Abstract
As Electronic Toll Collection (ETC) systems, such as EZPass, expands to cope with increasing development of the world's highway transportation infrastructure and generate public revenue, they have also become the subject of security attacks like any information systems. Traditional security solutions are not applicable to ETC systems due to limited computing/storage resources and mobility requirements. Most ETC systems use Radio Frequency Identification (RFID) technology to identify vehicles and communicate messages, which makes the systems vulnerable to eavesdrop by the nature of open wireless channels. This paper addresses the unique characteristics of ETC systems and focuses on a particular kind of network security threats named replay attacks. We propose two methods; time-out delay and randomized ID renewal that will eliminate or greatly reduce the success of attacks. Both methods will deny access to the attacker in an attempt to replay the genuine user's ID. Through simulation, we demonstrate the effectiveness of our approach under various scenarios. Our simulation tool can also be used for education purposes to illustrate the underlying principles of various security attacks to ETC systems.