The day on which cars can communicate with each other – and with traffic lights , stop signs, guardrails and even road markings – is fast approaching . This type of intelligent systems is already being implemented on many US roads. under the premise that they can reduce traffic jams and avoid collisions .
For example, the Intelligent Traffic Signal System developed with the help of the US Transportation Agency has been tested on public roads in Arizona and California and is being implemented more widely in cities such as New York or Tampa, Florida. . This system allows vehicles to share their location and speed in real time with the traffic lights , something that can be used to optimize the pace of traffic in coordination with the demand in real time and thus drastically reduce the waiting time of a vehicle. vehicle at an intersection .
Our work from the research group RobustNet Research Group and from the Michigan Traffic Laboratory of the University of Michigan is focused on ensuring that these next generation transport systems are safe and protected against attacks.
So far we have realized that they can be tricked very easily. A single car that transmits false data can cause a huge traffic jam, and an attack with data from several cars could cause chaos in an entire area. The most worrisome is that our research has not found such vulnerabilities in data transfer technology, but in the algorithms used to manage traffic flow .
Tricking an algorithm
In general, the algorithms are designed to process various input data (such as the number of cars in different places near an intersection) and calculate the result that matches a specific goal (such as minimizing vehicle delays due to traffic lights). ). Like most algorithms, the algorithm that controls traffic in this system of intelligent traffic signals (with the nickname “I-SIG”) assumes that the data it receives is true. But it is not a safe method.
The hardware and software of modern cars can be modified, either physically through the diagnostic ports of the car or through wireless connections to order the car to transmit false information . A person wishing to compromise the I-SIG system could hack their own car using one of these methods, drive the car to the intersection in question and park somewhere nearby.
We have discovered that as soon as the car is parked near the intersection it can take advantage of two weak points in the algorithm that controls the traffic lights to extend the time that a specific lane is green, as well as the time in which another lane is in Red.
The first vulnerability that we realized is what we call ” the advantage of the last vehicle “: a way to extend the duration of a green traffic light. The algorithm monitors the approaching cars, makes an estimate of the length of the row of cars and determines how long you think it will take all the vehicles in the lane to cross the intersection.
This logic means that the system can help as many vehicles as possible in each batch of traffic light changes, but it can be used unethically: an attacker can order his car to tell the system that he has joined the line of cars when it really is much more delayed. In this case the algorithm will make the light stay green long enough so that this car that is not waiting can pass, making the rest of the addresses remain in red for longer than necessary.
The second vulnerability we find in the system is called “the curse of the transition period” or ” the ghost vehicle attack “. The I-SIG algorithm has been programmed to take into account that not all vehicles are capable of transmitting information yet. It uses the driving patterns and information of the newest and most connected cars to deduce the location and speed of old cars that do not have the capacity to transmit information. Therefore, if an interconnected car warns that it is standing quite a distance from an intersection, the algorithm will assume that it is because there is a long line of vehicles in front of it and it would establish a green light for that lane because it thinks there is a long line of vehicles when there really is not.
These attacks occur when a device is tricked into lying about its position and its speed. Something very different from the cyber attacks we normally know, such as entering messages in unencrypted communications or an unauthorized user connecting to a privileged account . Therefore, known protections against attacks can do nothing against devices that lie .
Results of an uninformed algorithm
Using any of these attacks or a combination of both, the attacker can make the traffic lights go green for a very long period of time when there is hardly any traffic in the corresponding lane or make the traffic lights remain red in crowded lanes, something that can cause small retentions and end up forming large traffic jams.
A traffic congestion attack in a traffic light control system.
This type of semaphore attack could be done simply for fun or to benefit the attacker. Imagine, for example, that a person who wants to get to work earlier adjust the traffic lights according to their needs, harming the rest of the drivers. It can also be the case of criminals who take advantage of this system to escape faster from the scene of a crime or from the persecution of the police by controlling the traffic lights.
There are also risks at the political or financial level: a coordinated group could sow chaos at several key junctions in a city and request the payment of a ransom. It is a much more problematic way and with fewer consequences than other ways of blocking an intersection, such as parking a vehicle in the middle of traffic.
Given that this type of attacks exploits the traffic control algorithm itself, repairing it requires a joint effort of experts in transport and cybersecurity, which would include taking into account one of the main lessons we have learned from our work: the sensors that use the Interactive systems (such as those of I-SIG system vehicles) are not entirely reliable . Before starting calculations, the algorithms should try to validate the data they are using. For example, a traffic control system could use other sensors (such as sensors inside the roads that are already used in many parts of the US) to verify the number of cars that are on the road.
This is just the beginning of our investigation into the new types of security problems in the intelligent transport systems of the future and we hope to uncover more vulnerabilities, as well as identify ways to make roads safe and protect drivers.
- Qi Alfred Chen , Doctor of Computer Science and Engineering, University of Michigan
- Z. Morley Mao , Professor of Electrical Engineering and Computer Science, University of Michigan