Research Projects

Principal Investigator(s): Trayce Hockstad (The University of Alabama Tuscaloosa)

Project Partners: Mizanur Rahman (The University of Alabama Tuscaloosa), Steven Jones (The University of Alabama Tuscaloosa), Latifur Khan (The University of Texas at Dallas), Bhavani Thuraisingham (The University of Texas at Dallas), Mashrur Ronnie Chowdhury (Clemson University), M. Sabbir Salek (Clemson University), Sagar Dasgupta (The University of Alabama Tuscaloosa).

Research Project Funding: Federal $83,821; Cost-share $231,223

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: The overarching goal of our continued work on this project is to put what we have learned in our first year of research with respect to the legislative schematic of the U.S. in context with the international scope of cybersecurity policy. Specifically, the objectives of this project are to evaluate United States cybersecurity transportation law and policy compared to existing international models to support continued domestic regulatory development and update our policy toolkit (including LLM and guidance report) with insights from an expanded legislative corpus, visualized data, extended industry feedback and training, to provide a comparative analysis model of transportation cybersecurity research (identifying how the U.S. can improve its policy based on industry and international input).

US DOT Priorities: This project will specifically target TraCR’s Research Thrust 3, “Society and Environment,” while also addressing key strategic goals of the U.S. Department of Transportation (USDOT). These goals include: enhancing safety in both urban and rural areas and ensuring the secure and efficient movement of people, which aligns with USDOT’s priorities of “Economic Strength and Global Competitiveness” and “Organizational Excellence.”

Outputs: In our first year of funding, our team was able to construct a domain-specific large language model (LLM) capable of analyzing cybersecurity legislation in the U.S. To train our LLM, “TraCR AI,” we constructed a database of currently enacted cybersecurity laws at the federal and state levels. Through a months-long process of question-and-answer verification, we brought TraCR AI to a point of competent research assistance that has enabled us to begin an in-depth analysis of American cybersecurity policy. Alongside the LLM, the results of two surveys distributed to industry stakeholders will contribute to a report and policy-development toolkit that will be shared with interested parties.

Outcomes/Impacts: The project attempts to compare what we have learned about domestic transportation policy and industry cybersecurity concerns with international models to assess our current status and identify paths forward. Specifically, this research attempts to answer 1) how international cybersecurity regulations compare to those in place in the U.S. with regard to scope and efficacy, and 2) how industry insight informs domestic transportation security policy development. Our work supports future efforts to develop cybersecurity legislation in the U.S. with advanced technology interfacing that simplifies legally strenuous processes. Our updated toolkit will be shared with as many interested individuals, departments, and agencies as possible so that it will be instrumental in developing guidance as the U.S. looks to expand and improve its transportation cybersecurity regulations. Not only will TraCR AI be made available for anyone to use, but so will the results we have compiled over the last several years of work that detail policy insights on state, federal, and global levels. Furthermore, we intend to make our work available by analyzing the results of surveys administered to transportation industry stakeholders and how those concerns compare and contrast with existing regulatory support.

Principal Investigator(s): Z. Berkay Celik (Purdue University)

Project Partners: Alvaro Cardenas (The University of California, Santa Cruz), Daniel Fremont (The University of California, Santa Cruz), Satish Ukkusuri (Purdue University), Leilani Gilpin (The University of California, Santa Cruz), Cihang Xie (The University of California, Santa Cruz).

Research Project Funding: Federal $140,417; Cost-share $140,493

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project aims to improve the resilience of autonomous vehicles (AVs) against physical attacks. The researchers propose developing a high-fidelity modeling environment and integrating it with a resilience analysis framework. This will allow for a deeper understanding of how robust AV systems are under various scenarios and environmental conditions and ultimately contribute to safer AV technology.

US DOT Priorities: This project aligns with the US DOT's strategic goal of safety, specifically aiming to reduce fatalities and serious injuries on the roads. By focusing on the resilience of AVs to physical attacks, the research addresses a critical safety concern. The project's approach to modeling and analyzing vulnerabilities in AV systems has the potential to transform how AV safety is evaluated and improved, contributing to a safer and more reliable transportation system.

Outputs: The project is expected to produce several key outputs. It will create a high-fidelity simulation environment capable of modeling real-world driving scenarios, sensor models, and AV decision-making processes. This environment will enable rigorous testing of AV vulnerabilities under various conditions. Additionally, the project will develop a resilience analysis framework with methods to systematically explore and quantify the robustness of AV systems against different attack vectors. To enhance the realism of existing simulators, the researchers are also developing advanced models that address limitations in their physics engines. Another important output will be the formalization of safety properties using Metric Temporal Logic (MTL), which will guide the analysis and testing process. Finally, the project will develop distance and neuron coverage metrics to efficiently identify potential vulnerabilities in the AV systems.

Outcomes/Impacts: The project's output is expected to have several positive impacts on the transportation system. By identifying and mitigating vulnerabilities to physical attacks, the research will contribute to improved AV safety, reducing the risk of accidents and fatalities. The high-fidelity simulation environment and resilience analysis framework will enable more robust and efficient testing and evaluation methods for AV safety. The researchers also plan to engage in industry collaboration, partnering with AV companies and automakers to share their findings and help develop more secure AV systems. Furthermore, the research could inform policy recommendations for new regulations and standards related to AV safety. The project will also contribute to workforce development by training individuals in securing AVs and will raise public awareness about the risks of physical attacks on these vehicles.

Principal Investigator(s): Yongkai Wu (Clemson University)

Project Partners: Feng Luo (Clemson University), Latifur Khan (The University of Texas at Dallas), Mashrur Ronnie Chowdhury (Clemson University), Bhavani Thuraisingham (The University of Texas at Dallas).

Research Project Funding: Federal $176,943; Cost-share $177,002

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: As autonomous driving systems (ADS) become increasingly prevalent in modern transportation, critical concerns have emerged regarding their security vulnerabilities and performance inconsistency, particularly in pedestrian detection and natural language processing components. Current machine learning technologies, while effective, can introduce variability where the model performance remains uniform across different scenarios and is susceptible to security attacks that may compromise both safety and robustness. This research aims to enhance the security and robustness of autonomous driving systems through a comprehensive investigation of vulnerabilities and the development of novel protective strategies. The project will focus on identifying and analyzing security and robustness vulnerabilities in ADS, developing novel strategies to promote robustness and enhance security in pedestrian detection systems, improving robustness in automotive large language models, and implementing prototype systems for real-world evaluation. The research methodology encompasses four integrated tasks. First, we will develop a novel consistency poisoning attack framework to assess system vulnerabilities. Second, we will analyze and mitigate consistency vulnerabilities in pedestrian detection systems through advanced machine-learning techniques. Third, we will enhance consistency in Large Language Models through innovative prompt engineering and model fine-tuning. Finally, we will implement prototype systems and conduct comprehensive evaluations using real-world datasets to validate our approaches.

US DOT Priorities: This project directly aligns with USDOT's key priorities. First, it supports the Safety strategic goal by developing robust defenses against security and consistency attacks in autonomous vehicles, particularly focusing on protecting vulnerable road users through enhanced pedestrian detection systems. Secondly, the research advances the Department's Cybersecurity priority by addressing AI vulnerability in autonomous systems that could impact various communities. The outcomes of robust and consistent machine learning directly support USDOT's commitment to promoting transportation safety and ensuring that emerging technologies benefit all Americans. In summary, the project's comprehensive approach to addressing both technical and societal challenges in autonomous driving systems demonstrates strong alignment with USDOT's vision for safe and sustainable transportation innovation.

Outputs: This project will deliver several significant outputs, including a universal consistency attack framework for testing autonomous driving systems (ADS) robustness and resilience, defensive strategies against consistency-targeted attacks, and a comprehensive framework for creating more consistent language models in automotive applications. The research will produce an open-source evaluation platform and tools, along with published research papers and technical documentation. These deliverables will directly contribute to improving transportation safety and sustainability by enhancing the security and consistency of autonomous driving systems and promoting wider societal acceptance of autonomous vehicle technology. Outcomes/Impacts: This research will deliver significant outputs that directly impact the transportation system across multiple dimensions. These outputs will drive significant changes in both technical implementation and policy frameworks. From a technical perspective, the consistency and security testing framework will establish new industry standards for evaluating autonomous vehicle systems, particularly in pedestrian detection and natural language processing tasks. This will enable manufacturers and developers to identify and mitigate potential variability before deployment, reducing the risk of harmful outcomes in real-world operations. The defensive strategies developed through this research will enhance the resilience of autonomous systems against emerging security and safety threats, particularly those targeting consistency aspects. From a regulatory and policy standpoint, this research will promote the development of new standards and guidelines for autonomous vehicle certification. The metrics and methodologies developed for assessing consistency and security will provide regulators with concrete tools and insights to evaluate compliance with consistency requirements.

Principal Investigator(s): Bing Li (Clemson University)

Project Partners: Mert Pesé (Clemson University), Balaji Iyangar (Benedict College).

Research Project Funding: Federal $123,427; Cost-share $152,887

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project, titled Resilient Autonomous Vehicle Perception under Adversarial Settings, addresses critical challenges in the safety and reliability of autonomous vehicles (AVs) operating in real-world environments. Modern AV systems depend heavily on deep learning-based perception modules for tasks such as object detection, automated lane centering, and traffic sign recognition. However, these systems remain vulnerable to adversarial attacks, such as environmental modifications designed to mislead AV sensors and compromise decision-making. This research aims to develop robust model-end defenses by employing adversarial training and integrating Vision-Language Models (VLMs), ensuring AV perception systems are resilient to both known (white-box) and unknown (black-box) adversarial scenarios. This transformative research aligns with the broader goal of ensuring safer and more secure transportation systems as AV adoption accelerates.

US DOT Priorities: This project directly supports the U.S. Department of Transportation’s (US DOT) priorities by advancing the safety, security, and reliability of the transportation system. It aligns with RD&T Strategic Plan goals, particularly in enhancing resilience and security for autonomous vehicle technologies. The research engages in breakthrough, transformative approaches, such as:

1. Developing advanced adversarial training techniques to strengthen deep learning models used in AV perception systems.
2. Incorporating Vision-Language Models to provide a multimodal, context-aware understanding of the AV environment.
3. Addressing safety-critical issues that improve public confidence and regulatory compliance, fostering the widespread adoption of AV technologies.
4. This project emphasizes innovative methodologies to mitigate adversarial threats, ensuring the long-term safety and sustainability of AV deployment.

Outputs: This research is expected to produce several significant outputs, including:

1. New Research and Technologies:

• Implementation of adversarial training methods to enhance model robustness against physical adversarial attacks.
• Integration of Vision-Language Models to detect contextually inconsistent or manipulated inputs.
• Comprehensive datasets of adversarial examples for evaluating AV perception systems.

2. Processes and Methods:

• Development of scalable model-end defense techniques for AV perception systems.
• Benchmarking tools and performance evaluations for industry-standard models under adversarial conditions.

3. Partnerships and Collaborations:

• Establishment of new interdisciplinary partnerships between Clemson University, Benedict College, and potential industry collaborators to advance AV security.
• Contributions to open-source repositories, fostering industry and academic advancements in AV security.

Outcomes/Impacts: The expected outcomes of this research include:

1. Application of Outputs:

• Adoption of enhanced perception models that resist adversarial attacks, ensuring safety in AV operations.
• Deployment of robust AV systems that meet industry standards and regulatory requirements.

2. Positive Impacts on the Transportation System:

• Improved safety and reliability of AV technologies, reducing the risk of accidents caused by adversarial manipulation.
• Increased public trust and accelerated adoption of AVs due to demonstrated resilience and reliability.
• Influence on regulatory and policy frameworks by providing evidence-based recommendations for integrating robust security measures in AV systems.

3. Economic and Social Benefits:

• Reduction in AV-related accidents and associated costs through advanced security measures.
• Advancement of the AV industry’s competitiveness by providing cutting-edge solutions to critical vulnerabilities.

Principal Investigator(s): Dave (Jing) Tian (Purdue University)

Project Partners: Dongyan Xu (Purdue University), Chung Hwan Kim (The University of Texas at Dallas), Latifur Khan (The University of Texas at Dallas).

Research Project Funding: Federal $77,897; Cost-share $109,428

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project aims to develop a framework to enhance the investigation of autonomous vehicle incidents and attacks. The research focuses on improving development infrastructure for offline incident investigation and minimizing manual effort in identifying root causes of autonomous vehicle failures. The project consists of three main components: a deterministic replay tool for autonomous driving systems, a whole-system provenance infrastructure, and a provenance-guided root cause investigation tool.

US DOT Priorities: This project supports US DOT priorities and RD&T strategic goals by:

• Enhancing transportation safety through improved investigation and resolution of autonomous vehicle incidents.
• Supporting innovation in transportation technology by developing advanced tools for autonomous vehicle debugging.
• Contributing to infrastructure resilience by helping identify and address vulnerabilities in autonomous systems.

The project engages in transformative research by:

• Developing novel approaches to autonomous vehicle incident investigation.
• Creating breakthrough capabilities in deterministic replay for complex autonomous systems.
• Advancing the state-of-the-art in provenance tracking and root cause analysis.

Outputs: Expected research outputs include:

• A specialized deterministic replay tool for ROS-based autonomous driving systems.
• A provenance infrastructure with hooks for comprehensive data collection.
• A root cause analysis tool for autonomous vehicle incidents.
• New datasets and documentation for incident investigation.
• Academic publications and technical documentation.
• Open-source software implementations of the developed tools.

New partnerships will be established between:

• Purdue University and UT Dallas research teams.
• Academic institutions and industry partners through technology transfer.
• Potential collaboration with companies like Lockheed Martin through existing connections.

Outcomes/Impacts: The project will impact transportation systems through:

• Reduced investigation time for autonomous vehicle incidents.
• Improved safety and security of autonomous vehicles through faster vulnerability detection and resolution.
• Enhanced public trust in autonomous vehicle technology.
• More efficient debugging and development processes for autonomous systems.
• Better understanding of autonomous vehicle failure modes and attack vectors.
• Support for the advancement toward fully autonomous (Level 5) driving systems.

The practical benefits include:

• Faster resolution of safety-critical issues in autonomous vehicles.
• Reduced costs associated with incident investigation.
• Improved reliability of autonomous driving systems.
• Enhanced capability to prevent future incidents through better root cause understanding.

Principal Investigator(s): Long Cheng (Clemson University)

Project Partners: Feng Luo (Clemson University), Balaji Iyangar (Benedict College).

Research Project Funding: Federal $95,562; Cost-share $113,950

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: Object detection stands as a cornerstone task in computer vision, serving as the foundation for autonomous vehicles. Although machine learning-based object detectors achieve remarkable accuracy and efficiency, they are vulnerable to adversarial attacks, which exploit the inherent weaknesses of machine learning models to mislead them into producing incorrect outputs. In particular, physical adversarial patch attacks (e.g., stickers to be placed on real-world objects) have attracted significant attention from the security community as their real-world implications are severe for the safety and functionality of object detection systems. In this research project, we aim to utilize the latest advancements in generative models, particularly diffusion models, to preprocess input images before feeding them into object detection systems. Our goal is to develop a defense mechanism that can address different physical adversarial patch attacks, regardless of their shape or format. Therefore, the proposed method is both patch-agnostic and attack-agnostic. Leveraging the generative power of diffusion models, the system will automatically detect and replace adversarial patches with contextually consistent content drawn from surrounding areas.

US DOT Priorities: This project will directly focus on the TraCR’s Research Thrust 1 “Thrust 1: Security and Resiliency.” USDOT released Ensuring American Leadership in Automated Vehicle Technologies: Automated Vehicles 4.0, to enhance mobility, accessibility and safety (including cybersecurity) to autonomous vehicles, thereby improving the quality of life for many Americans. This project aligns with the outlined goals of Automated Vehicles 4.0, aiming to enhance the security of perception modules of autonomous vehicles.

Outputs: The research outcome includes new defense algorithms and engineering guidelines to secure object detectors against adversarial attacks with diffusion models. The final deliverables include one or more research papers, datasets, and open-source tools. A project website and data repository will be maintained to describe project efforts and offer access to shared experimental data, talks, publications, seminar recordings, and source code. We will actively seek tech demo and workshop opportunities to present the proposed solutions within the US. We also plan to present research outcomes and conduct a demonstration at TraCR’s conferences and pursue future collaboration opportunities.

Outcomes/Impacts: Object detection serves as the autonomous vehicle’s “eyes,” making it fundamental to the safety, functionality, and reliability of autonomous driving systems. It enables the vehicle to make decisions that prevent accidents and navigate complex environments. Compromising object detection modules in autonomous vehicles can lead to catastrophic consequences, for the safety of vehicle occupants and the broader public on the road. The proposed solution in this project will significantly enhance the security of object detectors in autonomous vehicle systems.

Principal Investigator(s): Amjad Ali (Morgan State University)

Project Partners: Larry Liu (Morgan State University), Blessing Ojeme (Morgan State University), Satish Ukkusuri (Purdue University).

Research Project Funding: Federal $149,301; Cost-share $149,304

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: The aim of this research project is to address the shortage of cybersecurity talent in the transportation systems sector. Developing a qualified cybersecurity workforce is critical to creating a workforce capable of protecting our nation's transportation infrastructure. There is a critical need to identify challenges to developing a steady pipeline of qualified talent in the cybersecurity workforce and find innovative solutions to increase talent training in the rapidly growing field of cybersecurity. In response to this need, this proposed research will investigate, identify, and analyze barriers to developing a steady pipeline of cybersecurity talent and develop innovative solutions to train the cybersecurity workforce needed to protect our nation’s transportation system. To address the cybersecurity challenges of transportation systems in a holistic manner, we need an interdisciplinary cybersecurity workforce that is equipped with knowledge and skills specifically relevant to the security of transportation systems. Therefore, developing a cybersecurity workforce specialized in securing transportation systems requires separate study and investigation. In addition, it ensures the needs and cybersecurity awareness of the ridership are met.

US DOT Priorities: This research project aligns with the U.S. Department of Transportation (USDOT) priorities and Research, Development, and Technology (RD&T) strategic goals in several key ways:

1. Safety and Security of Transportation Systems:

• The research directly addresses cybersecurity, a critical aspect of transportation safety and national security. The project aims to strengthen the protection of transportation infrastructure against cyber threats.
• By ensuring a skilled cybersecurity workforce, the project seeks to foster better understanding and solutions tailored to the needs of transportation systems.

2. Workforce Development:

• The RD&T strategic goals emphasize developing a skilled and innovative workforce. This project contributes by creating pathways for individuals to enter and thrive in cybersecurity roles, ensuring the transportation sector has access to specialized perspectives and talents.
• The focus on education and training tailored to transportation cybersecurity advances the development of specialized knowledge essential for securing the sector.

3. Innovation and Technology Advancement:

• The use of advanced tools like web scraping and machine learning for data analysis aligns with USDOT’s goal of integrating cutting-edge technologies to solve transportation challenges.
• The project’s interdisciplinary approach ensures that the solutions are both innovative and applicable to the unique cybersecurity challenges of the transportation systems sector. Breakthrough, Advanced, and Transformative Research

1. Breakthrough Insights:

• The research generates new understanding and actionable insights into systemic issues and potential solutions within cybersecurity workforce development.
• It identifies gaps in existing workforce development strategies, creating targeted interventions that improve workforce capabilities.

2. Advanced Research Methodologies:

• The integration of interviews and surveys with advanced data techniques like web scraping and machine learning enhances the depth and precision of data analysis, while also including conventional survey and interview approaches.
• This approach ensures comprehensive data collection and robust analysis of barriers and opportunities in the cybersecurity workforce.

3. Transformative Impact:

• The project has the potential to transform the cybersecurity workforce by creating sustainable pipelines for future talent, which can be replicated in other sectors.
• Enhancing workforce capabilities contributes to problem-solving capabilities, making transportation systems more secure and resilient.

By addressing both workforce development and security in the transportation sector, this research exemplifies USDOT’s vision for a safer, more innovative transportation future. Its interdisciplinary approach and emphasis on advanced methods position it as a transformative initiative with a lasting impact on the cybersecurity workforce and national transportation security.

Outputs: The results and recommendations from the research project will be published as a conference paper, journal article, and workshop presentations. To further strengthen the engagement of policymakers, industry leaders, and academics, we will do the following:

• Share the overall study findings and recommendations with the study participants, which will include policymakers, industry leaders, and academics.
• Distribute the study results and recommendations to the policymakers in the Maryland Department of Transportation and state legislators.
• Share the research findings and recommendations with the researchers and USDOT policymakers associated with the National Center for Transportation Cybersecurity and Resiliency (TraCR).

Outcomes/Impacts: The output of this research project, including interviews, surveys, and data obtained through web scraping, will generate actionable insights that address gaps and barriers in developing a skilled cybersecurity workforce for the transportation sector. These outputs are expected to influence transportation systems and regulatory and policy frameworks as follows:

Application of Research Output

1. Policy and Workforce Development Recommendations:

• Insights from interviews with cybersecurity experts, leaders, and policymakers will inform new regulations and policy frameworks aimed at creating effective pathways into cybersecurity roles.
• Surveys will highlight specific needs for skill development and training, enabling the creation of targeted programs in universities and industries to enhance workforce readiness.

2. Changes in Practice:

• Ideas on interdisciplinary training programs and mentorship initiatives will provide a roadmap to establish a sustainable talent pipeline. These practices will address workforce shortages while fostering a robust cybersecurity workforce.

3. Influence on Policy Decisions:

• The research findings published in the report and research article, and disseminated in the conference will serve as a basis for government grants and funding allocations to support cybersecurity education and workforce development initiatives.

1. Safety: A more skilled cybersecurity workforce will reduce vulnerabilities in transportation systems, mitigating the risks of cyberattacks that can disrupt operations or compromise public safety.

2. Reliability: Enhanced cybersecurity practices developed within a well-trained workforce will ensure the uninterrupted functioning of transportation infrastructure, fostering greater trust among users and stakeholders.

3. Cost Efficiency: Formulating proposals to increase investments in workforce development will yield long-term cost benefits by creating a pipeline of trained professionals.

Overall, the project’s outputs will not only improve the cybersecurity posture of the transportation sector but also set a precedent for integrating innovation in workforce development strategies across industries.

Principal Investigator(s): Pierluigi Pisu (Clemson University)

Project Partners: Balaji Iyangar (Benedict College), Gurcan Comert (Benedict College).

Research Project Funding: Federal $157,988; Cost-share $189,694

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project conducts a comprehensive vulnerability assessment of transformer-based end-to-end autonomous driving models that use sensor fusion, specifically TransFuser and InterFuser architectures. The research focuses on evaluating robustness against evasion attacks that target misclassifications and incorrect trajectory generation, as well as analyzing natural corruptions like adverse weather conditions. The project will develop an evaluation framework, implement attack strategies, and validate findings using both simulation and real-world testbeds.

US DOT Priorities: This project directly aligns with TraCR's core mission and Thrust 1 on "Security and Resiliency" by pioneering novel approaches to evaluate and enhance the robustness of autonomous driving systems against emerging cybersecurity threats. Through the collaboration between Clemson University, Benedict College, and North Carolina A&T State University, the project leverages complementary expertise and facilities to conduct comprehensive vulnerability assessments of transformer-based autonomous driving models. The project engages in breakthrough research by developing novel attack strategies specifically targeting the complex sensor fusion mechanisms in transformer-based autonomous driving models - an area that remains largely unexplored. The proposed research aims to develop an advanced approach to understanding vulnerabilities in the interactions between different components of end-to-end driving systems. The research is transformative in its comprehensive evaluation of both white-box adversarial attacks and black-box natural corruptions, providing crucial insights for developing more secure autonomous driving systems. The real-world validation ensures the practical applicability of the research findings, while the proposed open-source release of implementation code and evaluation framework will accelerate progress in autonomous driving security research across the transportation community.

Outputs: The project will deliver several key outputs, including implementation code for the TransFuser and InterFuser models, a comprehensive robustness evaluation framework, detailed vulnerability analysis reports, an open-source release of models and evaluation tools, new research partnerships outside UTC consortium with North Carolina A&T State University, real-world validation using F1/10 RC Car and AVL DrivingCube testbeds, and technical publications and presentations at major conferences.

Outcomes/Impacts: This research will directly impact transportation safety and security through several key outcomes. The vulnerability assessment framework will enable autonomous vehicle manufacturers to systematically evaluate and improve their systems' robustness before deployment, reducing potential safety risks. The identified attack vectors and defense strategies will inform industry security standards and best practices for autonomous vehicle development, leading to more resilient systems. The project's findings will provide critical input for policymakers and regulatory bodies like NHTSA and US DOT in developing safety standards and certification requirements for autonomous vehicles. The evaluation methodologies can be incorporated into compliance testing procedures, ensuring autonomous systems meet minimum security requirements before road deployment. This will help establish clear regulatory frameworks that balance innovation with public safety.

The research will drive improvements in autonomous vehicle technology through validated security assessment tools and metrics. Automotive companies can apply these tools during development to identify and address vulnerabilities early, reducing costs compared to post-deployment fixes. The open-source framework will accelerate industry adoption of robust security practices and enable continuous evaluation as autonomous technology evolves.

Real-world validation using test vehicles will demonstrate practical applications and limitations of the security assessment approach. This will help bridge the gap between theoretical security analysis and operational deployment considerations. The results will guide manufacturers in implementing appropriate security measures and help insurers better assess autonomous vehicle risks.

The project will also advance the state-of-the-art in transportation cybersecurity through new evaluation methodologies and defense strategies. The research findings will be disseminated through peer-reviewed publications and presentations, contributing to the scientific knowledge base. This will enable further research and development of increasingly robust autonomous systems that can be safely deployed at scale.

The economic impact includes reduced costs for autonomous vehicle development and testing through systematic security evaluation early in the design process. Additionally, the research will help prevent potential losses from security incidents by identifying and addressing vulnerabilities proactively. The framework will also support more efficient certification processes by providing standardized evaluation methods.

Principal Investigator(s): Zulqarnain Khattak (Morgan State University)

Project Partners: Alvaro Cardenas (The University of California, Santa Cruz).

Research Project Funding: Federal $101,700; Cost-share $106,200

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: Cooperative Driving Automation (CDA) or vehicles that are connected and automated can potentially transform the transportation system. CDA continuously communicates with their surrounding vehicles (V2V). These technologies can potentially help relieve congestion and improve roadway efficiency and safety in the near future. However, the wider use of communications and wireless networks in CDA and transportation operations and management systems has made these systems vulnerable to the risk of cyberattacks. These systems rely on the Internet of Things (IoT), and connectivity and provide wider accessibility. The XML messages used by the National Transportation Communication for Intelligent Transportation Systems (ITS) Protocol (NTCIP) are considered to have relatively small intrusions that are initiated by hackers and, thus, have no built-in security. The USDOT has also initiated a credential management system for security (SCMS) of vehicle and infrastructure-based communication. However, the increased dependency on communication provides hackers with multiple access points, making them vulnerable to cyberattacks and are the least understood in terms of cybersecurity.

Thus, it is imperative to assess the cyber risks of these systems and design efficient and effective anomaly detection methods so that anomalous behavior in CDA can be detected in real-time and these systems can perform resiliently under cyberattacks. Past research has used CAN bus data from normal human-driven vehicles to develop anomaly detection algorithms using machine learning without accounting for the temporal dependencies between anomalous trajectories, and the influence of compromise on leaders or followers within a platoon has also not been considered.

US DOT Priorities: The project fits under the USDOT theme of cybersecurity to promote resilient transportation networks and also aligns with the TraCR vision of promoting secure systems and falls under the Thrust 1 Security and Resilience since the project will analyze the cybersecurity risks and their impact on cooperative driving using real-world experimental data and develop an anomaly detection models for secure operation of these systems.

Outputs: The major output of this project includes:

• Creation of a data library for cyberattacks using real-world experiments of cooperative driving.
• Assessment of the impacts of cyberattacks and sensor anomalies on safety, stability and efficiency.
• Development of anomalous behavior detection algorithms to detect cyberattacks in lead and following vehicles for the resilient operation of cooperative driving.
• The project would foster a relationship with the Virginia Department of Transportation, who serve as a project partner and major stakeholder.

Outcomes/Impacts: The state agencies and sensing companies would benefit from the innovation and would be the major adopters. Since transportation systems are becoming increasingly connected, the risk of being compromised by cyberattacks is also increasing. It is essential for state agencies to find innovative approaches for the detection of anomalous behavior so that transportation systems can perform resiliently in the face of cyberattacks. The study findings will help guide understanding of the safety impacts of cyberattacks and protect critical infrastructure. The research team will work closely with the project partner, VDOT, to assist with the implementation of findings from this research in their traffic operations and management program. The team plans to encourage the engagement of different technology partners through regular meetings to gauge their interest, receive feedback, and allow for the deployment of study findings through their day-to-day policies. The PIs also plan to work on technology transfer by disseminating the findings of this research through journal publications and presentations in multiple forums, including the Transportation Research Board Annual Meeting, Automated Road Transportation Symposium and Intelligent Vehicles Symposium.

Principal Investigator(s): Yunyi Jia (Clemson University)

Project Partners: Ardalan Vahidi (Clemson University), Judith Mwakalonge (South Carolina State University), Jagruti Sahoo (South Carolina State University), Nikunja Swain (South Carolina State University), Biswajit Biswal (South Carolina State University).

Research Project Funding: Federal $107,413; Cost-share $109,965

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: The project will conduct experimental studies to evaluate and analyze the impacts of Denial-of-Service (DoS) cyber attacks on the performance of Connected and Automated Vehicles (CAVs) for a deeper understanding of cyber security of CAVs to safeguard future intelligent transportation systems.

US DOT Priorities: This project aligns closely with the vision of TraCR by advancing secure and resilient transportation systems that protect users, data, and the environment, as described below.

• Security and Resiliency: The core of this research addresses the need for stronger security in CAV systems, focusing on detecting, testing, and mitigating DoS attacks that can compromise the safety and efficiency of CAV operations.
• User Data Protection: By securing vehicle communication networks, the project indirectly safeguards user data transmitted through C-V2X channels, ensuring the protection of sensitive information from potential breaches during cyber-attacks.
• Society and Environment: The research promotes safer, more reliable CAV technology, which can lead to improved traffic flow, reduced accidents, and decreased environmental impacts through more efficient transportation systems.

Outputs: The research will develop a robust cybersecurity-enabled platform, Cyber-CAV, to test, analyze, and mitigate Denial-of-Service (DoS) attacks on CAVs. The major outputs include a) Designing and implementing DoS attack models targeting C-V2X communication in CAVs; b)Evaluate the impacts of these attacks on CAVs to assess network degradation, vehicle safety, and traffic flow disruptions; and c) Analyzing impacts and discussing mitigation strategies to minimize the effects of DoS attacks and enhance the security and resiliency of CAV networks.

Outcomes/Impacts: The research outcomes have the potential to be implemented in CAV systems, improving real-world vehicle communication security and contributing to regulatory frameworks for C-V2X. The expected impacts and benefits include but are not limited to a) Reducing cyber-attack risks, improving vehicle safety and communication reliability; b) Preventing network disruptions, ensuring smoother traffic flow and reliable vehicle operations; and c) Avoiding costly system failures and recalls, providing long-term financial benefits to stakeholders.

Principal Investigator(s): Lan Emily Zhang (Clemson University)

Project Partners: Chao Fan (Clemson University), Lingxi Li (Purdue University), Satish Ukkusuri (Purdue University).

Research Project Funding: Federal $172,522; Cost-share $172,569

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project focuses on enhancing the cybersecurity and resilience of vehicle-to-everything (V2X) networks in connected and autonomous vehicle (CAV) ecosystems. By developing a resilience-enhanced intrusion monitoring framework, the research aims to detect, mitigate, and adapt to emerging and uncertain threats in dynamic, heterogeneous transportation environments. The framework includes the development of novel resilience metrics, a resilience-based intrusion detection system (IDS) leveraging advanced AI techniques, and adaptive intrusion mitigation protocols to maintain network performance and security.

US DOT Priorities: This project directly supports the US DOT’s strategic goals of enhancing transportation safety, security, and resilience. By addressing the growing threat of cyberattacks in V2X networks, it aligns with the Research, Development, and Technology (RD&T) priorities of improving critical infrastructure protection and ensuring safe and efficient transportation systems. The proposed framework engages in breakthrough research by integrating resilience metrics with advanced AI models, such as large language models (LLMs), to identify and mitigate emerging and undefined cyber threats. The transformative nature of this research lies in its shift from rigid behavioral baselines to system-wide resilience, enabling dynamic adaptation and robust security for autonomous and connected transportation technologies.

Outputs: The project is expected to produce several significant outputs, including:

• Novel Processes and Methods: Development of system-level resilience metrics and resilience-based IDS algorithms.
• Technologies and Tools: A fully integrated intrusion detection and mitigation system for V2X networks.
• Data and Models: Creation of datasets and AI models for intrusion detection, shared under appropriate licenses.
• Partnerships: Strengthened collaborations with Purdue and industry stakeholders for real-world testing and deployment.
• Intellectual Property: Potential invention disclosures, patent filings, and publications detailing innovative techniques and frameworks for V2X security.

Outcomes/Impacts: The outputs of this research will positively impact transportation systems by enhancing the safety, security, and reliability of V2X networks. The resilience-enhanced framework will mitigate cyber threats, reduce the risk of disruptions, and ensure the continuous, safe operation of transportation ecosystems. Specific outcomes are detailed below.

• Improved Safety: Detection and mitigation of emerging threats will reduce accidents caused by compromised V2X nodes.
• Enhanced Reliability: Dynamic adaptation to intrusions ensures uninterrupted communication and operational stability.
• Reduced Costs: Proactive intrusion management minimizes economic losses from cyberattacks and system downtime.
• Policy and Practice: The research may inform updates to cybersecurity standards and best practices for intelligent transportation systems, influencing regulatory and legislative frameworks.
• Long-Term Impact: The project supports the secure deployment of autonomous transportation technologies, fostering public trust and accelerating the adoption of intelligent transportation solutions.

By addressing cybersecurity challenges, this research will significantly contribute to the advancement of a resilient, efficient, and safe transportation infrastructure.

Principal Investigator(s): Mizanur Rahman (The University of Alabama Tuscaloosa)

Project Partners: Ahmad Alsharif (The University of Alabama Tuscaloosa), Sagar Dasgupta (The University of Alabama Tuscaloosa), Shuhong Gao (Clemson University), Mashrur Ronnie Chowdhury (Clemson University), M. Sabbir Salek (Clemson University), Ryann Cartor (Clemson University), Mohammadhadi Amini (Florida International University), Kemal Akkaya (Florida International University).

Research Project Funding: Federal $245,425; Cost-share $253,499

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: Today’s vehicle-to-everything (V2X) communication relies on the IEEE 1609.2 standard, which defines secure message formats and processing for V2X communications in intelligent transportation systems. V2X communication relies heavily on cryptographic security to protect and safeguard sensitive information transmitted between vehicles, transportation infrastructure, and other entities. However, the rise of quantum computers poses significant cyber threats because they can break the security provided by current cryptographic algorithms, such as Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC). In addition, directly integrating the National Institute of Standards and Technology (NIST)-approved Post-Quantum Cryptography (PQC) schemes presents challenges due to larger key sizes, higher computational demands, and stringent latency requirements. These limitations result in increased transmission delays, channel congestion, and the risk of packet loss, jeopardizing real-time communication and system efficiency. While hybrid PQC solutions have been explored, they primarily focus on outdated Dedicated Short-Range Communication (DSRC) frameworks and create gaps in adapting these solutions for Cellular V2X (C-V2X), which is the emerging standard for vehicular communication. Moreover, current PQC schemes require innovative adaptations to fit within the strict packet size constraints imposed by IEEE 1609.2 without compromising system performance. Addressing these challenges, the overarching goal of this project is to enhance the security and quantum resilience of V2X communication systems through three key objectives: (1) develop efficient algorithms for solving the hard problems that form the security foundation of PQC schemes and assess the trade-offs between key sizes and security levels; (2) design and implement a certificate segmentation algorithm for integrating PQC into the IEEE 1609.2 security standard to enable reliable, low-latency, and quantum-resilient C-V2X communication; and (3) evaluate the performance of PQC schemes utilizing federated learning (FL)-based C-V2X applications in connected transportation systems. This project will directly contribute towards a deployment-ready PQC-enabled V2X communication for a secure and reliable connected transportation system.

US DOT Priorities: This project will directly focus on the TraCR’s Research Thrust 4 “Thrust 4: Evolving Quantum Computing Threats and Opportunities.” In addition, this project will address USDOT’s strategic goals related to securing transportation cyber-physical social systems as well as help make the USDOT the worldwide leader in TCPSS cybersecurity, help ensure that American firms stay at the forefront of the global economy, and help keep inflation low by fostering the safe, efficient, and bottleneck-free movement of goods and workers (“Economic Strength and Global Competitiveness,” “Organizational Excellence”).

Outputs: This project will have the following outputs:

• A lattice reduction algorithm using the Singular Value Decomposition (SVD) approach, tailored to address security implications for q-ary lattices in PQC schemes,
• Fault-tolerant certificate segmentation algorithms designed for integrating PQC into the IEEE 1609.2 standard enabling reliable, low latency, quantum resilient C-V2X communication., and
• Evaluation of PQC scheme performance utilizing federated learning-based applications in connected transportation systems.

Outcomes/Impacts: According to the National Institute of Standards and Technology's (NIST) framework, a deployable PQC solution for V2X communication could ensure security against cyber-attacks, which are implemented in a quantum computer. This research will directly contribute to this direction. Thus, the outcome of this project will ensure safe, efficient, and reliable connected transportation systems in a post-quantum era.

Principal Investigator(s): Satish Ukkusuri (Purdue University)

Project Partners: Mashrur Ronnie Chowdhury (Clemson University), Amjad Ali (Morgan State University)

Research Project Funding: Federal $119,857 Cost-share $119,949

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: COMET Phase II develops a physical testbed for Connected and Autonomous Vehicles (CAVs) to test cyber threats and countermeasures beyond simulation. By integrating real-world sensors, V2X infrastructure, and miniature autonomous vehicles, the project bridges simulation and reality by building an integrated testbed to enhance CAV cybersecurity and resilience.

US DOT Priorities: COMET Phase II aligns with the U.S. DOT’s priorities by enhancing transportation safety, cybersecurity, and resiliency in CAVs. The project supports the RD&T strategic goals of safety, economic growth, and innovation by developing an integrated testbed to test and assess cyber threats affecting CAV fleets and intelligent transportation systems. This testbed will serve as the platform for cybersecurity vulnerabilities study in sensor fusion, V2X communication, and network-wide traffic disruptions, ensuring the secure and reliable operation of future autonomous transportation networks. By bridging simulation (Phase I) and real-world testing, COMET Phase II engages in further research that advances cybersecurity test methodologies with the simulation tool developed in Phase I. The project’s sim-to-real approach enables the testing of cyberattacks in both realistic and simulated conditions, fostering next-generation cybersecurity strategies and industry practices to safeguard the nation’s intelligent transportation infrastructure.

Outputs: COMET Phase II will produce the sim-to-real-world cybersecurity testbed for CAVs, enabling testing of advanced cyber threat analysis and mitigation strategies. Key outputs include: 1. A physical testbed with miniature autonomous vehicles, multi-modal sensors (cameras, IMUs, ToF sensors), and V2X-enabled infrastructure to validate cyberattack scenarios; 2. New framework for testing cyber threats, such as sensor manipulation, and V2X communication attacks; 3. Software and data contributions, including sim-to-real transfer frameworks, enabling realistic cybersecurity testing beyond simulation; 4. Technical reports, research publications, and open-source tools to advance cybersecurity standards for autonomous transportation.

Outcomes/Impacts: COMET Phase II will provide the sim-to-real-world cybersecurity testbed for CAVs, enabling the validation of cyber threats and defense mechanisms beyond simulation. The project's findings will inform transportation cybersecurity policies, regulatory frameworks, and industry best practices, enhancing safety, reliability, and resilience in intelligent transportation systems. By modeling and mitigating sensor and V2X communication vulnerabilities, the research will help reduce the risk of cyber-induced traffic disruptions, improving traffic flow efficiency and network stability. The developed testbed and methodologies could also contribute to future standards and certifications for secure CAV deployment, fostering cost-effective and scalable cybersecurity solutions for autonomous vehicle fleets.

Principal Investigator(s): Mizanur Rahman (The University of Alabama Tuscaloosa)

Project Partners: Sagar Dasgupta (The University of Alabama Tuscaloosa), Long Cheng (Clemson University), Mashrur Ronnie Chowdhury (Clemson University).

Research Project Funding: Federal $156,773; Cost-share $161,414

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: The reliable operation of Autonomous Vehicles (AVs) hinges on robust and reliable Positioning, Navigation, and Timing (PNT) services, predominantly provided by Global Navigation Satellite Systems (GNSS). The U.S.-owned Global Positioning System (GPS) consists of Ground Control Stations (GCS), Space Vehicles (SV), and user segment receivers, all of which could be susceptible to natural interferences and cyber threats. GCS, vulnerable to physical and cyberattacks, can transmit compromised correction data to satellites, posing significant risks to navigation integrity. GNSS signals are inherently weak and susceptible to unintentional interference, such as signal blocking, urban canyon multipath, and atmospheric effects, as well as deliberate threats like jamming and spoofing, which significantly amplify uncertainties in PNT services. Although alternative PNT solutions, including Low Earth Orbit (LEO) satellites, Wi-Fi, and cellular-based technologies, show promise, they remain limited in coverage, underdeveloped, and/or vulnerable to intentional interference. High-definition (HD) map-based navigation systems are also at risk of exploitation by hackers. Multi-sensor fusion systems, integrating GNSS with inertial measurement units (IMU) and perception sensors (PS), such as cameras, LiDAR, and RADAR, offer potential solutions by complementing individual sensor outputs in contested environments. However, IMUs suffer from error accumulation, and PS performance is compromised by limited line-of-sight or adverse weather conditions (e.g., snow and heavy rain), which degrade positioning accuracy. To overcome these challenges, the overarching goal of this project is to enhance the security of GNSS-based navigation systems through four key objectives: (1) identifying and analyzing vulnerabilities in GNSS ground control and user segments to develop intelligent cyber-attack models, (2) designing and implementing sensor fusion algorithms that leverage loosely coupled GNSS, IMU, and perception sensor data for the detection of GNSS cyber-attacks, (3) developing advanced mitigation strategies to counter spoofing attacks and restore authentic GNSS signal lock, and (4) deploying these detection and mitigation algorithms in secured execution environments (TEEs) to safeguard operational integrity against software-based threats. By addressing GNSS vulnerabilities, the research will significantly enhance the safety and reliability of GNSS-based navigation for autonomous vehicles, foster public and industry reliability in these technologies, and support broader advancements in transportation cybersecurity.

US DOT Priorities: This project is dedicated to the statutory research priority of "Reducing Transportation Cybersecurity Risks." It aligns with USDOT's strategic objectives by focusing on developing cyber-resilient navigation solutions for future transportation systems. Our goals include creating job opportunities, positioning USDOT as a global leader in the cybersecurity of transportation cyber-physical social systems, ensuring American firms lead in the global economy, and contributing to low inflation through fostering the safe, efficient, and bottleneck-free movement of goods and workers (“Economic Strength and Global Competitiveness,” “Organizational Excellence”). This project will also directly focus on the TraCR’s Research Thrust 1 “Thrust 1: Security and Resiliency.”

Outputs: This project aims to deliver the following outputs:

• A comprehensive vulnerability analysis of GPS infrastructure encompassing GCS, SV, and user segments,
• GNSS cyber-attack detection algorithms leveraging GNSS signal data and multimodal sensors in simulation and controlled real-world environments,
• An authentic GNSS signal recovery algorithm in simulation and controlled real-world environments, and
• A reliable monitoring module for secure and resilient navigation utilizing secured execution environments.

Outcomes/Impacts: Successful mission execution of autonomous ground vehicles relies on reliable localization and navigation. This research will lay the groundwork for transforming cyber-vulnerable GNSS-based navigation systems using built-in in-vehicle sensors and applying advanced deep sensor fusion techniques. Following the National Institute of Standards and Technology (NIST) cybersecurity framework, this project will be the stepping stone to develop a robust, efficient, flexible, and reliable cyber-resilient navigation platform for autonomous ground vehicles. Note that autonomous ground vehicles promise to prevent more than 9 million accidents and 2 million injuries annually, conserve 7 billion liters of fuel and save more than 36,000 lives while reducing healthcare costs associated with accidents by $190 billion in the U.S. Thus, this project directly contributes to successful mission execution of autonomous ground vehicles and those impacts.

Principal Investigator(s): Mansoureh Jeihani (Morgan State University)

Project Partners: Mansha Swami (Morgan State University), Ehsan Mehryaar (Morgan State University), Shubham Agrawal (Clemson University), Dustin Souders (Clemson University)

Research Project Funding: Federal $124,998; Cost-share $125,564

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: The proposed research focuses on investigating driver behavior under cyber-attacks in connected vehicle (CV) environments. Using a controlled testbed with driving simulators at Morgan State University and Clemson University, this project will simulate cyber-attacks such as falsified vehicle-to-everything (V2X) information and evaluate drivers' behavioral and psychological responses. The findings aim to bridge the gap in understanding human factors in cybersecurity for CV systems, with implications for enhancing road safety and advancing resilient vehicle technologies.

US DOT Priorities: This project directly aligns with the US DOT’s priorities of improving road safety and addressing cybersecurity risks in transportation, as outlined in the FY 2022-2026 RD&T Strategic Plan. By integrating human factors research with advanced driving simulator experiments, it supports breakthrough research in understanding the psychological and behavioral impacts of cyber-attacks on drivers. The project’s innovative approach—comparing urban and suburban settings—provides transformative insights that can influence federal policies, improve cybersecurity measures, and enhance training programs for safer deployment of connected and automated vehicles.

Outputs: The research is expected to produce significant advancements, including:

1. A comprehensive dataset on driver behavior under simulated cyber-attacks.
2. Detailed insights into the impact of psychological and dispositional factors on driving performance during cybersecurity incidents.
3. Robust comparative data on urban versus suburban driving behavior.
4. Recommendations for cybersecurity enhancements in CV systems, including policy guidelines and training materials. These outputs will also establish new partnerships with industry stakeholders, fostering collaboration for real-world implementation and validation of the research findings.

Outcomes/Impacts: The application of this research will enhance the safety, reliability, and resilience of connected vehicle systems by addressing vulnerabilities from both technological and human perspectives. Expected outcomes include the development of driver training programs to improve responses to cyber-attacks and informed policy recommendations for transportation safety regulations. Long-term impacts encompass reduced accident risks, better traffic flow stability, and stronger public confidence in connected vehicle technologies, ultimately contributing to safer and more secure transportation systems.

Principal Investigator(s): Ahmad Alsharif (The University of Alabama Tuscaloosa)

Project Partners: Mizanur Rahman (The University of Alabama Tuscaloosa), Bharat Balasubramanian (The University of Alabama Tuscaloosa), Sagar Dasgupta (The University of Alabama Tuscaloosa), Mashrur Ronnie Chowdhury (Clemson University), M. Sabbir Salek (Clemson University).

Research Project Funding: Federal $81,929; Cost-share $81,961

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: This project addresses cybersecurity vulnerabilities in electric vehicle (EV) charging infrastructure, specifically focusing on the Power Line Communication (PLC) system used between EVs and charging stations (EVSE). The research aims to develop protective measures against both passive eavesdropping and active interference attacks that can disrupt charging services.

US DOT Priorities: The project aligns with the DOT's strategic goals for (1) Safety with a focus on Transportation Cyber-Physical Social Systems (TCPSS) cybersecurity and (2) economic strength. It supports these priorities by:

• Advancing TCPSS security through innovative defense protocols.
• Ensuring reliable movement of goods and workers through secure charging infrastructure.
• Supporting economic competitiveness by protecting critical transportation infrastructure.

Outputs: The project is expected to have the following deliverables:

• New proactive defense protocol against PLC side-channel eavesdropping
• Real-time monitoring software for detecting active cyber attacks
• Alternative communication system for EV-EVSE backup connectivity
• Validation methodology and testing protocols

The project may establish a partnership with DOE for cybersecurity R&D efforts

Outcomes/Impacts: This research will improve transportation system security and reliability through:

• Enhanced protection of EV charging infrastructure against cyber-attacks
• Reduced vulnerability to charging service disruptions
• Support for safe expansion of EV adoption
• Contribution to cybersecurity standards and best practices for EV charging infrastructure
• Enhanced public confidence in EV charging infrastructure security

The impacts directly support the growing EV ecosystem while addressing critical infrastructure protection needs.

Principal Investigator(s): Jagruti Sahoo (South Carolina State University)

Project Partners: Judith Mwakalonge (South Carolina State University), Nikunja Swain (South Carolina State University), Biswajit Biswal (South Carolina State University), Balaji Iyangar (Benedict College).

Research Project Funding: Federal $70,663; Cost-share $88,391

Project Start and End Date: January 1, 2025, to December 31, 2025

Project Status: Report in Progress

Project Description: Automotive software is a critical component of a connected and autonomous vehicle (CAV) and is responsible for the safe operation of the vehicle. It interacts with various sensors, including lidar, radar, cameras, and Global Positioning System (GPS), and executes complex algorithms to generate commands for the actuators such as steering wheel, brake, and gas pedals. The complexity of automotive software has grown over the last few years and is expected to grow exponentially in the next few years. The accelerated growth is fueled by factors including the integration of advanced driver assistance features, autonomous driving, and, most importantly, the increased demand for electric vehicles. While improving driving comfort, and automation, such significant growth will bring immense challenges in terms of ensuring the safety and reliability of automotive software. The increase in code leads to an expanded attack surface that will allow hackers to discover vulnerable software and exploit it to launch malicious attacks against the CAV. An in-depth analysis of the attack surface, along with a meticulous identification of the most vulnerable software components/modules, can certainly help in deciding the appropriate countermeasures to avoid cyber-attacks.

This project aims at developing a novel optimization model of the form Quadratic Binary unconstrained optimization (QUBO) to optimally identify the most vulnerable software modules by taking several factors (e.g., the attack surface of automotive software, downtime of modules, cost of protecting the modules, etc.,) into consideration. This project aims to investigate quantum annealing, a quantum computing technique for solving QUBO. The project team will also design classical metaheuristics, simulated Annealing (SA), and genetic algorithms as benchmarks to assess the effectiveness of the QA-based approach. The major goals of this project are to 1) analyze the attack surface of automotive software and produce interaction graphs, 2) define vulnerable S/W module identification problem and develop a QUBO model, 3) implement QUBO on a quantum annealer, 4) design SA and GA algorithms to solve the optimization problem, and 5) compare the optimal performance of QA-based approach with SA and GA-based algorithms.

US DOT Priorities: This project supports the US DOT statutory research priority areas of “Promoting Safety” and “Reducing Transportation Cybersecurity Risks” by addressing the cybersecurity need of automotive software that plays a critical role in the safe operations of the vehicle. This project supports the following USDOT strategic goals:

• Safety: This project promotes the safety of drivers and passengers by investigating the cybersecurity risks and vulnerabilities that exist in automotive software. Vulnerabilities in the CAV software make it easy for hackers to compromise the control of the vehicle, jeopardizing the operational efficiency of the CAV and leading to injuries and fatalities. This project plans to analyze the attack surface of CAV software and produce a software interaction graph that models the critically of individual modules and their interactions.
• Transformation: This project will bring a new application of quantum computing to ensure the robustness and resiliency of CAV. This project will lead to a new mathematical model that captures the complexity of the attack surface of the CAV software and involves finding the most vulnerable CAV software modules while satisfying a budgetary limit on the cost of protection and ensuring service availability.

This project will advance the state-of-the-art cybersecurity of CAV software by investigating a quantum-based solution that can optimally obtain the most vulnerable S/W modules. This project also plans to conduct experiments on a quantum annealer to show the practical applications of quantum computing technology in solving real-world cybersecurity challenges.

Outputs: The expected outputs of this project include a software interaction graph that captures the attack surface of automotive software, a novel Quadratic Unconstrained Binary Optimization (QUBO) model to identify the most vulnerable software modules using the software interaction graph, Quantum Annealing-based, and other metaheuristics (simulated annealing and genetic algorithm)-based algorithms to solve the QUBO model, evaluation results using a quantum annealer and simulations, and scientific publications including peer-reviewed conference and journal articles. We are interested in establishing partnerships with agencies and/or companies with an interest in the research focus area: “Security and Resiliency” of the National Center for Transportation Cybersecurity and Resiliency (TraCR) and applications of quantum computing to improve the security of CAVs. We will conduct workshops to showcase our research results to the identified agencies and/or companies, such as CAV manufacturers. The workshop activities will include research presentations by the project team, hands-on activities on software attacks, and discussions on the practical adoption of the proposed methods.

Outcomes/Impacts: The proposed research will enhance the safety and reliability of transportation systems by offering a quantum annealing-based cybersecurity solution that can optimally determine the vulnerable software components in CAVs. The implementation and validation of the proposed solution on a quantum annealer will showcase the potential for the practical adoption of quantum computing, an emerging paradigm in the transportation sector. This project will expose undergraduate and graduate students to quantum computing, thereby allowing them to excel in a competitive workforce. Moreover, the research findings of this project will be integrated into the cybersecurity/transportation courses, and capstone projects at SCSU/BC, thereby contributing to developing a skilled cybersecurity workforce.