Abstract
With the proliferation of using smart and connected devices in the transportation domain, these systems inevitably face security threats from the real world. In this work, we analyze the security of the existing traffic signal systems and summarize the security implications exposed in our analysis. Our research shows that the deployed traffic signal systems can be easily manipulated with physical/remote access and are vulnerable to an array of real-world attacks such as a diversionary tactic. By setting up a standard traffic signal system locally in our lab and partnering with a municipality, we demonstrate that not only can traffic intersections be manipulated to show deadly traffic patterns such as all-direction green lights, but traffic control systems are also susceptible to ransomware and disruption attacks. Through testing and studying these attacks, we provide our security recommendations and mitigations to these threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
2070 ATC (Advanced Transportation Controllers) Equipment Parts and Accessories. http://esbd.cpa.state.tx.us/bid_show.cfm?bidid=139594. Accessed 31 May 2017
Search Federal, State, and Local Government Contracts, Government Bids, and RFPs. https://www.bidcontract.com/government-contracts-bids/search-government-Bids-Contracts.aspx?s=2070&t=FE&is=0. Accessed 31 May 2017
The Traffic Signal Museum: Eagle Signal Model EF-15 Traffic Controller (2015). http://www.trafficsignalmuseum.com/pages/ef15.html
1103 v03 - NTCIP Transportation Management Protocols (TMP) v03 (2017). https://www.ntcip.org/library/standards/default.asp?documents=yes&qreport=no&standard=1103%20v03
AASHTO: American association of state highway and transportation officials. https://www.transportation.org/
AASHTO, ITE, and NEMA: Advanced transportation controller application programming interface reference implementation software user manual (2015). https://www.ite.org/pub/?id=31058d5b-ccfb-5b00-30d1-61c715ada9a4
AASHTO, ITE, and NEMA: Advanced Transportation Controller (ATC) standard version 06 (2018). https://www.ite.org/pub/?id=acaf6aca-d1fd-f0ec-86ca-79ad05a7cab6
Arduino: Starter kit. https://store.arduino.cc/usa/arduino-starter-kit. Accessed 1 Dec 2018
ATEK Access Technologies: Access the power of technology. http://atekcompanies.com/access-technologies. Accessed 31 May 2017
ATEK Access Technologies: Datakey microwire protocol specification (2014). http://datakey.com/downloads/223-0017-003_REVI_MWInterfaceSpec_SBM.pdf
ATEK Access Technologies: Datakey LCK series specification sheet (2015). http://datakey.com/downloads/LCK_Series_DS_REV.D.pdf
Boston Transportation Department: The benefits of retiming/rephasing traffic signals in the back bay. https://www.cityofboston.gov/images_documents/The%20Benefits%20of%20Traffic%20Signal%20Retiming%20Report_tcm3-18554.pdf. Accessed 1 Dec 2018
Cerrudo, C.: Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. IOActive Blog (2014)
Chen, Q.A., Yin, Y., Feng, Y., Mao, Z.M., Liu, H.X.: Exposing congestion attack on emerging connected vehicle based traffic signal control. In: Network and Distributed Systems Security (NDSS) Symposium 2018 (2018)
Cozzi, E., Graziano, M., Fratantonio, Y., Balzarotti, D.: Understanding Linux malware. In: IEEE Symposium on Security & Privacy (2018)
Eberle Design, Inc.: CMU-212. https://www.editraffic.com/wp-content/uploads/888-0212-001-CMU-212-Operation-Manual.pdf. Accessed 1 Dec 2018
Eberle Design, Inc.: MMU-16LE series SmartMonitor. https://www.editraffic.com/wp-content/uploads/888-0116-001-MMU-16LE-Operation-Manual.pdf. Accessed 1 Dec 2018
Eberle Design, Inc.: Traffic control software. https://www.editraffic.com/support-traffic-control-software/. Accessed 1 Dec 2018
Fourth Dimension Traffic: The D4 traffic signal controller software. https://fourthdimensiontraffic.com/about/about.html. Accessed 1 Dec 2018
Ghena, B., Beyer, W., Hillaker, A., Pevarnek, J., Halderman, J.A.: Green lights forever: analyzing the security of traffic infrastructure. In: 8th USENIX Workshop on Offensive Technologies (WOOT 2014). USENIX Association, San Diego (2014). https://www.usenix.org/conference/woot14/workshop-program/presentation/ghena
Grover, K., Lim, A., Yang, Q.: Jamming and anti-jamming techniques in wireless networks: a survey. Int. J. Ad Hoc Ubiquit. Comput. 17(4), 197–215 (2014)
Institute of Transportation Engineers: About the institute of transportation engineers. http://www.ite.org/aboutite/index.asp
Institute of Transportation Engineers: Standard specification for roadside cabinets (2006). https://www.ite.org/pub/E26A4960-2354-D714-51E1-FCD483B751AA
Intelight: 2070 ATC controllers. https://www.intelight-its.com/product-categories/2070-type-controllers/. Accessed 1 Dec 2018
Koonce, P., et al.: Traffic signal timing manual. Technical report (2008)
Laszka, A., Potteiger, B., Vorobeychik, Y., Amin, S., Koutsoukos, X.: Vulnerability of transportation networks to traffic-signal tampering. In: Proceedings of the 7th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2016), pp. 1–10. IEEE (2016)
Li, Z., **, D., Hannon, C., Shahidehpour, M., Wang, J.: Assessing and mitigating cybersecurity tisks of traffic light systems in smart cities. IET Cyber-Phys. Syst. Theory Appl. 1(1), 60–69 (2016)
National Electrical Manufacturers Association: Standards publication TS 2-2003 (2003). https://www.nema.org/Standards/ComplimentaryDocuments/Contents%20and%20Scope%20TS%202-2003%20(R2008).pdf
NEMA: National electrical manufacturers association. https://www.nema.org/pages/default.aspx
Pelechrinis, K., Iliofotou, M., Krishnamurthy, S.V.: Denial of service attacks in wireless networks: the case of jammers. IEEE Commun. Surv. Tutor. 13(2), 245–257 (2011)
Shodan: Search engine for Internet-connected devices. https://www.shodan.io/. Accessed 1 Dec 2018
Siemens: M60 series ATC. https://w3.usa.siemens.com/mobility/us/en/road-solutions/Documents/m60%20Series%20ATC%20Data%20Sheet%20FINAL.pdf/. Accessed 1 Dec 2018
Siemens: SEPAC local controller software. https://w3.usa.siemens.com/mobility/us/en/road-solutions/Documents/SEPAC%20Local%20Controller%20Software.pdf. Accessed 1 Dec 2018
Spencer, D.: The Advanced Transportation Controller and Applications for Oregon Department of Transportation (2013). https://www.oregon.gov/ODOT/HWY/TRAFFIC-ROADWAY/docs/pdf/2013_conference/ATCforODOT.pdf. Accessed 31 May 2017
The MITRE Corporation: Common vulnerabilities and exposures. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=SSH. Accessed 1 Dec 2018
The White House: FACT SHEET: Announcing Over \$80 million in New Federal Investment and a Doubling of Participating Communities in the White House Smart Cities Initiative (2016). https://obamawhitehouse.archives.gov/the-press-office
Acknowledgements
This work is partially supported by the National Science Foundation Grant No. IIS-1724227. Opinions, findings, conclusions and recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the US Government.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ning, Z., Zhang, F., Remias, S. (2019). Understanding the Security of Traffic Signal Infrastructure. In: Perdisci, R., Maurice, C., Giacinto, G., Almgren, M. (eds) Detection of Intrusions and Malware, and Vulnerability Assessment. DIMVA 2019. Lecture Notes in Computer Science(), vol 11543. Springer, Cham. https://doi.org/10.1007/978-3-030-22038-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-22038-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-22037-2
Online ISBN: 978-3-030-22038-9
eBook Packages: Computer ScienceComputer Science (R0)