Highway to Hack — Security gaps in ETSI ITS standards

IF 3.1 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Standards & Interfaces Pub Date : 2026-04-01 Epub Date: 2026-01-21 DOI:10.1016/j.csi.2026.104133

Roberto Gesteira-Miñarro , Takahito Yoshizawa , Rafael Palacios , Gregorio López

{"title":"Highway to Hack — Security gaps in ETSI ITS standards","authors":"Roberto Gesteira-Miñarro , Takahito Yoshizawa , Rafael Palacios , Gregorio López","doi":"10.1016/j.csi.2026.104133","DOIUrl":null,"url":null,"abstract":"<div><div>Vehicle-to-Everything (V2X) communication technologies are revolutionizing transportation by enabling real-time information exchange among vehicles, infrastructure, pedestrians, and networks. While these technologies offer significant benefits in terms of road safety, traffic efficiency, and support for autonomous driving, they also introduce critical security and privacy risks due to their decentralized and dynamic nature. In this paper, we perform an analysis of the ETSI Intelligent Transport System (ITS) standards, specifications and reports to identify vulnerabilities that could be exploited to cause cyber–physical damages. We focus particularly on Cooperative Awareness Messages (CAM) and Decentralized Environmental Notification Messages (DENM) in the ETSI ITS standard, and pseudonym ID mechanisms. We identified several security issues, including vulnerabilities that lead to replay attacks, identity-based attacks such as spoofing and Sybil attacks, as well as grayhole attacks. We present attack scenarios where the issues found can be leveraged to compromise road safety, and quantify their potential impact through simulations using Eclipse SUMO. These scenarios might be relevant during a transition period where V2X-enabled vehicles coexist with legacy vehicles. Furthermore, we propose mitigations to address the identified issues. Our findings highlight the need for stronger security measures in V2X systems to ensure both safety and security in future intelligent transportation systems.</div></div>","PeriodicalId":50635,"journal":{"name":"Computer Standards & Interfaces","volume":"97 ","pages":"Article 104133"},"PeriodicalIF":3.1000,"publicationDate":"2026-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Standards & Interfaces","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0920548926000073","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2026/1/21 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Vehicle-to-Everything (V2X) communication technologies are revolutionizing transportation by enabling real-time information exchange among vehicles, infrastructure, pedestrians, and networks. While these technologies offer significant benefits in terms of road safety, traffic efficiency, and support for autonomous driving, they also introduce critical security and privacy risks due to their decentralized and dynamic nature. In this paper, we perform an analysis of the ETSI Intelligent Transport System (ITS) standards, specifications and reports to identify vulnerabilities that could be exploited to cause cyber–physical damages. We focus particularly on Cooperative Awareness Messages (CAM) and Decentralized Environmental Notification Messages (DENM) in the ETSI ITS standard, and pseudonym ID mechanisms. We identified several security issues, including vulnerabilities that lead to replay attacks, identity-based attacks such as spoofing and Sybil attacks, as well as grayhole attacks. We present attack scenarios where the issues found can be leveraged to compromise road safety, and quantify their potential impact through simulations using Eclipse SUMO. These scenarios might be relevant during a transition period where V2X-enabled vehicles coexist with legacy vehicles. Furthermore, we propose mitigations to address the identified issues. Our findings highlight the need for stronger security measures in V2X systems to ensure both safety and security in future intelligent transportation systems.

查看原文本刊更多论文

高速公路黑客-安全漏洞在ETSI ITS标准

车辆到一切（V2X）通信技术通过实现车辆、基础设施、行人和网络之间的实时信息交换，正在彻底改变交通运输。虽然这些技术在道路安全、交通效率和对自动驾驶的支持方面提供了显著的好处，但由于它们的分散性和动态性，它们也带来了关键的安全和隐私风险。在本文中，我们对ETSI智能交通系统（ITS）标准、规范和报告进行了分析，以确定可能被利用来造成网络物理损害的漏洞。我们特别关注ETSI ITS标准中的协作意识消息（CAM）和分散环境通知消息（DENM），以及假名ID机制。我们发现了几个安全问题，包括导致重放攻击、基于身份的攻击（如欺骗和Sybil攻击）以及灰洞攻击的漏洞。我们给出了攻击场景，其中发现的问题可以被用来危害道路安全，并通过使用Eclipse SUMO进行模拟来量化它们的潜在影响。在支持v2x的车辆与传统车辆共存的过渡时期，这些场景可能是相关的。此外，我们提出了缓解措施，以解决已确定的问题。我们的研究结果强调了在V2X系统中需要更强大的安全措施，以确保未来智能交通系统的安全性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Standards & Interfaces 工程技术-计算机：软件工程

CiteScore

11.90

自引率

16.00%

发文量

审稿时长

6 months

期刊介绍： The quality of software, well-defined interfaces (hardware and software), the process of digitalisation, and accepted standards in these fields are essential for building and exploiting complex computing, communication, multimedia and measuring systems. Standards can simplify the design and construction of individual hardware and software components and help to ensure satisfactory interworking. Computer Standards & Interfaces is an international journal dealing specifically with these topics. The journal • Provides information about activities and progress on the definition of computer standards, software quality, interfaces and methods, at national, European and international levels • Publishes critical comments on standards and standards activities • Disseminates user''s experiences and case studies in the application and exploitation of established or emerging standards, interfaces and methods • Offers a forum for discussion on actual projects, standards, interfaces and methods by recognised experts • Stimulates relevant research by providing a specialised refereed medium.