ArgusLab Technical Report 2019-1
Understanding Security Issues in Vehicle Transportation Systems in a Holistic, Context-aware Manner by Anwesh Tuladhar and Xinming Ou
Abstract: Technology is revolutionizing vehicle transportation systems with the goal to improve efficiency, mobility, safety, and comfort. While there has been research looking into cyber security issues in transportation systems, such efforts are often fragmented targeting specific segments of the system, and lack a coherent framework that captures the overarching context. The vehicle transportation system is a complex ecosystem of diverse technologies, residing in myriad types of components dispersed over a wide geographic range. Understanding security issues in such systems requires capturing the many ways technologies in the ecosystem may interact. Systemizing security issues that may arise through these interactions will benefit not only the management and operation of such systems, but also the design process of future systems and system components, which are undergoing a rapid technological advancement in this domain. In this paper we provide such a systemization. The primary driving force of our effort is an in-depth, six-month embedding in a traffic management center (TMC) of a mid-size city in the U.S., where we gained first-hand knowledge of the inner workings of the vehicle transportation ecosystem. This effort involves interacting with people from multiple engineering disciplines including transportation, traffic engineering, computer and communications, and others. Although each of these fields have a unique role to play in this ecosystem, all of them play a part in security. One observation from our embedding in the TMC is the existence of silos of each discipline, making it difficult to understand and communicate the security impact one can have in the context of the whole transportation ecosystem. This echoes what we find in the relevant research literature, where in many cases security issues identified stem from assumptions made about other aspects of the ecosystem, regardless of whether such assumptions can hold or not. In our systematization approach we identify the key components, technologies, and stakeholders in the whole ecosystem, and that forms the basis of understanding attack scenarios and their mitigations. This methodology helps to put security analysis into the context of the transportation ecosystem and provides a common platform for communication to help breakdown the silos existing both in research and in practice.