Zeinab El-Rewini,Karthikeyan Sadatsharan,Daisy Flora Selvaraj,Siby Jose Plathottam,Prakash Ranganathan

DOI: https://doi.org/10.1016/j.vehcom.2019.100214

IF: 6.7

2020-06-01

Vehicular Communications

Abstract:As modern vehicles are capable to connect to an external infrastructure and Vehicle-to-Everything (V2X) communication technologies mature, the necessity to secure communications becomes apparent. There is a very real risk that today's vehicles are subjected to cyber-attacks that target vehicular communications. This paper proposes a three-layer framework (sensing, communication and control) through which automotive security threats can be better understood. The sensing layer is made up of vehicle dynamics and environmental sensors, which are vulnerable to eavesdropping, jamming, and spoofing attacks. The communication layer is comprised of both in-vehicle and V2X communications and is susceptible to eavesdropping, spoofing, man-in-the-middle, and sybil attacks. At the top of the hierarchy is the control layer, which enables autonomous vehicular functionality, including the automation of a vehicle's speed, braking, and steering. Attacks targeting the sensing and communication layers can propagate upward and affect the functionality and can compromise the security of the control layer. This paper provides the state-of-the-art review on attacks and threats relevant to the communication layer and presents countermeasures.

telecommunications,transportation science & technology

R. Spencer Hallyburton,Qingzhao Zhang,Z. Morley Mao,Miroslav Pajic

2023-12-08

Abstract:What happens to an autonomous vehicle (AV) if its data are adversarially compromised? Prior security studies have addressed this question through mostly unrealistic threat models, with limited practical relevance, such as white-box adversarial learning or nanometer-scale laser aiming and spoofing. With growing evidence that cyber threats pose real, imminent danger to AVs and cyber-physical systems (CPS) in general, we present and evaluate a novel AV threat model: a cyber-level attacker capable of disrupting sensor data but lacking any situational awareness. We demonstrate that even though the attacker has minimal knowledge and only access to raw data from a single sensor (i.e., LiDAR), she can design several attacks that critically compromise perception and tracking in multi-sensor AVs. To mitigate vulnerabilities and advance secure architectures in AVs, we introduce two improvements for security-aware fusion: a probabilistic data-asymmetry monitor and a scalable track-to-track fusion of 3D LiDAR and monocular detections (T2T-3DLM); we demonstrate that the approaches significantly reduce attack effectiveness. To support objective safety and security evaluations in AVs, we release our security evaluation platform, AVsec, which is built on security-relevant metrics to benchmark AVs on gold-standard longitudinal AV datasets and AV simulators.

Cryptography and Security,Systems and Control

Ziqing Gu,Yunlong An,Fangyuan Tan,Yang Li,Sifa Zheng

DOI: https://doi.org/10.1109/SSCI44817.2019.9002791

2019-01-01

Abstract:The malicious attacks to vehicle communication facilities can expose connected vehicles to security threats, making them lose control and causing traffic accidents. It is usually hard to predict the attacked targets, which makes it difficult to design a proactive defensive strategy. This study tackles the issue of connected vehicles under bounded data injection attacks. We propose an active attack-defense model based on game theory and solve the model using a reinforcement learning-based method. The vehicle-attacker system is modeled as a game-theoretic framework based on the generalized weakened fictitious play, in which each player uses the best actions to react to the opponents' empirical actions. A novel mixed adversarial reinforcement learning is employed to learn the attack-defense model which makes the model self-evolutionary. Moreover, our model is validated in a car-following scenario through numerical simulations and comparative studies under different forms of attacks. Results show that our model can recognize the attacked sensors and the defensive effectiveness of connected vehicles increases by nearly 30% under bounded attacks.

Yulong Cao*,Ningfei Wang*,Chaowei Xiao*,Dawei Yang*,Jin Fang,Ruigang Yang,Qi Alfred Chen,Mingyan Liu,Bo Li

DOI: https://doi.org/10.48550/arXiv.2106.09249

2021-06-17

Cryptography and Security

Abstract:In Autonomous Driving (AD) systems, perception is both security and safety critical. Despite various prior studies on its security issues, all of them only consider attacks on camera- or LiDAR-based AD perception alone. However, production AD systems today predominantly adopt a Multi-Sensor Fusion (MSF) based design, which in principle can be more robust against these attacks under the assumption that not all fusion sources are (or can be) attacked at the same time. In this paper, we present the first study of security issues of MSF-based perception in AD systems. We directly challenge the basic MSF design assumption above by exploring the possibility of attacking all fusion sources simultaneously. This allows us for the first time to understand how much security guarantee MSF can fundamentally provide as a general defense strategy for AD perception. We formulate the attack as an optimization problem to generate a physically-realizable, adversarial 3D-printed object that misleads an AD system to fail in detecting it and thus crash into it. We propose a novel attack pipeline that addresses two main design challenges: (1) non-differentiable target camera and LiDAR sensing systems, and (2) non-differentiable cell-level aggregated features popularly used in LiDAR-based AD perception. We evaluate our attack on MSF included in representative open-source industry-grade AD systems in real-world driving scenarios. Our results show that the attack achieves over 90% success rate across different object types and MSF. Our attack is also found stealthy, robust to victim positions, transferable across MSF algorithms, and physical-world realizable after being 3D-printed and captured by LiDAR and camera devices. To concretely assess the end-to-end safety impact, we further perform simulation evaluation and show that it can cause a 100% vehicle collision rate for an industry-grade AD system.

Yulong Cao,Chaowei Xiao,Benjamin Cyr,Yimeng Zhou,Won Park,Sara Rampazzi,Qi Alfred Chen,Kevin Fu,Z. Morley Mao

DOI: https://doi.org/10.1145/3319535.3339815

2019-11-06

Abstract:In Autonomous Vehicles (AVs), one fundamental pillar is perception,which leverages sensors like cameras and LiDARs (Light Detection and Ranging) to understand the driving environment. Due to its direct impact on road safety, multiple prior efforts have been made to study its the security of perception systems. In contrast to prior work that concentrates on camera-based perception, in this work we perform the first security study of LiDAR-based perception in AV settings, which is highly important but unexplored. We consider LiDAR spoofing attacks as the threat model and set the attack goal as spoofing obstacles close to the front of a victim AV. We find that blindly applying LiDAR spoofing is insufficient to achieve this goal due to the machine learning-based object detection process.Thus, we then explore the possibility of strategically controlling the spoofed attack to fool the machine learning model. We formulate this task as an optimization problem and design modeling methods for the input perturbation function and the objective function.We also identify the inherent limitations of directly solving the problem using optimization and design an algorithm that combines optimization and global sampling, which improves the attack success rates to around 75%. As a case study to understand the attack impact at the AV driving decision level, we construct and evaluate two attack scenarios that may damage road safety and mobility.We also discuss defense directions at the AV system, sensor, and machine learning model levels.

Tianci Yang,Chen Lv

DOI: https://doi.org/10.48550/arXiv.2103.00878

2021-03-01

Abstract:Connected and Automated Vehicles (CAVs) rely on the correctness of position and other vehicle kinematics information to fulfill various driving tasks such as vehicle following, lane change, and collision avoidance. However, a malicious vehicle may send false sensor information to the other vehicles intentionally or unintentionally, which may cause traffic inconvenience or loss of human lives. Here, we take the advantage of cloud-computing and increase the resilience of CAVs to malicious vehicles by assuming each vehicle shares its local sensor information with other vehicles to create information redundancy on the cloud side. We exploit this redundancy and propose a sensor fusion algorithm for the cloud, capable of providing a robust state estimation of all vehicles in the cloud under the condition that the number of malicious information is sufficiently small. Using the proposed estimator, we provide an algorithm for isolating malicious vehicles. We use numerical examples to illustrate the effectiveness of our methods.

Systems and Control

Zihao Li,Sixu Li,Hao Zhang,Yang Zhou,Siyang Xie,Yunlong Zhang

2024-01-27

Abstract:While perception systems in Connected and Autonomous Vehicles (CAVs), which encompass both communication technologies and advanced sensors, promise to significantly reduce human driving errors, they also expose CAVs to various cyberattacks. These include both communication and sensing attacks, which potentially jeopardize not only individual vehicles but also overall traffic safety and efficiency. While much research has focused on communication attacks, sensing attacks, which are equally critical, have garnered less attention. To address this gap, this study offers a comprehensive review of potential sensing attacks and their impact on target vehicles, focusing on commonly deployed sensors in CAVs such as cameras, LiDAR, Radar, ultrasonic sensors, and GPS. Based on this review, we discuss the feasibility of integrating hardware-in-the-loop experiments with microscopic traffic simulations. We also design baseline scenarios to analyze the macro-level impact of sensing attacks on traffic flow. This study aims to bridge the research gap between individual vehicle sensing attacks and broader macroscopic impacts, thereby laying the foundation for future systemic understanding and mitigation.

Systems and Control

Chengcheng Zhao,Ruijie Ma,Mengzhi Wang,Jinming Xu,Lin Cai

DOI: https://doi.org/10.1109/tits.2024.3424687

IF: 8.5

2024-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:This paper investigates secure control for homogeneous vehicle platoons in the presence of false data injection attacks with low communication and computation costs. We consider a scenario where each vehicle within the platoon transmits a local state vector to multiple neighboring vehicles. By leveraging these shared vectors from both preceding and following vehicles, we propose a novel and effective resilient controller for vehicle platoons against node/communication link attacks. More specifically, each vehicle determines the local state deviation vectors from neighboring vehicles. It then eliminates the vectors that are farthest from the origin, with the number of removed vectors equivalent to the maximum number of attacks. This approach offers a considerable advantage by mitigating the effects of abnormality and manipulation, making it robust against arbitrary information tampering within a pre-defined upper boundary for manipulated broadcast information. Importantly, we establish specific conditions for the proposed resilient design to guarantee the internal stability of the vehicle platoon under attacks. Extensive simulations and experiments involving four TurtleBot3s are conducted to demonstrate the effectiveness of the proposed resilient controller.

Tianci Yang,Carlos Murguia,Dragan Nesic,Chau Yuen

2023-06-19

Abstract:By sharing local sensor information via Vehicle-to-Vehicle (V2V) wireless communication networks, Cooperative Adaptive Cruise Control (CACC) is a technology that enables Connected and Automated Vehicles (CAVs) to drive autonomously on the highway in closely-coupled platoons. The use of CACC technologies increases safety and the traffic throughput, and decreases fuel consumption and CO2 emissions. However, CAVs heavily rely on embedded software, hardware, and communication networks that make them vulnerable to a range of cyberattacks. Cyberattacks to a particular CAV compromise the entire platoon as CACC schemes propagate corrupted data to neighboring vehicles potentially leading to traffic delays and collisions. Physics-based monitors can be used to detect the presence of False Data Injection (FDI) attacks to CAV sensors; however, unavoidable system disturbances and modelling uncertainty often translates to conservative detection results. Given enough system knowledge, adversaries are still able to launch a range of attacks that can surpass the detection scheme by hiding within the system disturbances and uncertainty -- we refer to this class of attacks as \textit{stealthy FDI attacks}. Stealthy attacks are hard to deal with as they affect the platoon dynamics without being noticed. In this manuscript, we propose a co-design methodology (built around a series convex programs) to synthesize distributed attack monitors and $H_{\infty}$ CACC controllers that minimize the joint effect of stealthy FDI attacks and system disturbances on the platoon dynamics while guaranteeing a prescribed platooning performance (in terms of tracking and string stability). Computer simulations are provided to illustrate the performance of out tools.

Systems and Control

Jiachen Sun,Yulong Cao,Qi Alfred Chen,Z. Morley Mao

DOI: https://doi.org/10.48550/arXiv.2006.16974

2020-06-30

Cryptography and Security

Abstract:Perception plays a pivotal role in autonomous driving systems, which utilizes onboard sensors like cameras and LiDARs (Light Detection and Ranging) to assess surroundings. Recent studies have demonstrated that LiDAR-based perception is vulnerable to spoofing attacks, in which adversaries spoof a fake vehicle in front of a victim self-driving car by strategically transmitting laser signals to the victim's LiDAR sensor. However, existing attacks suffer from effectiveness and generality limitations. In this work, we perform the first study to explore the general vulnerability of current LiDAR-based perception architectures and discover that the ignored occlusion patterns in LiDAR point clouds make self-driving cars vulnerable to spoofing attacks. We construct the first black-box spoofing attack based on our identified vulnerability, which universally achieves around 80% mean success rates on all target models. We perform the first defense study, proposing CARLO to mitigate LiDAR spoofing attacks. CARLO detects spoofed data by treating ignored occlusion patterns as invariant physical features, which reduces the mean attack success rate to 5.5%. Meanwhile, we take the first step towards exploring a general architecture for robust LiDAR-based perception, and propose SVF that embeds the neglected physical features into end-to-end learning. SVF further reduces the mean attack success rate to around 2.3%.

Tianci Yang,Chen Lv

DOI: https://doi.org/10.48550/arXiv.2103.00883

2021-03-01

Abstract:By using various sensors to measure the surroundings and sharing local sensor information with the surrounding vehicles through wireless networks, connected and automated vehicles (CAVs) are expected to increase safety, efficiency, and capacity of our transportation systems. However, the increasing usage of sensors has also increased the vulnerability of CAVs to sensor faults and adversarial attacks. Anomalous sensor values resulting from malicious cyberattacks or faulty sensors may cause severe consequences or even fatalities. In this paper, we increase the resilience of CAVs to faults and attacks by using multiple sensors for measuring the same physical variable to create redundancy. We exploit this redundancy and propose a sensor fusion algorithm for providing a robust estimate of the correct sensor information with bounded errors independent of the attack signals, and for attack detection and isolation. The proposed sensor fusion framework is applicable to a large class of security-critical Cyber-Physical Systems (CPSs). To minimize the performance degradation resulting from the usage of estimation for control, we provide an $H_{\infty}$ controller for CACC-equipped CAVs capable of stabilizing the closed-loop dynamics of each vehicle in the platoon while reducing the joint effect of estimation errors and communication channel noise on the tracking performance and string behavior of the vehicle platoon. Numerical examples are presented to illustrate the effectiveness of our methods.

Systems and Control

H M Sabbir Ahmad,Ehsan Sabouni,Akua Dickson,Wei Xiao,Christos G. Cassandras,Wenchao Li

2024-03-25

Abstract:We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to safely navigate through a conflict area (e.g., traffic intersections, merging roadways, roundabouts). Previous studies have shown that such a network can be targeted by adversarial attacks causing traffic jams or safety violations ending in collisions. We focus on attacks targeting the V2X communication network used to share vehicle data and consider as well uncertainties due to noise in sensor measurements and communication channels. To combat these, motivated by recent work on the safe control of CAVs, we propose a trust-aware robust event-triggered decentralized control and coordination framework that can provably guarantee safety. We maintain a trust metric for each vehicle in the network computed based on their behavior and used to balance the tradeoff between conservativeness (when deeming every vehicle as untrustworthy) and guaranteed safety and security. It is important to highlight that our framework is invariant to the specific choice of the trust framework. Based on this framework, we propose an attack detection and mitigation scheme which has twofold benefits: (i) the trust framework is immune to false positives, and (ii) it provably guarantees safety against false positive cases. We use extensive simulations (in SUMO and CARLA) to validate the theoretical guarantees and demonstrate the efficacy of our proposed scheme to detect and mitigate adversarial attacks.

Systems and Control

Hongchao Zhang,Zhouchi Li,Shiyu Cheng,Andrew Clark

DOI: https://doi.org/10.48550/arXiv.2302.07341

2023-02-15

Abstract:Autonomous vehicles rely on LiDAR sensors to detect obstacles such as pedestrians, other vehicles, and fixed infrastructures. LiDAR spoofing attacks have been demonstrated that either create erroneous obstacles or prevent detection of real obstacles, resulting in unsafe driving behaviors. In this paper, we propose an approach to detect and mitigate LiDAR spoofing attacks by leveraging LiDAR scan data from other neighboring vehicles. This approach exploits the fact that spoofing attacks can typically only be mounted on one vehicle at a time, and introduce additional points into the victim's scan that can be readily detected by comparison from other, non-modified scans. We develop a Fault Detection, Identification, and Isolation procedure that identifies non-existing obstacle, physical removal, and adversarial object attacks, while also estimating the actual locations of obstacles. We propose a control algorithm that guarantees that these estimated object locations are avoided. We validate our framework using a CARLA simulation study, in which we verify that our FDII algorithm correctly detects each attack pattern.

Systems and Control

Shian Wang,Mingfeng Shang,Raphael Stern

2024-01-12

Abstract:While automated vehicles (AVs) are expected to revolutionize future transportation systems, emerging AV technologies open a door for malicious actors to compromise intelligent vehicles. As the first generation of AVs, adaptive cruise control (ACC) vehicles are vulnerable to cyberattacks. While recent effort has been made to understanding the impact of attacks on transportation systems, little work has been done to systematically model and characterize the malicious nature of candidate attacks. In this study, we develop a general framework for modeling and synthesizing two types of candidate attacks on ACC vehicles, namely direct attacks on vehicle control commands and false data injection attacks on sensor measurement, with explicit characterization of their adverse effects. Based on linear stability analysis of car-following dynamics, we derive a series of analytical conditions characterizing the malicious nature of potential attacks. This ensures a higher degree of realism in modeling attacks with adverse effects, as opposed to simply considering attacks as constants or random variables. Notably, the conditions derived provide an effective method for strategically synthesizing an array of candidate attacks on ACC vehicles. We conduct extensive simulation to examine the impacts of intelligently designed attacks on microscopic car-following dynamics and macroscopic traffic flow. Numerical results illustrate the mechanism of candidate attacks, offering useful insights into understanding the vulnerability of future transportation systems. The methodology developed allows for further study of the widespread impact of strategically designed attacks on traffic cybersecurity, and is expected to inspire the development of efficient attack detection techniques and advanced vehicle controls.

Dynamical Systems,Systems and Control

Weibin Jia,Wenyuan Xu,Chen Yan,Xiaoyu Ji,Jianhao Liu

DOI: https://doi.org/10.1109/JIOT.2018.2867917

IF: 10.6

2018-12-01

IEEE Internet of Things Journal

Abstract:Autonomous vehicles rely on sensors to measure road condition and make driving decisions, and their safety relies heavily on the reliability of these sensors. Out of all obstacle detection sensors, ultrasonic sensors have the largest market share and are expected to be increasingly installed on automobiles. Such sensors discover obstacles by emitting ultrasounds and analyzing their reflections. By exploiting the built-in vulnerabilities of sensors, we designed random spoofing, adaptive spoofing, and jamming attacks on ultrasonic sensors, and we managed to trick a vehicle to stop when it should keep moving, and let it fail to stop when it should. We validate our attacks on stand-alone sensors and moving vehicles, including a Tesla Model S with the “Autopilot” system. The results show that the attacks cause blindness and malfunction of not only sensors but also autonomous vehicles, which can lead to collisions. To enhance the security of ultrasonic sensors and autonomous vehicles, we propose two defense strategies, single-sensor-based physical shift authentication that verifies signals on the physical level, and multiple sensor consistency check that employs multiple sensors to verify signals on the system level. Our experiments on real sensors and MATLAB simulation reveal the validity of both schemes.

Computer Science,Engineering,Environmental Science

Murad Mehrab Abrar,Salim Hariri

2024-04-05

Abstract:As a rapidly growing cyber-physical platform, Autonomous Vehicles (AVs) are encountering more security challenges as their capabilities continue to expand. In recent years, adversaries are actively targeting the perception sensors of autonomous vehicles with sophisticated attacks that are not easily detected by the vehicles' control systems. This work proposes an Anomaly Behavior Analysis approach to detect a perception sensor attack against an autonomous vehicle. The framework relies on temporal features extracted from a physics-based autonomous vehicle behavior model to capture the normal behavior of vehicular perception in autonomous driving. By employing a combination of model-based techniques and machine learning algorithms, the proposed framework distinguishes between normal and abnormal vehicular perception behavior. To demonstrate the application of the framework in practice, we performed a depth camera attack experiment on an autonomous vehicle testbed and generated an extensive dataset. We validated the effectiveness of the proposed framework using this real-world data and released the dataset for public access. To our knowledge, this dataset is the first of its kind and will serve as a valuable resource for the research community in evaluating their intrusion detection techniques effectively.

Robotics,Systems and Control

Shian Wang

2024-01-13

Abstract:While emerging adaptive cruise control (ACC) technologies are making their way into more vehicles, they also expose a vulnerability to potential malicious cyberattacks. Previous research has typically focused on constant or stochastic attacks without explicitly addressing their malicious and covert characteristics. As a result, these attacks may inadvertently benefit the compromised vehicles, inconsistent with real-world scenarios. In contrast, we establish an analytical framework to model and synthesize a range of candidate attacks, offering a physical interpretation from the attacker's standpoint. Specifically, we introduce a mathematical framework that describes mixed traffic scenarios, comprising ACC vehicles and human-driven vehicles (HDVs), grounded in car-following dynamics. Within this framework, we synthesize and integrate a class of false data injection attacks into ACC sensor measurements, influencing traffic flow dynamics. As a first-of-its-kind study, this work provides an analytical characterization of attacks, emphasizing their malicious and stealthy attributes while explicitly accounting for vehicle driving behavior, thereby yielding a set of candidate attacks with physical interpretability. To demonstrate the modeling process, we perform a series of numerical simulations to holistically assess the effects of attacks on car-following dynamics, traffic efficiency, and vehicular fuel consumption. The primary findings indicate that strategically synthesized candidate attacks can cause significant disruptions to the traffic flow while altering the driving behavior of ACC vehicles in a subtle fashion to remain stealthy, which is supported by a series of analytical results.

Systems and Control,Dynamical Systems

Soumyajit Dey,Sunandan Adhikary,Ipsita Koley,R. Rohit

DOI: https://doi.org/10.1109/DSD57027.2022.00128

2022-05-02

Abstract:Recent developments in the smart mobility domain have transformed automobiles into networked transportation agents helping realize new age, large-scale intelligent transportation systems (ITS). The motivation behind such networked transportation is to improve road safety as well as traffic efficiency. In this setup, vehicles can share information about their speed and/or acceleration values among themselves and infrastructures can share traffic signal data with them. This enables the connected vehicles (CVs) to stay informed about their surroundings while moving. However, the inter-vehicle communication channels significantly broaden the attack surface. The inter-vehicle network enables an attacker to remotely launch attacks. An attacker can create collision as well as hamper performance by reducing the traffic efficiency. Thus, security vulnerabilities must be taken into consideration in the early phase of CVs' development cycle. To the best of our knowledge, there exists no such automated simulation tool using which engineers can verify the performance of CV prototypes in the presence of an attacker. In this work, we present an automated tool flow that facilitates false data injection attack synthesis and simulation on customizable platoon structure and vehicle dynamics. This tool can be used to simulate as well as design and verify control- theoretic light-weight attack detection and mitigation algorithms for CVs.

Computer Science,Engineering

H M Sabbir Ahmad,Ehsan Sabouni,Wei Xiao,Christos G. Cassandras,Wenchao Li

2023-06-03

Abstract:We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to navigate through a conflict area. Adversarial attacks such as Sybil attacks can cause safety violations resulting in collisions and traffic jams. In addition, uncooperative (but not necessarily adversarial) CAVs can also induce similar adversarial effects on the traffic network. We propose a decentralized resilient control and coordination scheme that mitigates the effects of adversarial attacks and uncooperative CAVs by utilizing a trust framework. Our trust-aware scheme can guarantee safe collision free coordination and mitigate traffic jams. Simulation results validate the theoretical guarantee of our proposed scheme, and demonstrate that it can effectively mitigate adversarial effects across different traffic scenarios.

Multiagent Systems,Artificial Intelligence,Systems and Control

Twan Keijzer,Fabian Jarmolowitz,Riccardo M.G. Ferrari

DOI: https://doi.org/10.48550/arXiv.2104.03801

2021-04-08

Abstract:Road intersections are widely recognized as a lead cause for accidents and traffic delays. In a future scenario with a significant adoption of Cooperative Autonomous Vehicles, solutions based on fully automatic, signage-less Intersection Control would become viable. Such a solution, however, requires communication between vehicles and, possibly, the infrastructure over wireless networks. This increases the attack surface available to a malicious actor, which could lead to dangerous situations. In this paper, we address the safety of Intersection Control algorithms, and design a Sliding-Mode-Observer based solution capable of detecting and estimating false data injection attacks affecting vehicles' communication. With respect to previous literature, a novel detection logic with improved detection performances is presented. Simulation results are provided to show the effectiveness of the proposed approach.

Systems and Control