Summary: The upcoming smart transportation systems which consist of connected autonomous vehicles, are poised to transform our everyday life. The sustainability and growth of these systemsto their full potential will significantly depend on the robustness of these systems against securityand privacy threats. Unfortunately, the communication protocols employed in these systems lackmainstream network security capabilities due to energy constraints of the deployed platforms andbandwidth constraints of the communication medium. In this talk, I will present the results of myefforts in anatomizing the two vital communication protocols employed in the smart transportation:(1) vehicle-to-everything (V2X) communication protocol which is utilized to facilitate wirelesscommunication among connected vehicles, and (2) controller area network (CAN) protocol whichis utilized within an autonomous vehicle to enable real-time control of critical automotivecomponents including brakes. For each of these two protocols, I will first describe the inquisitiveapproach which led to the discovery of the new security vulnerabilities. Then, through theexperiments on real-world systems, I will demonstrate how these vulnerabilities can be exploitedto launch malicious attacks which evade the state-of-the-art defense mechanisms employed inthese systems. I will conclude the talk by discussing novel countermeasures which are requiredto mitigate these fundamental vulnerabilities and prevent their exploitation.
