Nataša Trkulja

Connected, Cooperative, and Autonomous Mobility (CCAM) will take intelligent transportation to a new level of complexity. CCAM systems can be thought of as complex Systems-of-Systems (SoSs). They pose new challenges to security as consequences of vulnerabilities or attacks become much harder to assess. In this paper, we propose the use of a specific type of a trust model, called subjective trust network, to model and assess trustworthiness of data and nodes in an automotive SoS. Given the complexity of the topic, we illustrate the application of subjective trust networks on a specific example, namely Cooperative Intersection Management (CIM). To this end, we introduce the CIM use-case and show how it can be modelled as a subjective trust network. We then analyze how such trust models can be useful both for design time and run-time analysis, and how they would allow us a more precise quantitative assessment of trust in automotive SoSs. Finally, we also discuss the open research problems and practical challenges that need to be addressed before such trust models can be applied in practice.

Smart traffic lights systems (STLSs) are a promising approach to improve traffic efficiency at intersections. They rely on the information sent by vehicles via C2X communication (like in cooperative awareness messages (CAMs)) at the managed intersection. While there exists a large body of work on privacy-enhancing technologies (PETs) for cooperative Intelligent Transport Systems (cITS) in general, such PETs like changing pseudonyms often impact the performance of cITS applications. This paper analyzes the extent to which different PETs affect the performance of two types of STLSs, a phase-based and a reservation-based STLS. These are implemented in SUMO and combined with four different PETs. Through extensive simulations we then investigate the impact of those PETs on STLS performance metrics like time loss, waiting time, fuel consumption, and average velocity. Our analysis shows that the impact of PETs on performance varies greatly depending on the type of STLS. Finally, we propose a hybrid STLS which is a combination of the two STLS types as a potential solution for limiting the negative impact of PETs on performance.

This report documents the program and the outcomes of Dagstuhl Seminar 22042 "Privacy Protection of Automated and Self-Driving Vehicles". The Seminar reviewed existing privacy-enhancing technologies, standards, tools, and frameworks for protecting personal information in the context of automated and self-driving vehicles (AVs). We specifically focused on where such existing techniques clash with requirements of an AV and its data processing and identified the major road blockers on the way to deployment of privacy protection in AVs from a legal, technical, business and ethical perspective. Therefore, the seminar took an interdisciplinary approach involving autonomous and connected driving, privacy protection, and legal data protection experts. This report summarizes the discussions and findings during the seminar, includes the abstracts of talks, and includes a report from the working groups.

Cellular Vehicle-to-Everything (C-V2X) has been adopted by the FCC as the technology standard for safety related transportation and vehicular communications in the US. C-V2X allows vehicles to self-manage the network in absence of a cellular base-station. Since C-V2X networks convey safety-critical messages, it is crucial to assess their security posture. This work contributes a novel set of Denial-of-Service (DoS) attacks on CV2X networks. The attacks are caused by adversarial resource block selection and vary in sophistication and efficiency. In particular, we consider “oblivious” adversaries that ignore recent transmission activity on resource blocks, “smart” adversaries that do monitor activity on each resource block, and “cooperative” adversaries that work together to ensure they attack different targets. We analyze and simulate these attacks to showcase their effectiveness. Assuming a fixed number of attackers, we show that at low vehicle density, smart and cooperative attacks can significantly impact network performance, while at high vehicle density, oblivious attacks are almost as effective as the more sophisticated attacks.

Cellular Vehicle-to-Everything (C-V2X) networks are increasingly adopted by automotive original equipment manufacturers (OEMs). C-V2X, as defined in 3GPP Release 14 Mode 4, allows vehicles to self-manage the network in absence of a cellular base-station. Since C-V2X networks convey safety-critical messages, it is crucial to assess their security posture. This work contributes a novel set of Denial-of-Service (DoS) attacks on C-V2X networks operating in Mode 4. The attacks are caused by adversarial resource block selection and vary in sophistication and efficiency. In particular, we consider "oblivious" adversaries that ignore recent transmission activity on resource blocks, "smart" adversaries that do monitor activity on each resource block, and "cooperative" adversaries that work together to ensure they attack different targets. We analyze and simulate these attacks to showcase their effectiveness. Assuming a fixed number of attackers, we show that at low vehicle density, smart and cooperative attacks can significantly impact network performance, while at high vehicle density, oblivious attacks are almost as effective as the more sophisticated attacks.