Connected & Automated Vehicle (CAV) Systems Security
- [Usenix Security'20] FusionRipper: First Attack on Multi-Sensor Fusion (MSF) based AV Localization: The first study on the security property of MSF-based localization in AV settings. We discover a novel and general attack, FusionRipper, which can fundamentally defeat the MSF design principle. We evaluate it on real-world sensor traces, and find that FusionRipper can achieve at least 97% and 91.3% success rates in all traces for off-road and wrongway attacks respectively.
- [Usenix Security'20] First General Black-box Adversarial Sensor Attack & Defense: The first general black-box attack on LiDAR-based perception in AV settings that universally acheves around 80% success rates on three state-of-the-art 3D object detection model designs. We further perform the first defense study, proposing CARLO that accurately detects LiDAR spoofing attacks and a robust model architecture, sequential view fusion (SVF). CARLO and SVF sucessfully reduce the attack success rates to 5.5% and 2.3%, respectively.
- [ISOC NDSS'20 Best Poster Award] Physical-World Adversarial Attack on Lane Keeping Systems: The first systematic approach to attack real-world DNN-based lane keeping systems. We design a novel attack using dirty road patches as a practical and stealthy attack vector, which can successfully cause a victim car to drive off highway lane boundaries within as short as 1.3 seconds.
- [ACM CCS'19] Adversarial Sensor Attack on LiDAR-based AV Perception: The first security study of LiDAR-based perception in AV settings. We design a new attack methodology, Adv-LiDAR, which can achieve ~75% success rate in injecting fake obstacles in front of a victim AV, causing road safety and mobility damages.
- [ISOC NDSS'18] Congestion Attack on CV-based Traffic Signal Control: The first security analysis of a CV-based transportation system, the USDOT sponsored I-SIG system. We find that due to several newly-discovered vulnerabilities, even one single attack vehicle can greatly manipulate the intelligent traffic control algorithm, causing severe traffic jams.
- [IEEE IV'17] Towards Secure and Safe Appified Automated Vehicles: A position paper proposing an enhanced appified AV design schema called AVGUARD that focuses on mitigating the threats from untrusted code in AV systems.
Transportation systems and automobiles today will be soon transformed profoundly due to the recent advances in Connected Vehicle (CV) technology and Automated/Autonomous Vehicle (AV) technology. To secure such safety critical systems, my research is currently studying security problems in both CV and AV systems.
Connected Vehicle (CV) Systems Security
CV-based transportation system connects vehicles and infrastructure through wireless communication, and has the potential to leverage such connectivity to significantly improve mobility (e.g., 20% reduction in total travel time), safety (e.g., 90% reduction of vehicle crash), and also sustainability. In September 2016, the USDOT (U.S. Department of Transportation) launched the CV Pilot Program as a national effort to deploy, test, and operationalize a series of CV-based transportation systems. The current CV Pilot Program sites include New York City (NYC), Wyoming (WY), and Tampa, FL (THEA).
While having a great potential, such dramatically increased connectivity also opens a new door for cyber attacks. To ensure the security of vehicles and transportation infrastructure and the safety of drivers and pedestrians, it is highly important to understand potential security problems so that they can be proactively addressed before nationwide deployment.
Motivated by this pressing need, we initiate the first comprehensive effort to address the security challenges with systematic analysis and defense solution design. Our research currently focuses on two perspectives: (1) CV application security, by analyzing the security of the released USDOT-sponsored CV-based transportation system and application prototypes, and (2) CV communication security, by analyzing the security of the CV network protocol stack design and implementations on CV devices. The analysis insights are expected to help develop practical defenses at both the infrastructure and vehicle sides. We’ve already started to build defense systems leveraging insights from current analysis results, e.g., designing effective data spoofing detection mechanisms leveraging infrastructure-controlled data sources.
Automated/Autonomous Vehicle (AV) Systems Security
Orthogonal to the CV technology, Automated/Autonomous Vehicle (AV) technology is also under active development these days. To enable autonomous driving, all the vehicle subsystems including critical control systems such as brake and acceleration are now controlled by software, making software quality, especially reliability and security, a concern that is more critical than ever. Due to the fact that (1) such control is managed by a complex distributed systems involving tens of microcontrollers, and (2) software development in in-vehicle systems is commonly outsourced to third-party sources, it is especially challenging to secure the software stack in such systems.
To tackle this challenge, we plant to leverage our past research experience in software security to systematically discover, analyze, and solving security problems in AV systems. Our research currently focuses on three aspects: (1) Automated software security analysis framework using static and dynamic program analysis techniques, (2) Access control system security in AV systems, especially that for peripheral devices such as GPS, radar, camera and Lidar, and (3) Machine learning security in AV systems, by analyze the robustness of the domain-specific machine learning usage in AV systems under malicious input.