A Risk Based Approach to Intelligent Transportation Systems Security

Bakhsh Kelarestaghi, Kaveh

11 July 2019

Security threats to cyber-physical systems are targeting institutions and infrastructure around the world, and the frequency and severity of attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Wireless Sensors Networks, Vehicle-to-everything communication (V2X), Dynamic Message Signs (DMS), and Traffic Signal Controllers are among major Intelligent Transportation Systems (ITS) infrastructure that has already been attacked or remain vulnerable to hacking. ITS has been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in travel demand. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices such as DMS are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is due to their location. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. There may be room for improvement by policymakers and program managers when considering critical infrastructure vulnerabilities. With cybersecurity issues escalating every day, road users' safety has been neglected. This dissertation overcomes these challenges and contributes to the nascent but growing literature of Intelligent Transportation System (ITS) security impact-oriented risk assessment in threefold. • First, I employ a risk-based approach to conduct a threat assessment. This threat assessment performs a qualitative vulnerability-oriented threat analysis. The objective is to scrutinize safety, security, reliability, and operation issues that are prompted by a compromised Dynamic Message Signs (DMS). • Second, I examine the impact of drivers' attitudes and behaviors on compliance, route diversion behavior, and speed change behavior, under a compromised DMS. We aim to assess the determinants that are likely to contribute to drivers' compliance with forged information. To this extent, this dissertation evaluates drivers' behavior under different unauthentic messages to assess in-depth the impact of an adversarial attack on the transportation network. • Third, I evaluate distracted driving under different scenarios to assess the in-depth impact of an adversarial attack on the transportation network. To this extent, this dissertation examines factors that are contributing to the manual, visual, and cognitive distractions when drivers encountering fabricated advisory information at a compromised DMS. The results of this dissertation support the original hypothesis and indicate that with respect to the forged information drivers tend to (1) change their planned route, (2) become involved in distracting activities, and (3) change their choice speed at the presence of a compromised DMS. The main findings of this dissertation are outlined below: 1. The DMS security vulnerabilities and predisposing conditions allow adversaries to compromise ITS functionality. The risk-based approach of this study delivers the impact-likelihood matrix, which maps the adverse impacts of the threat events onto a meaningful, visual, matrix. DMS hacking adverse impacts can be categorized mainly as high-risk and medium-risk clusters. The safety, operational (i.e., monetary losses) and behavioral impacts are associated with a high-risk cluster. While the security, reliability, efficiency, and operational (i.e., congestion) impacts are associated with the medium-risk cluster. 2. Tech friendly drivers are more likely to change their route under a compromised DMS. At the same time, while they are acquiring new information, they need to lowering their speed to respond to the higher information load. Under realistic-fabricated information, about 65% of the subjects would depart from their current route. The results indicate that females and subjects with a higher driving experience are more likely to change their route. In addition, those subjects who are more sensitive to the DMS's traffic-related messages and those who use DMS under congested traffic condition are more likely to divert. Interestingly, individuals with lower education level, Asians, those who live in urban areas, and those with trouble finding their direction in new routes are less likely to pick another route rather the one they planned for. 3. Regardless of the DMS hacking scenarios, drivers would engage in at least one of the distractive activities. Among the distractive activities, cognitive distraction has the highest impact on the distracted driving likelihood. Meaning, there is a high chance that drivers think of something other than driving, look at surrounding traffic and scenery, or talk to other passengers regarding the forged information they saw on the DMS. Drivers who rely and trust in technology, and those who check traffic condition before starting their trips tend to become distracted. In addition, the result identified that at the presence of bogus information, drivers tend to slow down or stop in order to react to the DMS. That is, they would either (1) become involved in activities through the means of their phone, (2) they would mind wander, look around, and talk to a passenger about the sign, and (3) search for extra information by means of their vehicle's radio or internet. 4. Females, black individuals, subjects with a disability, older, and those with high trust in DMS are less likely to ignore the fabricated messages. In contrary, white, those who drive long hours, and those who see driving as a tedious task are more likely to ignore the bogus messages. Drivers who comply with traffic regulations and have a good driving record are likely to slow down under the tampered messages. Furthermore, female drivers and those who live in rural areas are more likely to slow down under fabricated advisory information. Furthermore, this dissertation identifies that planning for alternative route and involvement in distractive activities cause speed variation behaviors under the compromised DMS. This dissertation is the first to investigate the adverse impact of a compromised DMS on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities. Broader impacts of this study include (1) to systematically raising awareness among policy-makers and engineers, (2) motivating further simulations and real-world experiments to investigate this matter further, (3) to systematically assessing the adverse impact of a security breach on transportation reliability and safety, and drivers' behavior, and (4) providing insights for system operators and decision-makers to prioritize the risk of a compromised DMS. Additionally, the outcome can be integrated with the nationwide connected vehicle and V2X implementations and security design. / Doctor of Philosophy / Security threats are targeting institutions and infrastructure around the world, and the frequency and severity of security attacks are on the rise. Healthcare manufacturing, financial services, education, government, and transportation are among the industries that are the most lucrative targets for adversaries. Hacking is not just about companies, organizations, or banks; it also includes critical infrastructure. Intelligent Transportation Systems have been deployed with a focus on increasing efficiency and safety in the face of dramatic increases in traffic volume. Although many studies have been performed and many security primitives have been proposed, there are significant concerns about flawless performance in a dynamic environment. A holistic security approach, in which all infrastructure performs within the satisfactory level of security remains undiscovered. Previously, hacking of road infrastructure was a rare event, however, in recent years, field devices, such as dynamic message signs, are hacked with higher frequency. The primary reason that transportation assets are vulnerable to cyber-attacks is that of their location in public. A more dramatic scenario occurs when hackers attempt to convey tampered instructions to the public. Analyzing traveler behavior in response to the hacked messages sign on the basis of empirical data is a vital step toward operating a secure and reliable transportation system. This study is the first to investigate the adversarial impact of a compromised message sign on the road users and operators. I attempt to address the current gap in the literature by assessing and evaluating the impact of ITS security vulnerabilities.

Intelligent Transportation Systems

Cyber Security

Cyber-Physical Systems

Vulnerability Assessment

Attack Tree

Dynamic Message Sign

Risk Assessment

Impact Assessment

Travelers Behavior

Distracted Driving

Speed Variation

Route Divergence

Desarrollo, aplicación y validación de procedimientos y modelos para la evaluación de amenazas, vulnerabilidad y riesgo debidos a procesos geomorfológicos

Bonachea Pico, Jaime

30 October 2006

Se presenta un procedimiento para evaluar de forma cuantitativa el riesgo por deslizamientos teniendo en cuenta la peligrosidad, los elementos expuestos y su vulnerabilidad. El método utiliza los modelos de susceptibilidad obtenidos previamente a partir de las relaciones estadísticas existentes entre los deslizamientos ocurridos en el pasado (últimos 50 años) y una serie de parámetros del terreno relacionados con la inestabilidad. La frecuencia de deslizamientos en el pasado se ha utilizado para estimar frecuencias futuras. También se ha realizado un inventario y cartografía de los elementos afectados por deslizamientos en el pasado, y se han estimado los daños para cada tipo de elemento teniendo en cuenta la magnitud del tipo de deslizamiento analizado. Posteriormente se estimó la vulnerabilidad, que se expresa en valores de 0 a 1, a partir de la comparación entre pérdidas y valor del elemento afectado.La integración de la peligrosidad, vulnerabilidad y valor del elemento ha permitido obtener modelos de riesgo directo por deslizamiento para cada tipo de elemento. Además se han analizado las pérdidas indirectas ocasionadas sobre las actividades económicas por este proceso. El resultado final es un mapa de riesgo donde cada píxel muestra las pérdidas esperables por deslizamientos en los próximos 50 años / A quantitative procedure for landslide risk mapping has been developed considering hazard, vulnerability and exposed elements. The method is based on a susceptibility model previously developed from statistical relationships between past landslides occurred in the study area (last 50 years) and terrain parameters related to instability. Past landslide behaviour has been used to calculate landslide frequency for the future. An inventory of direct damage due to landslides during the study period was carried out and the main elements at risk in the area identified and mapped. Past monetary losses per type of element have been estimated and expressed as an average 'specific loss' for events of a given magnitude (corresponding to a specified scenario). Vulnerability has been assessed by comparing losses with the actual value of the elements affected and expressed as a fraction of that value (0-1).By integrating hazard, vulnerability and monetary value, direct landslide risk ( /pixel) has been computed for each element considered. Indirect losses from the disruption of economic activities due to landsliding have also been assessed. The final result is a risk map combining all losses per pixel for a 50-year period.

sinkhole susceptibility

quantitative landslide risk assessment

landslide hazard

vulnerability assessment

susceptibilidad a la subsidencia

natural hazards

evaluación de la vulnerabilidad

peligrosidad de desplazamientos

desastres naturales

Geodinámica externa

504

55

Landslide Risk Assessment using Digital Elevation Models

McLean, Amanda

22 March 2011

Regional landslide risk, as it is most commonly defined, is a product of the following: hazard, vulnerability and exposed population. The first objective of this research project is to estimate the regional landslide hazard level by calculating its probability of slope failure based on maximum slope angles, as estimated using data provided by digital elevation models (DEM). Furthermore, it addresses the impact of DEM resolution on perceived slope angles, using local averaging theory, by comparing the results predicted from DEM datasets of differing resolutions. Although the likelihood that a landslide will occur can be predicted with a hazard assessment model, the extent of the damage inflicted upon a region is a function of vulnerability. This introduces the second objective of this research project: vulnerability assessment. The third and final objective concerns the impact of urbanization and population growth on landslide risk levels.

Landslide Risk Assessment

Landslide Hazard Assessment

Landslide Vulnerability Assessment

Digital Elevation Model (DEM)

Local Averaging Theory

DEM Resolution

Maximum Slope Angles

Regional Probability of Slope Failure

Security Assessment of IoT- Devices Grouped by Similar Attributes : Researching patterns in vulnerabilities of IoT- devices by grouping devices based on which protocols are running. / Säkerhetsbedömning av IoT-Enheter Grupperade efter Liknande Egenskaper

Sannervik, Filip, Magdum, Parth

January 2021

The Internet of Things (IoT) is a concept that is getting a lot of attention. IoT devices are growing in popularity and so is the need to protect these devices from attacks and vulnerabilities. Future developers and users of IoT devices need to know what type of devices need extra care and which are more likely to be vulnerable. Therefore this study has researched the correlations between combinations of protocols and software vulnerabilities. Fifteen protocols used by common services over the internet were selected to base the study around. Then an artificial neural network was used to group the devices into 4 groups based on which of these fifteen protocols were running. Publicly disclosed vulnerabilities were then enumerated for all devices in each group. It was found that the percentage of vulnerable devices in each group differed meaning there is some correlation between running combinations of protocols and how likely a device is vulnerable. The severity of the vulnerabilities in the vulnerable devices were also analyzed but no correlation was found between the groups. / Sakernas internet eller Internet of things (IoT) är ett koncept som fått mycket uppmärksamhet. IoT enheter växer drastisk i popularitet, därför är det mer nödvändigt att skydda dessa enheter från attacker och säkerhetsbrister. Framtida utvecklare och användare av IoT system behöver då veta vilka enheter som är mer troliga att ha säkerhetsbrister. Denna studie har utforskat om det finns något samband mellan kombinationer av aktiva protokoll i enheter och säkerhetsbrister. Femton vanligt använda protokoll valdes som bas för studien, ett artificiellt neuralt nätverk användes sedan för att gruppera enheter baserat på dessa protokoll. Kända sårbarheter i enheterna räknades upp för varje grupp. En korrelation mellan kombinationer av protokoll och trolighet för sårbarheter hittades. Allvarlighetsgraden av säkerhetsbristerna i sårbara enheter analyserades också, men ingen korrelation hittades mellan grupperna.

Internet of Things (IoT)

IoT-Devices

Vulnerability Assessment

Grouping IoT-Devices

Self-Organising maps

Vulnerability likelihood.

Sakernas Internet (IOT)

IoT-Enheter

Bedömning av Sårbarhet

Gruppering av IoT-Inheter

Self-Organising maps (SOMs)

Sårbarhetsrisk.

Computer Sciences

Datavetenskap (datalogi)

Smart connected homes : concepts, risks, and challenges

Bugeja, Joseph

January 2018

The growth and presence of heterogeneous connected devices inside the home have the potential to provide increased efficiency and quality of life to the residents. Simultaneously, these devices tend to be Internet-connected and continuously monitor, collect, and transmit data about the residents and their daily lifestyle activities. Such data can be of a sensitive nature, such as camera feeds, voice commands, physiological data, and more. This data allows for the implementation of services, personalization support, and benefits offered by smart home technologies. Alas, there has been a rift of security and privacy attacks on connected home devices that compromise the security, safety, and privacy of the occupants. In this thesis, we provide a comprehensive description of the smart connected home ecosystem in terms of its assets, architecture, functionality, and capabilities. Especially, we focus on the data being collected by smart home devices. Such description and organization are necessary as a precursor to perform a rigorous security and privacy analysis of the smart home. Additionally, we seek to identify threat agents, risks, challenges, and propose some mitigation approaches suitable for home environments. Identifying these is core to characterize what is at stake, and to gain insights into what is required to build more robust, resilient, secure, and privacy-preserving smart home systems. Overall, we propose new concepts, models, and methods serving as a foundation for conducting deeper research work in particular linked to smart connected homes. In particular, we propose a taxonomy of devices; classification of data collected by smart connected homes; threat agent model for the smart connected home; and identify challenges, risks, and propose some mitigation approaches. / <p>Note: The papers are not included in the fulltext online.</p>

Smart Connected Homes

Internet of Things

Smart Home Devices

Data Lifecycle

Security Risks

Privacy Management

Vulnerability Assessment

Security Mitigations

Threat Agents

Smart Home Services

System Architecture

Engineering and Technology

Teknik och teknologier

Consensus and analia: new challenges in detection and management of security vulnerabilities in data networks

Corral Torruella, Guiomar

10 September 2009

A mesura que les xarxes passen a ser un element integral de les corporacions, les tecnologies de seguretat de xarxa es desenvolupen per protegir dades i preservar la privacitat. El test de seguretat en una xarxa permet identificar vulnerabilitats i assegurar els requisits de seguretat de qualsevol empresa. L'anàlisi de la seguretat permet reconèixer informació maliciosa, tràfic no autoritzat, vulnerabilitats de dispositius o de la xarxa, patrons d'intrusió, i extreure conclusions de la informació recopilada en el test. Llavors, on està el problema? No existeix un estàndard de codi obert ni un marc integral que segueixi una metodologia de codi obert per a tests de seguretat, la informació recopilada després d'un test inclou moltes dades, no existeix un patró exacte i objectiu sobre el comportament dels dispositius de xarxa ni sobre les xarxes i, finalment, el nombre de vulnerabilitats potencials és molt extens. El desafiament d'aquest domini resideix a tenir un gran volum de dades complexes, on poden aparèixer diagnòstics inconsistents. A més, és un domini no supervisat on no s'han aplicat tècniques d'aprenentatge automàtic anteriorment. Per això cal una completa caracterització del domini. Consensus és l'aportació principal d'aquesta tesi: un marc integrat que inclou un sistema automatitzat per millorar la realització de tests en una xarxa i l'anàlisi de la informació recollida. El sistema automatitza els mecanismes associats a un test de seguretat i minimitza la durada de l'esmentat test, seguint la metodologia OSSTMM. Pot ser usat en xarxes cablejades i sense fils. La seguretat es pot avaluar des d'una perspectiva interna, o bé externa a la pròpia xarxa. Es recopilen dades d'ordinadors, routers, firewalls i detectors d'intrusions. Consensus gestionarà les dades a processar per analistes de seguretat. Informació general i específica sobre els seus serveis, sistema operatiu, la detecció de vulnerabilitats, regles d'encaminament i de filtrat, la resposta dels detectors d'intrusions, la debilitat de les contrasenyes, i la resposta a codi maliciós o a atacs de denegació de servei són un exemple de les dades a emmagatzemar per cada dispositiu. Aquestes dades són recopilades per les eines de test incloses a Consensus.La gran quantitat de dades per cada dispositiu i el diferent número i tipus d'atributs que els caracteritzen, compliquen l'extracció manual d'un patró de comportament. Les eines de test automatitzades poden obtenir diferents resultats sobre el mateix dispositiu i la informació recopilada pot arribar a ser incompleta o inconsistent. En aquest entorn sorgeix la segona principal aportació d'aquesta tesi: Analia, el mòdul d'anàlisi de Consensus. Mentre que Consensus s'encarrega de recopilar dades sobre la seguretat dels dispositius, Analia inclou tècniques d'Intel·ligència Artificial per ajudar als analistes després d'un test de seguretat. Diferents mètodes d 'aprenentatge no supervisat s'han analitzat per ser adaptats a aquest domini. Analia troba semblances dins dels dispositius analitzats i l'agrupació dels esmentats dispositius ajuda als analistes en l'extracció de conclusions. Les millors agrupacions són seleccionades mitjançant l'aplicació d'índexs de validació. A continuació, el sistema genera explicacions sobre cada agrupació per donar una resposta més detallada als analistes de seguretat.La combinació de tècniques d'aprenentatge automàtic en el domini de la seguretat de xarxes proporciona beneficis i millores en la realització de tests de seguretat mitjançant la utilització del marc integrat Consensus i el seu sistema d'anàlisi de resultats Analia. / A medida que las redes pasan a ser un elemento integral de las corporaciones, las tecnologías de seguridad de red se desarrollan para proteger datos y preservar la privacidad. El test de seguridad en una red permite identificar vulnerabilidades y asegurar los requisitos de seguridad de cualquier empresa. El análisis de la seguridad permite reconocer información maliciosa, tráfico no autorizado, vulnerabilidades de dispositivos o de la red, patrones de intrusión, y extraer conclusiones de la información recopilada en el test. Entonces, ¿dónde está el problema? No existe un estándar de código abierto ni un marco integral que siga una metodología de código abierto para tests de seguridad, la información recopilada después de un test incluye muchos datos, no existe un patrón exacto y objetivo sobre el comportamiento de los dispositivos de red ni sobre las redes y, finalmente, el número de vulnerabilidades potenciales es muy extenso. El desafío de este dominio reside en tener un gran volumen de datos complejos, donde pueden aparecer diagnósticos inconsistentes. Además, es un dominio no supervisado donde no se han aplicado técnicas de aprendizaje automático anteriormente. Por ello es necesaria una completa caracterización del dominio.Consensus es la aportación principal de esta tesis: un marco integrado que incluye un sistema automatizado para mejorar la realización de tests en una red y el análisis de la información recogida. El sistema automatiza los mecanismos asociados a un test de seguridad y minimiza la duración de dicho test, siguiendo la metodología OSSTMM. Puede ser usado en redes cableadas e inalámbricas. La seguridad se puede evaluar desde una perspectiva interna, o bien externa a la propia red. Se recopilan datos de ordenadores, routers, firewalls y detectores de intrusiones. Consensus gestionará los datos a procesar por analistas de seguridad. Información general y específica sobre sus servicios, sistema operativo, la detección de vulnerabilidades, reglas de encaminamiento y de filtrado, la respuesta de los detectores de intrusiones, la debilidad de las contraseñas, y la respuesta a código malicioso o a ataques de denegación de servicio son un ejemplo de los datos a almacenar por cada dispositivo. Estos datos son recopilados por las herramientas de test incluidas en Consensus. La gran cantidad de datos por cada dispositivo y el diferente número y tipo de atributos que les caracterizan, complican la extracción manual de un patrón de comportamiento. Las herramientas de test automatizadas pueden obtener diferentes resultados sobre el mismo dispositivo y la información recopilada puede llegar a ser incompleta o inconsistente. En este entorno surge la segunda principal aportación de esta tesis: Analia, el módulo de análisis de Consensus. Mientras que Consensus se encarga de recopilar datos sobre la seguridad de los dispositivos, Analia incluye técnicas de Inteligencia Artificial para ayudar a los analistas después de un test de seguridad. Distintos métodos de aprendizaje no supervisado se han analizado para ser adaptados a este dominio. Analia encuentra semejanzas dentro de los dispositivos analizados y la agrupación de dichos dispositivos ayuda a los analistas en la extracción de conclusiones. Las mejores agrupaciones son seleccionadas mediante la aplicación de índices de validación. A continuación, el sistema genera explicaciones sobre cada agrupación para dar una respuesta más detallada a los analistas de seguridad.La combinación de técnicas de aprendizaje automático en el dominio de la seguridad de redes proporciona beneficios y mejoras en la realización de tests de seguridad mediante la utilización del marco integrado Consensus y su sistema de análisis de resultados Analia. / As networks become an integral part of corporations and everyone's lives, advanced network security technologies are being developed to protect data and preserve privacy. Network security testing is necessary to identify and report vulnerabilities, and also to assure enterprise security requirements. Security analysis is necessary to recognize malicious data, unauthorized traffic, detected vulnerabilities, intrusion data patterns, and also to extract conclusions from the information gathered in the security test. Then, where is the problem? There is no open-source standard for security testing, there is no integral framework that follows an open-source methodology for security testing, information gathered after a security test includes large data sets, there is not an exact and objective pattern of behavior among network devices or, furthermore, among data networks and, finally, there are too many potentially vulnerabilities. The challenge of this domain resides in having a great volume of data; data are complex and can appear inconsistent diagnostics. It is also an unsupervised domain where no machine learning techniques have been applied before. Thus a complete characterization of the domain is needed.Consensus is the main contribution of this thesis. Consensus is an integrated framework that includes a computer-aided system developed to help security experts during network testing and analysis. The system automates mechanisms related to a security assessment in order to minimize the time needed to perform an OSSTMM security test. This framework can be used in wired and wireless networks. Network security can be evaluated from inside or from outside the system. It gathers data of different network devices, not only computers but also routers, firewalls and Intrusion Detection Systems (IDS). Consensus manages many data to be processed by security analysts after an exhaustive test. General information, port scanning data, operating system fingerprinting, vulnerability scanning data, routing and filtering rules, IDS response, answer to malicious code, weak passwords reporting, and response to denial of service attacks can be stored for each tested device. This data is gathered by the automated testing tools that have been included in Consensus.The great amount of data for every device and the different number and type of attributes complicates a manually traffic pattern finding. The automated testing tools can obtain different results, incomplete or inconsistent information. Then data obtained from a security test can be uncertain, approximate, complex and partial true. In this environment arises the second main contribution of this thesis: Analia, the data analysis module of Consensus. Whereas Consensus gathers security data, Analia includes Artificial Intelligence to help analysts after a vulnerability assessment. Unsupervised learning has been analyzed to be adapted to this domain. Analia finds resemblances within tested devices and clustering aids analysts in the extraction of conclusions. Afterwards, the best results are selected by applying cluster validity indices. Then explanations of clustering results are included to give a more comprehensive response to security analysts.The combination of machine learning techniques in the network security domain provides benefits and improvements when performing security assessments with the Consensus framework and processing its results with Analia.

Vulnerability assessment

Clustering

Unsupervised Learning

Machine Learning

Network security

Clustering

Detección de vulnerabilidades

Aprendizaje no supervisado

Aprendizaje automático

Seguridad en redes de datos

Aprenentatge no supervisat

Clustering

Detecció de vulnerabilitats

Aprenentatge Artificial

Seguretat de xarxes de dades

Les TIC i la seva Gestió

004

62

621.3