Abstract
Connected vehicle (CV) technology is taking tremendous strides toward increased transportation mobility efficiency by connecting vehicles with transportation infrastructure via wireless communications. However, cybersecurity threats are rising in tandem with the increasing sophistication of CV technology. This study performs a security analysis of the U.S. Department of Transportation CV-based traffic control system. In particular, it analyzes the threat of traffic congestion resulting from CV data spoofing by an attack vehicle. The first step was to identify and evaluate possible data spoofing strategies and their effectiveness. Then the causes of the most effective strategies were investigated. The current signal control algorithm was found to be deeply vulnerable to data spoofing attacks, with traffic congestion increasing by 23.4% compared to traffic without CV-based signal control. Other attacks can cause jamming to such an extent that vehicles are required to take 7 minutes for a trip that should only take a half-minute, a fourteen-fold increase. In order to defend against these cybersecurity threats, three suggestions are given. First, more robust algorithms are needed during the transition period to 95% market penetration, which may take as long as thirty years. Second, performance enhancement in road-side units is needed in order to provide improved traffic control configurations. Third, upgraded data spoofing detection using infrastructure-controlled sensors is recommended.