Autonomous Driving (AD) & Connected Vehicle (CV) Systems Security
[New] [IEEE S&P'21] MSF-ADV: First attack that fundamentally challenges Multi-Sensor Fusion (MSF) based AD perception in practical settings: We found that a normal road object type (e.g., a traffic cone or a rock) can be maliciously shaped to become invisible for both state-of-the-art camera and LiDAR detection for autonomous driving! This has severe safety implications for safe driving: Attacker can just place such an object in the roadway and trick self-driving cars to crash into it. This attack design fundamentally challenges the basic design assumption of using multi-sensor fusion as defense solutions in AD systems.
[New] [Usenix Security'21 (NDSS'20 Best Poster Award)] DRP (Dirty Road Patch) Attack: First attack for lane-keeping systems in the designed operational domains (i.e., roads with lane lines): This is the full conference version of our NDSS'20 Best Poster Award work. We found that state-of-the-art DNN-based lane-keeping systems are vulnerable to physical-world adversarial attacks that pretend to be a benign dirty road patch. This can cause a victim vehicle to drive off-road within as short as 1 sec, which is substantially lower than the common driver reaction time (~2.5 sec). Thus, even for a fully-attentive human driver who can take over as soon as the attack starts to take effect, his/her average reaction time is still far from enough to prevent the resulting safety hazards such as driving off road or colliding into vehicles in adjacent lanes, especially those in opposite direction.
[New] [Usenix Security'21] CVAnalyzer: First rigorous security analysis to find DoS (Denial of Service) vulnerabilities in Connected Vehicle (CV) communication protocols: We uncover 4 new DoS vulnerabilities in Peer-to-Peer Certificate Distribution (P2PCD) in IEEE 1609.2, which can block the certificate learning process and can further prevent the application layer from processing incoming packets, and 15 vulnerabilities (14 of 15 are new) in platoon management protocols (PMPs), which can block the communication among platoon members. We validate identified vulnerabilities in a real-world testbed. Besides, our case studies demonstrate that P2PCD attacks can lead to traffic accidents, and PMP attacks can affect the speed stability of the victim vehicle.
[Usenix Security'20] FusionRipper: First attack on Multi-Sensor Fusion (MSF) based AD localization: The first study on the security property of MSF-based localization in AD settings. We discover a novel and general attack, FusionRipper, which can fundamentally defeat the MSF design principle. We evaluate it on real-world sensor traces, and find that FusionRipper can achieve at least 97% and 91.3% success rates in all traces for off-road and wrongway attacks respectively.
[Usenix Security'20] CARLO & SVF: First general black-box adversarial sensor attack & defenses: The first general black-box attack on LiDAR-based perception in AD settings that achieves ~80% success rates on 3 state-of-the-art 3D object detection model designs. We further perform the first defense study, proposing CARLO that accurately detects LiDAR spoofing attacks and a robust model architecture, Sequential View Fusion (SVF). CARLO and SVF successfully reduce attack success rates to 5.5% and 2.3%, respectively.
[ACM CCS'19] LiDAR-Adv: First adversarial sensor attack on LiDAR-based AD perception: The first security study of LiDAR-based perception in AD settings. We design a new attack method, Adv-LiDAR, which can achieve ~75% success rate in injecting fake obstacles in front of a victim AV, causing road safety and mobility damages.
[ISOC NDSS'18] Congestion attack on CV-based traffic signal control: First attack on infrastructure-side CV-based intelligent transportation systems: The first security analysis of a CV-based transportation system, the USDOT sponsored I-SIG system. We find that due to several newly-discovered vulnerabilities, even one single attack vehicle can greatly manipulate the intelligent traffic control algorithm, causing severe traffic jams.
[IEEE IV'17] Towards secure and safe appified automated vehicles: A position paper proposing AVGUARD, an enhanced appified AD design schema that focuses on mitigating the threats from untrusted code in AD systems.
Transportation systems and automobiles today will be soon transformed profoundly due to the recent advances in Autonomous Driving (AD) and Connected Vehicle (CV) technology. To secure such safety-critical systems, my research is currently studying security problems in both AD and CV systems.
Autonomous Driving (AD) Systems Security
Autonomous Driving (AD) technology is also under active development these days. To enable autonomous driving, all the vehicle subsystems including critical control systems such as brake and acceleration are now controlled by software, making software quality, especially reliability and security, a concern that is more critical than ever. Due to the fact that (1) such control is managed by a complex distributed systems involving tens of microcontrollers, and (2) software development in in-vehicle systems is commonly outsourced to third-party sources, it is especially challenging to secure the software stack in such systems.
To tackle this challenge, we plant to leverage our past research experience in software security to systematically discover, analyze, and solving security problems in AD systems. Our research currently focuses on three aspects: (1) Automated software security analysis framework using static and dynamic program analysis techniques, (2) Access control system security in AD systems, especially that for peripheral devices such as GPS, radar, camera and Lidar, and (3) Machine learning security in AD systems, by analyze the robustness of the domain-specific machine learning usage in D systems under malicious input.
Connected Vehicle (CV) Systems Security
Orthogonal to the AD technology, CV-based transportation system connects vehicles and infrastructure through wireless communication, and has the potential to leverage such connectivity to significantly improve mobility (e.g., 20% reduction in total travel time), safety (e.g., 90% reduction of vehicle crash), and also sustainability. In September 2016, the USDOT (U.S. Department of Transportation) launched the CV Pilot Program as a national effort to deploy, test, and operationalize a series of CV-based transportation systems. The current CV Pilot Program sites include New York City (NYC), Wyoming (WY), and Tampa, FL (THEA).
While having a great potential, such dramatically increased connectivity also opens a new door for cyber attacks. To ensure the security of vehicles and transportation infrastructure and the safety of drivers and pedestrians, it is highly important to understand potential security problems so that they can be proactively addressed before nationwide deployment.
Motivated by this pressing need, we initiate the first comprehensive effort to address the security challenges with systematic analysis and defense solution design. Our research currently focuses on two perspectives: (1) CV application security, by analyzing the security of the released USDOT-sponsored CV-based transportation system and application prototypes, and (2) CV communication security, by analyzing the security of the CV network protocol stack design and implementations on CV devices. The analysis insights are expected to help develop practical defenses at both the infrastructure and vehicle sides. We’ve already started to build defense systems leveraging insights from current analysis results, e.g., designing effective data spoofing detection mechanisms leveraging infrastructure-controlled data sources.