2 standard. - Published by American Association of State Highway and Transportation Officials (AASHTO), Institute of Transportation Engineers (ITE), and NEMA. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 11

  12. Cabinet Standards Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 12

  13. Advanced Transportation Controller The Advanced Transportation Controller (ATC) is the core part for a traffic signal control system. ◮ Build upon a Linux kernel with BusyBox. ◮ Directly controls the traffic signals with specific software. ◮ E.g., Intelight Model 2070 ATCs and Siemens Model 60 ATCs. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 13

  14. Fail-safe Components The fail-safe components are used to guarantee that the traffic signals would not turn to a dangerous state even when the ATC is malfunctional. ◮ Malfunction Management Unit (MMU) in TS-2 Standard. ◮ Cabinet Monitor Unit (CMU) in ITS Standard. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 14

  15. Fail-safe Components ATC Controlling MMU Monitoring Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 15

  16. Fail-safe Components ATC Controlling MMU Monitoring Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 16

  17. Fail-safe Components ATC Controlling MMU Monitoring Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 17

  18. Fail-safe Components ATC Controlling MMU Controlling Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 18

  19. Fail-safe Components The conflict status is predefined by Programming Card in MMU and Datakey in CMU. ◮ In Programming Card, the conflict status is defined by soldered wire jumpers. ◮ Datakey is an EEPROM memory device. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 19

  20. MMU Programming Card source: https://www.flickr.com/photos/robklug/5617557995/in/photostream/ Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 20

  21. CMU Datakey source: https://manualzz.com/doc/8353064/888-1212-001-monitorkey-operation-manual Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 21

  22. Outline ◮ Introduction ◮ Background ◮ Security Analysis ◮ Attacks and Mitigations ◮ Conclusion Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 22

  23. Security Analysis ◮ Methodology: Partnering with a municipality in USA. ◮ Analysis Environment: - A standard traffic signal system in our lab. - The traffic signal system lab in the municipality. - The deployed traffic signal system in the municipality. ◮ Devices: - TS-2 cabinets with Siemens Model 60 ATC and EDI MMU-16LE. - ITS cabinets with Intelight Model 2070 ATC and CMU-212. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 23

  24. Security Analysis How to attack the system? Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 24

  25. Security Analysis How to attack the traffic signal system? Step 1 Access the Traffic Signal System Step 2 Control the Traffic Signals Step 3 Bypass Fail-Safe Components Step 4 Hide Yourself Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 25

  26. Security Analysis How to attack the traffic signal system? Step 1 Access the Traffic Signal System Step 2 Control the Traffic Signals Step 3 Bypass Fail-Safe Components Step 4 Hide Yourself Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 26

  27. Physical Access Obstacles for accessing the traffic signal system physically: ◮ Surveillance Camera ◮ Cabinet Lock ◮ Cabinet Door Status Monitoring Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 27

  28. Surveillance Camera According to the municipality officials, ◮ There are 750 vehicle intersections in the municipality. ◮ 275 vehicle intersections are covered by traffic cameras. ◮ More than 60% of the intersections are out of surveillance. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 28

  29. Cabinet Lock According to the cabinet specifications, both TS-2 and ITS cabinets shall be provided with a Corbin #2 key. ◮ However, the Corbin #2 master key is sold online. ◮ The sold key is marked with the ability to open most traffic signal cabinets in the United States. ◮ With $5 USD, we are able to open all cabinets in the municipality lab. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 29

  30. Cabinet Door Status Monitoring In the ITS cabinets, the status of the door can be monitored by the CMU. ◮ ATC send query message to CMU to get the door status. ◮ In real-world deployment, - The door alarm message is saved to log file by ATC. - The log file is forwarded to the municipality every one-to-five minute. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 30

  31. Physical Access Obstacles for accessing the traffic signal system physically: ◮ Surveillance Camera 60% intersections are out of surveillance ◮ Cabinet Lock $5 USD for the master key ◮ Cabinet Door Status Monitoring Non-real-time alarm Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 31

  32. Remote Access ◮ Previous work [3] has shown that the wireless communication network is vulnerable. ◮ We find that the both type of ATCs use default credentials for the SSH and Telnet. - The municipality were not aware of the ability to login to the ATC over SSH. ◮ The public IP addresses of a number of ATCs can be identified on Shodan [4] website. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 32

  33. Security Analysis How to attack the traffic signal system? Step 1 Access the Traffic Signal System Step 2 Control the Traffic Signals Step 3 Bypass Fail-Safe Components Step 4 Hide Yourself Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 33

  34. Control the Traffic Signals With physical access, ◮ The signal pattern can be configured by the control buttons on the front panel. ◮ No authentication is activated in analyzed ATCs. - Access code can be set to control the access, but the partnering municipality didn’t do so. Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and

Understanding the Security of Traffic Signal Infrastructure Zhenyu Ning , Fengwei Zhang, and Stephen Remias COMPASS Lab Wayne State University DIMVA, June 19, 2019 Understanding the Security of Traffic Signal Infrastructure, DIMVA 19 1

952 views • 53 slides
Traffic signal optimization and traffic assignment Traffic signals Traffic signal optimization

Traffic signal optimization and traffic assignment Traffic signals Traffic signal optimization

Dagstuhl, October 2015 Traffic Signals and User Equilibria Martin Strehler , Ekkehard K ohler BTU Cottbus-Senftenberg { martin.strehler,ekkehard.koehler } @b-tu.de Traffic signal optimization and traffic assignment Traffic signals Traffic

577 views • 55 slides
Cultural Resources Collaboration and Innovation Towards Continuous Improvement: Traffic Signal

Cultural Resources Collaboration and Innovation Towards Continuous Improvement: Traffic Signal

Cultural Resources Collaboration and Innovation Towards Continuous Improvement: Traffic Signal Upgrades Memorandum of Understanding Eric Duff State Environmental Administrator At GDOT, we are at our best when faced with a challenge 2017

178 views • 15 slides
this traffic signal will turn green? Why do I want to know when the signal turns green?

this traffic signal will turn green? Why do I want to know when the signal turns green?

How do I know, when this traffic signal will turn green? Why do I want to know when the signal turns green? 28.03.2012 Seminar in Distributed Computing Gianin Basler Introduction Traffic light countdown timer 28.03.2012 Seminar in

801 views • 49 slides
Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs)

Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs)

Integration of Crowdsourced Data into Automated Traffic Signal Performance Measures (ATSPMs) Adventures in Crowdsourcing: Traffic Signal Applications February 27, 2020 Justin R. Effinger, P.E. Lake County PASSAGE ATMS Platform

461 views • 18 slides
Vehicle Traffic Control Signal Heads Light Emitting Diode (LED) Circular Signal Testing What

Vehicle Traffic Control Signal Heads Light Emitting Diode (LED) Circular Signal Testing What

Vehicle Traffic Control Signal Heads Light Emitting Diode (LED) Circular Signal Testing What is an LED? LEDs are more closely related to computer technology than they are to traditional forms of lighting, as an LED is basically a

448 views • 26 slides
Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control

Guidelines for Action Space Definition in Reinforcement Learning-based Traffic Signal Control Systems Maxime Trca, Julian Garbiso, Dominique Barth October 15, 2020 Outline I - Reinforcement Learning Applied to Traffic Signal Control II -

189 views • 16 slides
Project C/CAG TAC Meeting November 21, 2019 Project Scope Implement Traffic Signal Priority

Project C/CAG TAC Meeting November 21, 2019 Project Scope Implement Traffic Signal Priority

SamTrans Traffic Signal Priority Project C/CAG TAC Meeting November 21, 2019 Project Scope Implement Traffic Signal Priority (TSP) for SamTrans buses along El Camino Real in San Mateo County 26 miles corridor between Daly City and Menlo

497 views • 13 slides
Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority

Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority

Samtrans Traffic Signal Priority Project C/CAG TAC Meeting February 15, 2018 Project Scope Implement Traffic Signal Priority (TSP) for Samtrans buses along El Camino Real in San Mateo County 26 miles corridor between Daly City BART and

193 views • 7 slides
SignalGuru: Leveraging Mobile Phones for Collaborative Traffic Signal Schedule Advisory

SignalGuru: Leveraging Mobile Phones for Collaborative Traffic Signal Schedule Advisory

SignalGuru: Leveraging Mobile Phones for Collaborative Traffic Signal Schedule Advisory Written by: Princeton University + MIT Presented by: Pawe Posielny Windshieldmounted (i)Phone GLOSA Traffic signals: + Provide safety -

526 views • 33 slides
Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel

Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel

Understanding a Sites Traffic With Google Analytics UNDERSTANDING GOOGLE ANALYTICS Daniel Stern CODE WHISPERER @danieljackstern Understanding Google Analytics Understanding how it works and when to use it is the first step to

261 views • 15 slides
Traffic Signal Modernization, Oahu, Phase 1 and Kalanianaole Hwy Intersection Improvements at Waa

Traffic Signal Modernization, Oahu, Phase 1 and Kalanianaole Hwy Intersection Improvements at Waa

State of Hawaii, Department of Transportation Traffic Signal Modernization, Oahu, Phase 1 and Kalanianaole Hwy Intersection Improvements at Waa St Community Informational M eeting and Noise Variance Consultation Aina Haina Public Library

686 views • 31 slides
Tennessee Traffic Signal Users Group (TTSUG) 2018 Face-to-Face Meetings Steve Bryan, TTSUG

Tennessee Traffic Signal Users Group (TTSUG) 2018 Face-to-Face Meetings Steve Bryan, TTSUG

Tennessee Traffic Signal Users Group (TTSUG) 2018 Face-to-Face Meetings Steve Bryan, TTSUG Steering Committee Chair Tennessee Traffic Signal Users Group (TTSUG) 2016 Formation TTSUG Formation TDOT, FHWA, and ACEC Partnership Originally

678 views • 35 slides
Multi Modal Intelligent Traffic Signal System Larry Head University of Arizona 1 Connected

Multi Modal Intelligent Traffic Signal System Larry Head University of Arizona 1 Connected

Multi Modal Intelligent Traffic Signal System Larry Head University of Arizona 1 Connected Vehicles and Infrastructure Systems DSRC 5.9 GHz Radio BSM/SRM Signal Phase and Timing (SPaT) MAP Connected Vehicle Vehicle(s)

671 views • 29 slides
Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader Lesson Conclusion Outline

777 views • 36 slides
Air Traffic Management with Big Data Analytics Alessandro Ferreira Leite Understanding why a

Air Traffic Management with Big Data Analytics Alessandro Ferreira Leite Understanding why a

Air Traffic Management with Big Data Analytics Alessandro Ferreira Leite Understanding why a traffic is delayed is a difficult task Historical information Weather Availability of airplanes Concurrent flights .... Data is

957 views • 42 slides
Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29

Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29

Section 8: Smart Home Security & Privacy CSE 484 / CSE M 584 Administrivia May 22 nd May 29 th June 8 th Lab 2 Due HW 3 & Final Project Checkpoint Final Project Due #2 Due Memorial Day Lab 3 Due May 25 th June 5 th The Smart Home

760 views • 31 slides
Hybrid Constraint-Based Bounded Program Verification Michel RUEHER University of Nice

Hybrid Constraint-Based Bounded Program Verification Michel RUEHER University of Nice

Hybrid Constraint-Based Bounded Program Verification Michel RUEHER University of Nice Sophia-Antipolis / I3S CNRS, France Courtesy to Hlne COLLAVIZZA, Nguyen Le VINH and Pascal Van HENTENRYCK June, 2011 ACP Summer School Hybrid

897 views • 65 slides
ADVERTS Minimising distraction from roadside billboards ADVERTS: setting the scene Ingrid van

ADVERTS Minimising distraction from roadside billboards ADVERTS: setting the scene Ingrid van

A ssessing D istraction of V ehicle drivers in E urope from R oadside T echnology-based S ignage ADVERTS Minimising distraction from roadside billboards ADVERTS: setting the scene Ingrid van Schagen, SWOV Institute for Road Safety Research

620 views • 26 slides
Lecture Series - MSG 141 C2-Simula5on Interoperability

Lecture Series - MSG 141 C2-Simula5on Interoperability

Lecture Series - MSG 141 C2-Simula5on Interoperability (C2SIM) LS-141 - C2 to Simulation Interoperability (C2SIM) Slide 1 Ba?le Management Language: History, Areas of

421 views • 39 slides
Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP

Post-Snowden Elliptic Curve Cryptography Patrick Longa Microsoft Research Joppe Bos NXP Semiconductors Craig Costello Microsoft Research Michael Naehrig Microsoft Research June 2013 the Snowden leaks the NSA had written the

671 views • 13 slides
Payment Reform: Expanding the Playing Field NYS Health Foundation Roles for Government and

Payment Reform: Expanding the Playing Field NYS Health Foundation Roles for Government and

Payment Reform: Expanding the Playing Field NYS Health Foundation Roles for Government and Private Purchasers in Payment Reform Dolores L. Mitchell Executive Director, Group Insurance Commission October 30, 2014 Out on a Limb

397 views • 11 slides
Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast

Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast

Efficient Cryptography on the RISC-V Architecture Ko Stoffelen Tl;dr In this talk: Fast AES-128 assembly for RV32I Fast ChaCha20 assembly for RV32I Fast Keccak- f [1600] assembly for RV32I Fast arbitrary-precision integer

421 views • 19 slides
What more can we do with videos? Occlusion and Mo6on

What more can we do with videos? Occlusion and Mo6on

What more can we do with videos? Occlusion and Mo6on Reasoning for Tracking & Human Pose Es6ma6on Karteek Alahari Inria Grenoble

846 views • 47 slides

More recommend