More Like this

1. Impact Evaluation of Falsified Data Attacks on Connected Vehicle Based Traffic Signal Control Systems

   Huang, Shihong; Feng, Yiheng; Wong, Wai; Chen, Qi Alfred; Mao, Z. Morley; Liu, Henry X. (January 2021, NDSS Workshop on Automotive and Autonomous Vehicle Security (AutoSec))

   Connected vehicle (CV) technologies enable data exchange between vehicles and transportation infrastructure. In a CV environment, traffic signal control systems receive CV trajectory data through vehicle-to-infrastructure (V2I) communications to make control decisions. Comparing with existing data collection methods (e.g., from loop-detectors), the CV trajectory data provide much richer information, and therefore have great potentials to improve the system performance by reducing total vehicle delay at signalized intersections. However, this connectivity might also bring cyber security concerns. In this paper, we aim to investigate the security problem of CV-based traffic signal control (CV-TSC) systems. Specifically, we focus on evaluating the impact of falsified data attacks on the system performance. A black-box attack scenario, in which the control logic of a CV-TSC system is unavailable to attackers, is considered. A two-step attack model is constructed. In the first step, the attacker tries to learn the control logic using a surrogate model. Based on the surrogate model, in the second step, the attacker launches falsified data attacks to influence the control systems to make sub-optimal control decisions. In the case study, we apply the attack model to an existing CV-TSC system (i.e., I-SIG) and find intersection delay can be significantly increased. Finally, we discuss some promising defense directions. 

   more » « less
2. Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

   Gulhane, A. Vyas (January 2019, IEEE Consumer Communications & Networking Conference (CCNC))

   —Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a threedimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system. 

   more » « less
3. Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

   A. Gulhane, A. Vyas (January 2019, IEEE Consumer Communications & Networking Conference (CCNC))

   Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a threedimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system. 

   more » « less
4. Automated Discovery of Denial-of-Service Vulnerabilities in Connected Vehicle Protocols

   Hu, Shengtuo; Chen, Qi Alfred; Sun, Jiachen; Feng, Yiheng; Mao, Z. Morley; Liu, Henry X. (January 2021, USENIX Security Symposium)

   null (Ed.)

   With the development of the emerging Connected Vehicle (CV) technology, vehicles can wirelessly communicate with traffic infrastructure and other vehicles to exchange safety and mobility information in real time. However, the integrated communication capability inevitably increases the attack surface of vehicles, which can be exploited to cause safety hazard on the road. Thus, it is highly desirable to systematically understand design-level flaws in the current CV network stack as well as in CV applications, and the corresponding security/safety consequences so that these flaws can be proactively discovered and addressed before large-scale deployment. In this paper, we design CVAnalyzer, a system for discovering design-level flaws for availability violations of the CV network stack, as well as quantifying the corresponding security/safety consequences. To achieve this, CVAnalyzer combines the attack discovery capability of a general model checker and the quantitative threat assessment capability of a probabilistic model checker. Using CVAnalyzer, we successfully uncovered 4 new DoS (Denial-of-Service) vulnerabilities of the latest CV network protocols and 14 new DoS vulnerabilities of two CV platoon management protocols. Our quantification results show that these attacks can have as high as 99% success rates, and in the worst case can at least double the delay in packet processing, violating the latency requirement in CV communication.We implemented and validated all attacks in a real-world testbed, and also analyzed the fundamental causes to propose potential solutions. We have reported our findings in the CV network protocols to the IEEE 1609 Working Group, and the group has acknowledged the discovered vulnerabilities and plans to adopt our solutions. 

   more » « less
5. Battery Management System: Threat Modeling, Vulnerability Analysis, and Cybersecurity Strategy

   https://doi.org/10.1109/ACCESS.2025.3543249  

   Murlidharan, Shravan; Ravulakole, Varsha; Karnati, Jyothi; Malik, Hafiz (January 2025, IEEE Access)

   The Battery Management System (BMS) plays a crucial role in modern energy storage technologies, ensuring battery safety, performance, and longevity. However, as the BMS becomes more sophisticated and interconnected, it faces increasing cybersecurity challenges that can lead to catastrophic failures and safety hazards. This paper provides a comprehensive overview of cyberattacks targeting both traditional and wireless BMS. It explores various attack vectors, including malware injection, electromagnetic interference (EMI), temperature sensing manipulation, sensor malfunctioning and fault injection, and jamming attacks on modern BMS. Through threat modeling and vulnerability analysis, this paper examines the potential impacts on BMS functionality, safety, and performance. We highlight vulnerabilities associated with different BMS architectures and components, emphasizing the need for robust cybersecurity measures to protect against emerging threats. Cybersecurity measures are essential to protect the system from potential threats that could trigger false alarms, cause malfunctions, or lead to dangerous failures. Unauthorized access or tampering with the BMS can disrupt its fault response mechanisms, jeopardizing system performance and associated resources. Key cybersecurity strategies include intrusion detection systems (IDS), crypto-based authentication, secure firmware updates, and hardware-based security mechanisms such as trusted platform modules (TPMs). These measures strengthen BMS resilience by preventing unauthorized access and ensuring data integrity. Our findings are essential for mitigating risks in various sectors, including electric vehicles (EVs), renewable energy, and grid storage. They underscore the importance of ongoing research and development of adaptive security strategies to safeguard BMS against evolving cyber threats. Additionally, we propose a trust mechanism that secures the connection between input sensors and the BMS, ensuring the reliability and safety of battery-powered systems across various industries. 

   more » « less