Who Is in Control? Practical Physical Layer Attack and Defense for mmWave-Based Sensing in Autonomous Vehicles

Sun, Zhi; Balakrishnan, Sarankumar; Lu, Shan; Bhuyan, Arupjyoti; Wang, Pu; Qiao, Chunming

doi:10.1109/tifs.2021.3076287

Cited by 58 publications

(38 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…System-level evaluation refers to evaluating the attack/defense impacts at the vehicle driving behavior level considering full-stack AD system pipelines and closed-loop control. The evaluation setups used to achieve this can be generally classified into two categories: (1) Real vehicle-based, where a real vehicle is under partial (e.g., steering only [79]) or full (i.e., steering, throttle, and braking [57,89]) closedloop control of the AD system to perform certain driving maneuvers with the presence of attacks, which are typically deployed in the physical world as well; and (2) Simulationbased, where the critical elements in the closed-loop control (e.g., sensing/actuation hardware and the physical world) are fully or partially simulated, using either existing simulation software [38,78,80,92,93] or custom-built modeling [92].…”

Section: Systematization Of Evaluation Methodologymentioning

confidence: 99%

“…RADAR inputs to cause it to resolve fake objects at specific distances and angles. Prior work [89] demonstrates RADAR spoofing capability in physical world and shows that it can cause AD system to recognize fake obstacles. • GPS spoofing refers to sending fake satellite signals to the GPS receiver, causing it to resolve positions that are specified by the attacker.…”

Section: Sensor Attack Vectorsmentioning

confidence: 99%

“…Prior gray-box attacks all assume the lack of knowledge of AI model internals such as weights. However, some works still require confidence scores in the model outputs [56,[63][64][65]71,79,83,84], and some require detailed sensor parameters [65,67,89].…”

Section: Sensor Attack Vectorsmentioning

confidence: 99%

“…In practice, the hardware that runs the AD system may have limited computation resources (e.g., limited GPUs) due to budget concerns. Among the defenses, except the ones that do not require extra ML models [81,89,105], all others will impose additional demand on the computation resources in order to execute the models. This may prevent them from deploying onto vehicles that have already fully utilized the hardware resources.…”

Section: Systematization Of Ad Ai Defensesmentioning

confidence: 99%

See 3 more Smart Citations

SoK: On the Semantic AI Security in Autonomous Driving

Shen¹,

Wang²,

Wan³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Autonomous Driving (AD) systems rely on AI components to make safety and correct driving decisions. Unfortunately, today's AI algorithms are known to be generally vulnerable to adversarial attacks. However, for such AI component-level vulnerabilities to be semantically impactful at the system level, it needs to address non-trivial semantic gaps both (1) from the system-level attack input spaces to those at AI component level, and (2) from AI component-level attack impacts to those at the system level. In this paper, we define such research space as semantic AI security as opposed to generic AI security. Over the past 5 years, increasingly more research works are performed to tackle such semantic AI security challenges in AD context, which has started to show an exponential growth trend. However, to the best of our knowledge, so far there is no comprehensive systematization of this emerging research space.In this paper, we thus perform the first systematization of knowledge of such growing semantic AD AI security research space. In total, we collect and analyze 53 such papers, and systematically taxonomize them based on research aspects critical for the security field such as the attack/defense targeted AI component, attack/defense goal, attack vector, attack knowledge, defense deployability, defense robustness, and evaluation methodologies. We summarize 6 most substantial scientific gaps observed based on quantitative comparisons both vertically among existing AD AI security works and horizontally with security works from closely-related domains. With these, we are able to provide insights and potential future directions not only at the design level, but also at the research goal, methodology, and community levels. To address the most critical scientific methodology-level gap, we take the initiative to develop an open-source, uniform, and extensible system-driven evaluation platform, named PASS, for the semantic AD AI security research community. We also use our implemented platform prototype to showcase the capabilities and benefits of such a platform using representative semantic AD AI attacks.

show abstract

Section: Systematization Of Evaluation Methodologymentioning

confidence: 99%

Section: Sensor Attack Vectorsmentioning

confidence: 99%

Section: Sensor Attack Vectorsmentioning

confidence: 99%

Section: Systematization Of Ad Ai Defensesmentioning

confidence: 99%

See 2 more Smart Citations

SoK: On the Semantic AI Security in Autonomous Driving

Shen¹,

Wang²,

Wan³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…(1) Perception-level attacks [18]- [37] target one particular perception function to make it estimate incorrect states. (2) Vehicle-level attacks [6], [38]- [78] consider not only fooling the perception function, but also propagating the wrong state estimates towards the subsequent stages and final actions. Both categories of works are only limited to a few specific functions and control flows in an RV system, leaving a large number of unexplored vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View

Xu¹,

Han²,

Deng³

et al. 2022

Preprint

View full text Add to dashboard Cite

Robotic Vehicles (RVs) have gained great popularity over the past few years. Meanwhile, they are also demonstrated to be vulnerable to sensor spoofing attacks. Although a wealth of research works have presented various attacks, some key questions remain unanswered: are these existing works complete enough to cover all the sensor spoofing threats? If not, how many attacks are not explored, and how difficult is it to realize them?This paper answers the above questions by comprehensively systematizing the knowledge of sensor spoofing attacks against RVs. Our contributions are threefold. (1) We identify seven common attack paths in an RV system pipeline. We categorize and assess existing spoofing attacks from the perspectives of spoofer property, operation, victim characteristic and attack goal. Based on this systematization, we identify 4 interesting insights about spoofing attack designs. (2) We propose a novel action flow model to systematically describe robotic function executions and sensor spoofing vulnerabilities. With this model, we successfully discover 104 spoofing attack vectors, 25 of which have been verified by prior works, while 55 attacks are practical but never considered. (3) We design two novel attack methodologies to verify the feasibility of newly discovered spoofing attack vectors.

show abstract

Machine learning and blockchain technologies for cybersecurity in connected vehicles

Ahmad,

Zia,

Naqvi

et al. 2023

WIREs Data Min & Knowl

View full text Add to dashboard Cite

Future connected and autonomous vehicles (CAVs) must be secured against cyberattacks for their everyday functions on the road so that safety of passengers and vehicles can be ensured. This article presents a holistic review of cybersecurity attacks on sensors and threats regarding multi‐modal sensor fusion. A comprehensive review of cyberattacks on intra‐vehicle and inter‐vehicle communications is presented afterward. Besides the analysis of conventional cybersecurity threats and countermeasures for CAV systems, a detailed review of modern machine learning, federated learning, and blockchain approach is also conducted to safeguard CAVs. Machine learning and data mining‐aided intrusion detection systems and other countermeasures dealing with these challenges are elaborated at the end of the related section. In the last section, research challenges and future directions are identified.This article is categorized under: Commercial, Legal, and Ethical Issues > Security and Privacy Technologies > Machine Learning Technologies > Internet of Things

show abstract

Who Is in Control? Practical Physical Layer Attack and Defense for mmWave-Based Sensing in Autonomous Vehicles

Cited by 58 publications

References 12 publications

SoK: On the Semantic AI Security in Autonomous Driving

SoK: On the Semantic AI Security in Autonomous Driving

SoK: Rethinking Sensor Spoofing Attacks against Robotic Vehicles from a Systematic View

Machine learning and blockchain technologies for cybersecurity in connected vehicles

Contact Info

Product

Resources

About