jducoeur

Just came across an article on Ars Technica (yes, I'm behind): The intelligent intersection could banish traffic lights forever. It's neat stuff: basically, a researcher has designed a traffic-control system for autonomous vehicles, and demonstrated that by using such technology we could enormously reduce how often you have to stop at intersections -- not only speeding up travel times, but improving fuel efficiency quite a bit.

All of which is great, but my Security Architect senses are pinging here. This is postulating an external server that talks to the cars on the road and tells them what to do. That is absolutely terrifying if you understand the typical state of Internet-of-Things security.

But let's put a positive spin on this. This system is at least 1-2 decades from deployment as described (since it assumes only autonomous vehicles on the road). We might be able to head off disaster by figuring out the obvious hacks in advance, so they can be designed around.

So here's the challenge: name ways that a hacker could abuse this system, and/or ways to ameliorate those weaknesses.

I'll start with a few obvious ones:

Base story: I (the hacker) send out signals spoofing the controller for traffic intersection T, allowing me to cause nightmarish havoc. Possible solution: traffic controllers are listed in some well-known registry, signed with public keys, so that their signals can be authenticated to prevent spoofing.
Assuming the above hacking isn't prevented: I time the signals sent to the cars, telling them all to hit the intersection at the same moment. Crash! Solution: as a belt-and-suspenders thing, cars must not completely trust the signal controllers. Their autonomous checks have to override those signals, to prevent crashes.
Reverse of the previous: I send out signals telling all the cars, in all directions, that the intersection is currently blocked by opposing traffic. The entire city quickly devolves into gridlock. Solution: good question. I got nothing.

What else? I'm sure we can come up with more nightmarish scenarios, and possible solutions.

Yes, this may seem like overkill to think about now, but history says that, if you don't design the system around abuses, you will hurt forevermore. Security isn't something you add later: it should be baked into the designs from the get-go. (Which is why it accounts for a large fraction of Querki's architecture, despite the fact that we only have a couple hundred users yet...)

S	M	T	W	T	F	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

Most Popular Tags

adobemax - 14 uses
arisia - 38 uses
artofconv - 14 uses
business - 13 uses
cats - 50 uses
comics - 51 uses
commyou - 131 uses
covid-19 - 26 uses
dance - 12 uses
diary - 731 uses
ebooks - 14 uses
economics - 33 uses
economy - 28 uses
europe 2012 - 14 uses
exercise - 30 uses
games - 29 uses
geekery - 14 uses
girl genius - 28 uses
house - 37 uses
humor - 21 uses
jane - 108 uses
kickstarter - 13 uses
larp - 59 uses
law - 28 uses
links - 49 uses
lj - 28 uses
masonry - 17 uses
media - 28 uses
meme - 15 uses
memes - 29 uses
news - 17 uses
patents - 13 uses
pennsic - 36 uses
politics - 353 uses
programming - 476 uses
querki - 107 uses
recipes - 30 uses
reviews - 204 uses
sanibel 07 - 12 uses
sca - 326 uses
scala - 40 uses
science - 13 uses
spam - 21 uses
technology - 531 uses
troob - 27 uses
vacation - 54 uses
via ljapp - 13 uses
wartime thoughts - 34 uses
wave - 23 uses
work - 92 uses

Threaded | Flat

From:

laurion

A more likely solution involves the car-to-car (C2C or V2V [vehicle]) communication protocols currently in development. If those are refined enough it should be fairly straightforward to include the proximity and location of other vehicles into the existing autonomous framework and let the cars sort it out for themselves. Then you wouldn't need intersection controllers at all, or any lights, except for some simple systems for pedestrians and whatnot to signal that they desire to cross and need a break in traffic. Those systems could also send out data on the V2V system.

But of course, the security hackles should be raised in this scenario too. ;)

dsrtao

Every city and town does its own traffic engineering. A PKI to hierarchically delegate and validate all of those users? Bigger than anything else ever tried. Probably doomed to failure. Assuming that spoofing can be done...

Here's a fun thing not to try at home: a beacon on your own car that claims to be a portable traffic signal. "Lane closing; keep right."

"I'm a police car, let me pass."

Wayze likes to route vehicles through quiet neighborhoods as shortcuts. Drop a spoofer on the corner and the road is "closed" or "5 MPH" and stops being used as a shortcut.

"Invisible construction area, wait for [nonexistent] flagman."

metahacker

Today you can buy the device that switches lights for oncoming emergency vehicles; the downside is that it’s obvious when you use it illegally since the flashy lights go on on the traffic light stalk. Extrapolate to the future and it gets ugly...

ilaine

I'm betting nobody is taking the bicyclists into account here

drwex

You're missing the really interesting threats here in part because you're not looking at buggy or intentionally misbehaving systems, but let me tell you about some actual things that exist today. ETA: which is totally fine and I agree there are interesting challenges there but situations in which people are deliberately malicious scare me more..

Right now there has been a proof of concept of an algorithm to generate an overlay for an image that is invisible to the human eye but that prevents facial recognition systems from working. Now let's put that technology into the hands of someone malicious. Let's say I can put an overlay on your protest sign that you can't see with your human eyes but when you wave that sign the vision algorithm sees a child running into the street.

If you think that's impossible then imagine the following scenario: for every deep learning algorithm that gets rewarded for doing what you want, imagine creating an opposition algorithm that gets rewarded for generating situations or images or whatever that cause the first algorithm to mess up.

Edited Date: 2017-06-09 08:13 pm (UTC)

cellio

How can this be fully automated so long as we have pedestrians, bicyclists, kids/animals/stuff-falling-from-trucks, and sudden emergencies like tire blow-outs in play? The traffic signal would have to be as smart as one of the autonomous vehicles, which is rather more work than a mere controller.

More broadly: not every thing on the streets will be part of the IoT, but they're still actors and obstacles.

How many failure conditions can we come up with here?

(no subject)

(no subject)

Improved Throughput for whom?

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

(no subject)

Profile

July 2025

Most Popular Tags

Page Summary

Active Entries

Style Credit

Expand Cut Tags