Professional Documents
Culture Documents
net/publication/324690407
CITATIONS READS
5 1,299
4 authors, including:
Kevin Heaslip
Virginia Polytechnic Institute and State University
90 PUBLICATIONS 635 CITATIONS
SEE PROFILE
Some of the authors of this publication are also working on these related projects:
All content following this page was uploaded by Kaveh B. Kelarestaghi on 08 March 2019.
VEHICLE SECURITY:
RISK ASSESSMENT IN TRANSPORTATION
Kaveh Bakhsh Kelarestaghi, Mahsa Foruhandeh, Kevin Heaslip, Ryan Gerdes
I N the Wired article that broke the hacking of a Jeep an intelligent vehicle is placed into the vulnerable vehicular ad
Cherokee, researcher Charlie Miller was quoted as saying, hoc network. An adversary can gain access to the in-vehicle
“When you lose faith that a car will do what you tell it to do, it network and be rewarded by ample access to the vehicle ECU.
really changes your whole view of how the thing works.” [1] The adversary can take control of the vehicle braking system,
The high demand for cutting-edge technologies and the need engine, air conditioning system, and steering wheel are just
to keep vehicles affordable are reasons why rigorous security steps needed to remotely-drive a vehicle.
measures and policies have not been prioritized in the past. There is a gap in the current literature to assess and evaluate
Vehicles are becoming more intelligent with the constant the impact of cyber/physical attacks on the road users and the
demand for improvement of driver’s safety, comfort, and system operators. This study attempts to survey the impacts of
vehicle performance. Technologies are being deployed such as in-vehicle network security vulnerabilities and adds to the
infotainment and safety monitoring applications in the literature of ITS security and resiliency, by exploring possible
vehicles to meet the demand for increased technology. consequences of an adversary compromising the in-vehicle
According to the major automobile original equipment system. To this extent, we aim to contribute to the nascent but
manufacturers (OEMs), nearly 100% of new vehicles are growing literature of ITS security impact-oriented risk
assessment. First, most of the previous studies have been
K limited to combine risks of a compromised in-vehicle network
B. Kelarestaghi and K. Heaslip are with the Department of Civil &
Environmental Engineering, Virginia Tech, Arlington, VA, 22203. Email: systematically. The bulk of this work is devoted to identifying
{kavehbk, kheaslip} @vt.edu. security attacks against the in-vehicle network and to
M. Foruhandeh and R. Gerdes are with the Department of Electrical & proposing defense and protection security mechanisms. The
Computer Engineering, Virginia Tech, 900 N Glebe Rd, Arlington, VA,
22203. Email: {mfhd, rgerdes} @vt.edu. knowledge about the conceivable attacks and the performance
Kelarestaghi et al. 2
systems that are based on the CAN bus technology. Hoppe et of such attacks on road users’ safety is considerable and needs
al. [12], indicated that by exploiting CAN bus security to be further assessed. These vulnerabilities are not the
vulnerabilities, an adversary is capable of (i) compromising concern only of passenger cars but involve heavy commercial
the availability of window lifts through DoS attack, (ii) vehicles as well. Burakova et al. [18] assessed the security of a
compromising the availability of the warning light by keeping 2006 Class-8 semi-tractor and a 2001 school bus that are both
it dark, and (iii) removing airbag control modules from the equipped with SAE J1939 standard; the J1939 bus is
system. They argued that an adversary could cause passengers commonly used among the heavy-duty vehicles in the US, for
discomfort and compromise their safety. Koscher et al. [13] in-vehicle communication and diagnostics. The study results
examined the security of two 2009 model year passenger cars indicate that an attacker with network access can compromise
(researchers did not disclose the make and model of the cars) the ECUs and manipulate (i) gauges on the instrument cluster
through reverse engineering, in both lab and test road settings. (e.g., oil pressure and battery voltage gauge), (ii) engine
The researchers demonstrated that by taking control of even Revolutions Per Minute (RPM), and (iii) engine brake. In
one of the car’s ECU an adversary can entirely compromise conclusion, the attacker with physical access to the in-vehicle
the car and that ECU can be reprogrammed even while network may override the driver and remotely control the
driving. They were able to take control of several car heavy-duty vehicle.
components by hacking the vehicle (i) physically through the Jafarnejad et al. [19] were able to hack the Renault Twizy
On-Board Diagnostic II (OBD-II) port, and (ii) remotely 80 through exploiting vulnerabilities of the Open Vehicle
(with prior physical access) through car wireless interfaces Monitoring System (OVMS); the OVMS enables a driver to
(digital radio). These components include (i) radio, (ii) have remote access to electric car information such as battery
instrument panel cluster, (iii) body controller (e.g., door lock, level and location. They concluded that an adversary might
trunk lock, and window relays), (iv) engine, (v) brakes, and override the driver and launch several attacks. These attacks
(vi) heating and air conditioning. Later in 2011, Checkoway et are: (i) move the vehicle forward, and backward, (ii) change
al. [14] supplemented the Koscher et al. [13] experiment by the speed of vehicle while in operation, (iii) cause damage to
attacking a modern vehicle remotely, without prior physical the engine, (iv) change motor direction at will, (v) distort a
access. They were able to compromise the vehicle through
dashboard, and (vi) control the throttle. In 2015, white hackers
several components entirely. These components include (i)
physically breached into the Virginia State Police (VSP)
diagnostic tool, (ii) media player, (iii) Bluetooth, and (iv)
Chevrolet Impala. A police officer who intended to start his
cellular communication. The dreadful reward of an adversary
breaching through the wireless components is that he does not duty was not able to shift the gear. The hacker was able to
need to execute an attack immediately and can wait for a time manipulate the speedometer and eventually shut down the
to gain maximum benefit. engine. Tampering was initiated with the installation of a
Other researchers have also attempted to scrutinize device in the car, capable of Bluetooth communication [20].
the security of vehicles. Oka et al. [15] suggest that The experiment indicates that even a vehicle without design-
adversaries can breach into the in-vehicle network through the built advanced communication is a lucrative target for
Bluetooth communication. They reviewed publicly available adversaries. In a real-world situation, consequences of a
information and concluded that although it is difficult to pair malicious behavior targeting state trooper vehicles can cause
with the built-in infotainment system, it is possible to delay and disruption of a police operation. This event
compromise driver safety through the external infotainment provoked VSP to support security-based research and to
systems via Bluetooth. It is even more likely for an attacker to simulate such an event on its students to prepare them for
inject false messages through the OBD-II port dongle by unexpected attacks. Also, a private company designed a real-
merely pairing his device or with a brute-force attack. Another time intrusion detection device to be plugged into the OBD-II
study conducted by Foster et al. [16] assessed the security [20]. Table 1 represents a summary of the experiments that
vulnerabilities of the aftermarket Telematics Control Units attempted to hack on-the-market vehicles.
(TCU) that interconnect ECUs with external systems. They The review of the existing literature suggests that a malicious
examined two threat models: (i) local (i.e., physical access to adversary should have high-level of expertise, well resourced,
the TCU) and (ii) remote in which the attacker can
and be capable of executing effective, continuous, and
compromise the vehicle without physical access. The results
synchronized cyber/physical attacks. Vehicle security
indicate that in both cases adversaries with adequate
vulnerabilities are not only of today or past concern; these can
knowledge can compromise the vehicle through the TCU. The
adversary can inject false CAN packets and fully control accrue with vehicular ad hoc network security issues and
safety components of a vehicle such as a brake system. The could trigger dire consequences. The breach might prolong
researchers tested this attack in a real-world situation and were and contaminate other vehicles that are on the same network
able to tamper with windshield wipers and the brake system. as the hacked vehicle. Breach propagation can disseminate
The Yan et al. [17] study indicates that it is over the ITS wide-range network like a virus goes from one
conceivable to hack Tesla Model S sensors through the computer to another.
spoofing and jamming attacks. The study suggests that these
attacks can trigger a crash and compromise the function of the
self-driving vehicles. The study has some limitations such as
the limited range of the attacks and the uncertainties that come
with the possibility of on-road attack. Nevertheless, the impact
Kelarestaghi et al. 4
TABLE 1
SUMMARY OF THE IN-VEHICLE NETWORK EVENTS
1st author Year Vehicle Foothold Threat Model Attack Impact
2006 Class-8
Burakova semi-tractor Taking control of gauges on the instrument cluster,
2016 OBD-II Physical
[18] and 2001 engine rpm, and engine brake
school bus
Yan [17] 2016 Tesla Model S Sensors Physical Trigger a crash, Compromise self-driving functions
Chevrolet The driver was not able to shift the gear, tampering the
Higgins [20] 2015 OBD-II Physical
Impala speedometer, and kill the engine
Greenberg Disable brake, changed seatbelt setting, take control of
Ford Escape,
[8], and 2013 OBD-II Physical steering wheel, spoofed GPS, distort a dashboard, and
Toyota Prius
Miller [10] manipulate vehicle lights
Physical &
2009 model
Koscher Remote Take control of radio; instrument panel cluster; body
2010 year passenger OBD-II
[13] (with prior controller; engine; brakes; heating and air conditioning
car
physical access)
Entertainment Take control of the engine, take control of brake. Take
Greenberg system –Cellular control of the steering wheel, control air conditioning
2014 Jeep,
[1], and 2015 (Wi-Fi hotspot) Remote system, traumatic driving experience, compromised
Cherokee
Miller [11] driver privacy by tracing the location of the car through
the GPS coordinates.
Move the vehicle forward and backward, change the
Jafarnejad Renault Twizy speed of the vehicle, cause damage to the engine,
2015 OVMS Remote
[19] 80 changing motor direction, distort a dashboard, control
the throttle
2011 model OBD-II, Media
Checkoway moderately Complete control over the car systems, car theft, and
2011 player, Bluetooth, Remote
[14] surveillance
priced sedan and Cellular
providers are the core pieces of the transportation network, the concerned about security and data privacy breaches when it
ones who are disturbed the most by the security breaches are comes to the automated vehicle technology. In fact, the
the road users. Examples of this scenario are the recent Yahoo presence of any vulnerabilities may lead to the point that
[27] and Equifax [28] breaches, where privacy and security of public loses trust in the system.
millions of people were undermined, due to the system As far as the consequences of in-vehicle network security
footholds. Attacks such as location tracking can jeopardize vulnerabilities are concerned, several impacts can be singled
users’ privacy and impose problems for the road users. Also, out. These consequences are mainly concerned with
the attack on vehicle security can lead to a sophisticated leak transportation’s safety, operation, efficiency, security, and
of private information. That is, by compromising the reliability, and drivers’ behavior. The hacking in-vehicle
infotainment system, an adversary could eavesdrop network may impose ruinous damages by compromising road
passengers’ communications through the in-cabin microphone, users’ safety. Safety concerns have been identified in several
and extract that data via the connected Internet Relay Chat studies (e.g. [12]). Taking control of the engine, brake,
(IRC) channel [14]. Even minor information on specifications steering wheel and throttle [10], [11], [19] to supersede the
of the sensors, used in the physical infrastructure of a vehicle, driver, compromises the safety of the targeted driver and his
impart reliable information on the make and model of the adjacent drivers. Also, tampering with air conditioning
vehicle [29]. In the Vehicular Ad hoc Network (VANET), system, radio volume and distorting the dashboard [10], [11],
vehicles are configured to send timestamps, identifiers and [18], [20] not only compromise the traffic safety but leave a
hello beacons periodically to communicate with other driver in a traumatic state, a state that can contribute to
vehicles. Eavesdropping this information could trigger impulsive behavior.
sophisticated privacy concerns than location tracking [29]. For Beyond the concerns mentioned above, a malicious
example, through reading the hello beacons associated with a adversary may compromise the road users’ privacy through
specific identifier, an adversary could gain access to tracking attack. Such an attack can deteriorate if coupled with
information related to individuals’ arrival and departure. malware installation. Compromising in-vehicle network,
Unauthorized investigation parties can also use this impose monetary losses for road users and transportation
information that can impose severe consequences. operators – also, recuperating from an attack takes time. In-
Imperative to note that there is no clear way of defining vehicle network vulnerabilities can cause users and
privacy and setting its boundaries. The degree of privacy is government distrust. Moreover, individuals and companies
dependent on many factors such as user preferences, might file a lawsuit against car manufacturer and authorities.
environmental settings, and application. Sometimes privacy Also, attacks can negatively affect the transportation
can even be entangled with regulations of a country. This efficiency by increasing the influenced vehicles’ energy
ambiguity is the main reason for the lack of considerable consumption [32]. Since there are not many studies to
efforts to accommodate privacy in transportation systems, on a scrutinize attacks’ consequences on road users and authorities,
global scale. For instance, to fulfill certain levels of privacy, security attack impacts on transportation network shall be
any necessary connections to some fixed physical or software investigated more in-depth through stated and revealed
infrastructure has to be avoided, which happens to be a hard methods (e.g., [33]–[38]).
task to be undertaken by the manufacturers at a technical level. The likelihood-impact matrix (Figure 3) represents the in-
Other than that, a substantial problem emerges when security vehicle network security vulnerability impacts into a 3×3
and privacy happen to contradict each other in specific matrix for risk prioritization purposes. The matrix links each
scenarios. The information breach on specific sensors can be of the adverse impacts to the three impact and likelihood
an excellent example of this scenario. That is, sensor clusters (low-, medium- and high-risk) to help decision-
information might be used for designing intrusion detection makers prioritize risks that are associated with hacked
mechanisms, while at the same time sensors can be a foothold vehicles. Risk assessment result indicates that (i) safety (e.g.,
for adversaries to compromise the system’s privacy. Some injury and fatality crash), operational (i.e., monetary loss),
frame the discussion of privacy between two extreme edges of security (compromising driver’s privacy based on the context),
full anonymity or no privacy at all. How to find the proper and behavioral (i.e., driver’s distraction) impacts are
trade-off is still an open problem to be solved. A universal associated with the high-risk cluster, and (ii) security (i.e.,
business model needs to be developed via an international vehicles become a foothold in ITS), legal exposure, reliability
effort of technical parties as well as legal authorities. (i.e., road users distrust the system), efficiency (i.e., passenger
Disruption of the ITS network usually comes with monetary discomfort) and operational (i.e., congestion) impacts are
loss. These losses can affect both operators and users of the associated with the medium-risk cluster. More research can
system. A sophisticated adversary can cause traffic supplement the risk analysis studies and help policymakers
congestion, driver confusion, driver distraction, and may be provide flexible solutions to mitigate the risk of cyber/physical
able to disrupt the system availability, which dictates attack regarding an in-vehicle network.
unexpected operation cost [30] (e.g., time and labor cost).
Schoettle and Sivak [31] surveyed 1,533 individuals and found
that almost 70% of US participants are moderately or highly
6
LIKELIHOOD
Low Medium High
Safety Impact: crashes with severity level of Safety Impact: property damage crashes
Injuries and fatalities
Security Impact: vehicles becomes a Security Impact: to compromise vehicles’
High
Legal Exposure: due to losses, individuals and Operational Impact: taking control of vehicle and
IMPACT
Medium
companies might file a lawsuit against compromise vehicle’s critical components (e.g. Operational Impact: monetary loss of road users
manufacturer and authorities engine, brake, steering wheel); Disabled and and system operators
crippled services
Efficiency Impact: cause discomfort to passengers
Fig. 3. The Impact-Likelihood Matrix maps the adverse impact of in-vehicle network hacking into high- (colored in
red), medium- (colored in yellow), and low-risk clusters (colored in green)
analog physical layer signal, this type of identification is due to the vehicle security vulnerabilities. Adversaries not
called, physical layer identification (PLI) systems [43]. only can take control of vehicles but can compromise the
Examples of PLI based IDSs can be found in the literature that traffic safety and leave a driver in a traumatic state.
uses different features such as the line voltage [44]–[46] or Eventually, adversaries will supersede drivers to remotely-
clock skews [47] for extracting fingerprint templates. drive vehicles shortly.
Last, not least, it is evident that the automobile’s security can This study offers an early assessment of the risks to the in-
be compromised through physical access [13] or a wireless vehicle network. We employed the NIST risk assessment
connection [14]. The former is easily avoidable and brings in approach for risk determination. The risk assessment
minor technical concerns, whereas the wireless connections methodology conducted in identifying threats to the system,
established from the uncertified users are a matter of concern.
system vulnerabilities, adverse impacts in case an adversary
Securing the wireless links is a problem that has been under-
exploits those vulnerabilities, and the likelihood that impacts
evaluated. So far, the telematics port or Bluetooth connection
will occur. To the best of the authors’ knowledge, this study is
have been the primary source of security vulnerabilities. That
is, footholds for adversaries to gain access to an automobile to the first attempt to systematically assess the risks of a
inject malicious messages. Spaur et al. proposed a new compromised in-vehicle network in the transportation domain.
telematics unit with certain access restrictions at [48] aiming The current literature is mainly devoted to detecting security
to control the flow of messages into the vehicle through the threats and to suggesting protection measures against the
cellular network. Based on their approach, this telematics identified and future security attacks. While the knowledge is
ports is equipped with a security controller, which is built lagging behind the state-of-the-art, the need for an impact-
based on digital certificates. The controller grants access to oriented analytic assessment to identify system-level risks is
certified users only. The security of telematics ports, even of vital importance. That is, this study aims to contribute to the
though essential, has been neglected in the current literature. body of knowledge of ITS security and resiliency by
The telematics ports have always been the most common and employing a qualitative risk-based approach for measuring
accessible footholds for malicious adversaries. To preclude risks and communicating the results for policy analysis. We
intrusions right at the starting point, in-built security solutions summarize the main findings of the study as follows:
–rather than reactive response– should be implemented. • An adversary can compromise the in-vehicle network
The contributions to the field of automobile cybersecurity are due to the CAN vulnerabilities such as weak access
well summarized in the three categories above. However, a control, no integrity and no authenticity. That is, a
robust framework offering a secure end-to-end physical malicious adversary with high-level of expertise, well
platform is noticeably missing in state-of-the-art research.
resourced, and capable of executing effective,
Providing awareness in public, as well as among professionals
continuous, and synchronized cyber/physical attacks,
is of major importance, to bring the necessary attention to the
transportation cybersecurity problem. The more significant can exploit vehicle security vulnerabilities. As far as the
problem, however, appears when security and privacy are connected/automated vehicle technology is concerned,
taken into account at the same time. These two critical aspects these security vulnerabilities can accrue with VANET
of transportation systems are most of the time aligned in same security issues. The security attack might extend and
directions and occasionally in opposite directions where contaminate other vehicles that are on the same network
findings an optimal solution for this tradeoff is very as the compromised vehicle. Breach propagation can
complicated. disseminate over the ITS wide-range network like a
virus goes from one computer to another.
VII. CONCLUSION • The risk determination of an adversary compromising
ITS projected to augment safety, comfort, transportation the in-vehicle network can be categorized into high-,
efficiency, and to overcome the environmental impacts of medium-, and low-level risk clusters:
transportation, but in the presence of security footholds all can o High-risk cluster: safety (e.g., injury and
dim. In the presence of any weaknesses, attackers can exploit fatality crash), operational (i.e., monetary
ITS availability, authentication, integrity, and privacy security loss), security (compromising driver’s privacy
goals. Moreover, many questions need to be resolved before based on the context), and behavioral (i.e.,
the vehicular ad hoc network large-scale implementation. For driver’s distraction) impacts.
instance: (i) what would be the impact of known/unknown o Medium-risk cluster: security (i.e., vehicles
cyber/physical attacks on transportation? (ii) How should road become a foothold in ITS), legal exposure,
users respond to the vehicle hacking incidents? (iii) Do road reliability (i.e., road users distrust the system),
users need to be trained for cyber intrusion events? Moreover, efficiency (i.e., passenger discomfort) and
(iv) Whom should road users reach for fixing their cars to operational (i.e., congestion) impacts.
recover from a security attack? • A rigorous solution offering a secure end-to-end
Security is a core technical challenge of the ITS that if not physical platform is noticeably missing in state-of-the-
appropriately maintained, will drastically affect road users and art research. Providing awareness in public, as well as
system operators. Lessons learned from this study depict that among professionals is of vital importance, to bring the
road users’ safety, privacy and security can be compromised necessary attention to the transportation cybersecurity
problem. The more significant problem, however,
8
appears when security and privacy are considered at the [10] Miller C, Valasek C. Adventures in automotive
same time. Security and privacy aspects of the networks and control units. DEF CON. 2013;21:260–
transportation systems are most of the time aligned in 264.
same directions and occasionally in the opposite [11] Miller C, Valasek C. Remote exploitation of an
directions where offering an optimal solution to this unaltered passenger vehicle. Black Hat USA. 2015;
tradeoff is a complex task. 2015. Available from:
This study indicates a high level of uncertainty in the https://securityzap.com/files/Remote%20Car%20Hacki
impact of a security breach on the in-vehicle network, ng.pdf.
especially on road users and the transportation network. There [12] Hoppe T, Kiltz S, Dittmann J. Security threats to
automotive CAN networks–practical examples and
is a gap in literature to assess and evaluate the impact of
selected short-term countermeasures. Computer Safety,
cyber/physical attacks on the road users and the system
Reliability, and Security. 2008;235–248.
operators. The result of this study endorses the necessity of
[13] Koscher K, Czeskis A, Roesner F, Patel S, Kohno T,
impact assessment on the in-vehicle network security breach. Checkoway S, et al. Experimental security analysis of a
Impact assessment results will be of great benefit to the risk modern automobile. In: Security and Privacy (SP), 2010
management studies for the provision of realistic solutions IEEE Symposium on. IEEE; 2010. p. 447–462.
against security attacks. Incorporating the outcomes of the Available from:
impact assessment and the risk management provides a http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=55
realistic analysis of the risk evaluation. Also, the impact 04804.
assessment will help policymakers and system operators to [14] Checkoway S, McCoy D, Kantor B, Anderson D,
prioritise strategies to mitigate security risk. Shacham H, Savage S, et al. Comprehensive
Experimental Analyses of Automotive Attack Surfaces.
REFERENCES In: USENIX Security Symposium. San Francisco; 2011.
[1] Greenberg, A., Hackers Remotely Kill a Jeep on the Available from:
Highway—With Me in It. WIRED. Available from: http://static.usenix.org/events/sec11/tech/full_papers/Ch
https://www.wired.com/2015/07/hackers-remotely-kill- eckoway.pdf.
jeep-highway/. [15] Oka DK, T. Furue, L. Langenhop, T. Nishimura, Survey
[2] Markey EJ. Tracking & Hacking: Security & privacy of vehicle IoT bluetooth devices. In: Service-Oriented
gaps put american drivers at risk. Congressional Report. Computing and Applications (SOCA), 2014 IEEE 7th
2015. International Conference. IEEE; 2014. p. 260–264.
[3] Ogle A. Automotive Controller Area Network Systems: Available from:
Driver Convenience or Cyber Security Threats?. Utica http://ieeexplore.ieee.org/abstract/document/6978619/.
College; 2017. Available from: [16] Foster ID, A. Prudhomme, K. Koscher, S. Savage, Fast
http://search.proquest.com/openview/a2091e54000c7fcf and Vulnerable: A Story of Telematic Failures. In:
e15cc6da701cdfaf/1?pq- WOOT. 2015. Available from:
origsite=gscholar&cbl=18750&diss=y. https://www.usenix.org/system/files/conference/woot15/
[4] Dowson, C., The Dangers of the Hackable Car - WSJ. woot15-paper-foster.pdf.
Available from: https://www-wsj- [17] Yan C, W. Xu, J. Liu, Can you trust autonomous
com.cdn.ampproject.org/c/s/www.wsj.com/amp/articles/ vehicles: Contactless attacks against sensors of self-
the-dangers-of-the-hackable-car-1505700481. driving vehicle. DEF CON. 2016. 24. Available from:
[5] Blum J, Eskandarian A. The threat of intelligent https://www.co.tt/files/defcon24/Speaker%20Materials/
collisions. IT professional. 2004;6(1):24–29. DEFCON-24-Liu-Yan-Xu-Can-You-Trust-
[6] Ross RS., Guide for conducting risk assessments. NIST Autonomous-Vehicles-WP.pdf.
Special Publication. 2011;800–30. [18] Burakova Y, B. Hass, L. Millar, A. Weimerskirch,
[7] Ross, RS., Managing Information Security Risk: Truck Hacking: An Experimental Analysis of the SAE
Organization, Mission, and Information System View. J1939 Standard. In: WOOT. 2016.
NIST Special Publication. 2011;800–39. [19] Jafarnejad S, L. Codeca, W. Bronzi, R. Frank, T. Engel,
[8] Greenberg A., Hackers Reveal Nasty New Car Attacks-- A car hacking experiment: When connectivity meets
With Me Behind The Wheel (Video) [Internet]. Forbes. vulnerability. In: Globecom Workshops (GC Wkshps),
2013. Available from: 2015 IEEE. IEEE; 2015. p. 1–6. Available from:
https://www.forbes.com/sites/andygreenberg/2013/07/2 http://ieeexplore.ieee.org/abstract/document/7413993/.
4/hackers-reveal-nasty-new-car-attacks-with-me- [20] Higgins, KJ., State Trooper Vehicles Hacked. Dark
behind-the-wheel-video/. Reading. Available from:
[9] Miller C, Valasek C. A survey of remote automotive http://www.darkreading.com/attacks-breaches/state-
attack surfaces. Black Hat USA [Internet]. 2014; trooper-vehicles-hacked-/d/d-id/1322415.
Available from: http://blog.hackthecar.com/wp- [21] Amirtahmasebi K, SR. Jalalinia, Vehicular Networks–
content/uploads/2014/08/236073361-Survey-of- Security, Vulnerabilities and Countermeasures. 2010;
Remote-Attack-Surfaces.pdf. Available from:
http://publications.lib.chalmers.se/records/fulltext/1237
78.pdf.
9
[22] Wolf M, A Weimerskirch, T. Wollinger, State of the art: Behavioral Impacts of Connected Automated Vehicles
Embedding security in vehicles. EURASIP Journal on at the National Level,” No. 17-06283, 2017.
Embedded Systems. 2007;2007(1):074706. [37] Kelarestaghi, K.B., W., Zhang, Y., Wang, L., Xiao, K.,
[23] Johansson KH, M. Törngren, L. Nielsen, Vehicle Hancock, and KP., Heaslip. “Impacts to Crash Severity
applications of controller area network. In: Handbook of Outcome due to Adverse Weather and Other Causation
networked and embedded control systems. Springer; Dactors,” Advances in Transportation Studies 43:31-42,
2005. p. 741–765. Available from: 2017.
http://link.springer.com/chapter/10.1007/0-8176-4404- [38] Zhang, W., L. Xiao, Y. Wang, and KB. Kelarestaghi,
0_32. “Big Data Approach of Crash Prediction,”
[24] Woo S, HJ. Jo, DH. Lee, A practical wireless attack on Transportation Research Board 97th Annual
the connected car and security protocol for in-vehicle MeetingTransportation Research Board. (No. 18-
CAN. IEEE Transactions on Intelligent Transportation 04956), 2018.
Systems. 2015;16(2):993–1006. [39] Dellios K, D. Papanikas, D. Polemi, Information
[25] Othmane L, R. Fernando, R. Ranchal, B. Bhargava, Security Compliance over Intelligent Transport
Likelihoods of Threats to Connected Vehicles; Systems: Is IT Possible? IEEE Security & Privacy.
Available from: https://www.informatik.tu- 2015;13(3):9–15.
darmstadt.de/fileadmin/user_upload/Group_CASED/Li [40] Szilagyi CJ., Low cost multicast network authentication
klihoodConnectVehicles.pdf for embedded control systems [PhD Thesis]. Carnegie
[26] Castillo A, AD. Thierer, Projecting the growth and Mellon University Pittsburgh; 2012.
economic impact of the internet of things. 2015. [41] Ziermann T, S. Wildermann, J. Teich, CAN+: A new
[27] Selyukh A., Yahoo Hack Likely Breached 3 Billion backward-compatible Controller Area Network (CAN)
Accounts, All That Existed In Mid-2013 : The Two- protocol with up to 16x higher data rates. In:
Way : NPR. Proceedings of the Conference on Design, Automation
[28] Newman, LH., Equifax Officially Has No Excuse and Test in Europe. European Design and Automation
[Internet]. WIRED. Available from: Association; 2009. p. 1088–1093.
https://www.wired.com/story/equifax-breach-no- [42] Nilsson DK, UE. Larson, E. Jonsson, Efficient in-
excuse/. vehicle delayed data authentication based on compound
[29] Dötzer F., Privacy issues in vehicular ad hoc networks. message authentication codes. In: Vehicular Technology
In: International Workshop on Privacy Enhancing Conference, 2008 VTC 2008-Fall IEEE 68th. IEEE;
Technologies. Springer; 2005. p. 197–209. 2008. p. 1–5.
[30] Kelarestaghi KB., K. Heaslip, V. Fessmann, M. [43] Wang C, RM. Gerdes, Y. Guan, SK. Kasera, Digital
Khalilikhah, A. Fuentes. Intelligent Transportation fingerprinting. Springer; 2016.
System Security: Hacked Message Signs. SAE Int J [44] Cho K-T, Shin KG. Viden: Attacker identification on
Transp Cyber & Privacy. 2018, doi:10.4271/11-01-02- in-vehicle networks. In: Proceedings of the 2017 ACM
0004. SIGSAC Conference on Computer and
[31] Schoettle B, M. Sivak, A survey of public opinion about Communications Security. ACM; 2017. p. 1109–1123.
autonomous and self-driving vehicles in the US, the [45] Choi W, K. Joo, HJ. Jo, MC. Park, DH. Lee,
UK, and Australia. 2014; Available from: VoltageIDS: Low-Level Communication Characteristics
https://deepblue.lib.umich.edu/handle/2027.42/108384. for Automotive Intrusion Detection System. IEEE
[32] Gerdes RM, C. Winstead, K. Heaslip, CPS: an Transactions on Information Forensics and Security.
efficiency-motivated attack against autonomous 2018;13(8):2114–2129.
vehicular transportation. In: Proceedings of the 29th [46] Choi W, HJ. Jo, S. Woo, JY. Chun, J. Park, DH. Lee,
Annual Computer Security Applications Conference. Identifying ecus using inimitable characteristics of
ACM; 2013. p. 99–108. signals in controller area networks. Jun; 2016.
[33] Jeihani, M., S., NarooieNezhad, and KB. Kelarestaghi, [47] Cho K-T, KG. Shin, Fingerprinting Electronic Control
“Integration of a Driving Simulator and a Traffic Units for Vehicle Intrusion Detection. In: USENIX
Simulator Case Study: Exploring Drivers’ Behavior in Security Symposium. 2016. p. 911–927.
Response to Variable Message Signs,” IATSS Res. [48] Spaur CW, PJ. Kennedy, MF. Braitberg, A. Fuchs, N.
41(4):164-171, 2017. Klingenstein, L. Lee, Secure telematics. 2008.
[34] Dabiri, S. and Heaslip, K., “Inferring Transportation
Modes from GPS Trajectories Using a Convolutional
Neural Network,” Transp. Res. Part C Emerg. Technol.
86:360-371, 2018.
[35] Dabiri, S. and Heaslip, K., “Transport-Domain
Applications of Widely Used Data Sources in the Smart
Transportation: A Survey,” ArXiv Prepr.
ArXiv180310902, 2018.
[36] Shabanpour, R., Auld, J., Mohammadian, A.K., and
Stephens, T.S., “Developing a Platform to Analyze