Towards Protocol Security Testing of Transportation Control Systems in Real Networks

Abstract

Transportation control systems are emerging intelligent applications nowadays. There are many users, controllers, actors, and operators involved in the transportation control systems. Each of these entities directly or indirectly change the way commodity is flowing. Interaction and cooperation among controllers, actors, and operators in transportation systems are now enabled by means of Center to Field (C2F), Center to Center (C2C) and Vehicle to Vehicle (V2V) communication. To ensure the goals of safer and more efficient transportation systems, testing and evaluation are required before deployment of transportation control systems. This paper provides a security model of transportation control system which integrates the classic network security and transportation requirement, and the threat source of transportation control system is also analyzed. Based on security model and threat source, this paper presents a protocol testing method for securing transportation control system applications based on message customization in real networks. A typical protocol test case on ONVIF (Open Network Video Interface Forum) camera in transportation control systems is also presented for the testing framework and method as well as to elaborate on potential use cases of it. Experiment result from the test case shows the protocol testing method in this paper can check the security of transportation control systems and find out their vulnerability. Challenges from combining the different application protocol tests into one framework, and limitations are also reported and discussed. Finally, the paper concludes with future development directions and applications of the testing method in transportation control systems.