Project Overview

mmWave Automotive FMCW Radars

A common FMCW signal processing pipeline

Radio detection and ranging (a.k.a radar) sensors are commonly used sensors in the automotive market due to their reliability in adverse lighting and weather conditions, long detection range, and ability to detect an object's relative velocity. While various techniques and waveforms can be used to perform radar sensing, frequency-modulated continuous wave (FMCW) radars are the most common in vehicular systems due to their simple implementation at low cost. The latest generation of FMCW radars, mm-Wave radar operates in the 76-77 GHz (i.e., long-range sensing) and 77-81 GHz (i.e., short-range sensing) with bandwidths of up to 4 GHz; such high bandwidths and frequencies allow these sensors to have 20 x better range resolution (down to 4cm) and 3x better velocity resolution. Given its benefits and capabilities, FMCW radars play a critical role in many advanced driver assistance systems (ADAS) including blind spot detection (BSD), automatic emergency braking (AEB), lane change assist (LCA), and automatic cruise control (ACC). Given this safety-critical nature, it is crucial to understand any vulnerabilities these systems may have.

A common FMCW radar signal processing pipeline is featured above. From the figure, the 5 key steps of FMCW radar signal processing can be summarized as follows:

Chirps at Transmitter (Tx) and Receiver (Rx): For each radar frame, a series of chirps are transmitted. These chirps reflect off of objects in the environment, and the reflected chirps are received by the radar.
Dechirping and IF Signal Generation: The transmitted and received chirps are then fed through a mixer to determine a the intermediate frequency (a.k.a IF). This is the frequency difference between the transmitted and received chirp, and can easily be used to measure the range of different objects.
Range-Doppler Response: Using an operation known as a 2D fast Fourrier transform (a.ka. 2D-FFT), we compute the Range-Doppler response which shows the range and velocity of objects in the environment.
CA-CFAR Detections: From the Range-Doppler response, a CA-CFAR detector is used to determine the location of objects in the environment.
DBSCAN Clustering: The detections from the CA-CFAR are then grouped together using a DBSCAN clustering algorithm; this allows the radar to determine which detections correspond to wich objects in the environment.

MadRadar Block Diagram

Black-Box Attacks Using MadRadar

The vast majority of previous works assumed that the attacker had prior knowledge of key victim radar parameters and settings, including the chirp slope, chirp period, and frame period (i.e.: a white-box attack). By contrast, MadRadar was designed to estimate a victim's radar parameters in real time and then launch attacks using those estimates (i.e.: a black-box attack). The figure on the right presents an overview of our novel black-box attack architecture where we estimate a victims parameters using the following high-level steps:

Detect victim frames: the attacker waits until it detects the start of a victim's radar frame. Once the start of the frame is detected, the attacker records a 5 ms long that will be used by later steps to estimate the victims parameters.
Generate Spectrogram: The recorded signal is used to generate a Spectrogram which allows us to visualize the received signal frequency over time; this diagram can easily be used to detect individual chirps within the victim's radar frame.
Identify Chirps: Individual chirps within the victim's radar frame are identified from the spectrogram using a peak-detection and clustering algorithm. For each chirp, we compute a linear model to estimate the slope and start time.
Estimate Parameters: The estimated slopes and start times are then used to compute averages for the chirp slope, chirp period, and frame period. Through experimentation and simulation, we show that our system only requires 6 victim frames to compute accuate estimates. Finally, the estimates are also used to predict when the next victim frame will occur.

Threat Models

MadRadar is designed to "add", "remove", and "move" objects in a victim's radar point cloud. Here, our focus is only on attacking in the range and velocity domains. The three primary threat models (i.e.: how we attack a victim) for our attack are summarized below

False Positive Attacks

The goal of a false positive attack is to "add" fake objects into a victim's radar point cloud. Intuitively, this is done by transmitting exact replicas of a victim's radar chirps, but with specific a specific time delay and phase shifts applied.

False Negative Attacks

The goal of a false negative attack is to effectively "remove" an object from a victim's radar point cloud. Intuitively, this is done by adding clutter around a specific target such that the probability of the CA-CFAR detecting the object is significantly decreased.

Translation Attacks

The goal of a translation attack is to "move" an object in the victim's radar point cloud. This is accomplished by using a false negative attack to remove the real object while simultaneously using a false positive attack to add in a fake object at a different range and velocity

Prototype Implementation of MadRadar on Software Defined Radios

We demonstrate the feasibility of MadRadar by conducting real-world experiments using real-time prototype implementations of a victim radar and our attack architecture on software-defined radios (SDRs). Here, we utilized the USRP Hardware Driver (UHD) C++ API to interface with USRP B210 software defined radios when developing our prototype victim and attack implementations. Using these prototypes, we performed over 600 unique experiments and 8 real-world case studies to validate the real-world performance of our system. With that said, the available hardware constrained us to a sampling bandwidth of 25 MSps and a frequency of 1.5 GHz. As such, we also developed a realistic simulation environment in MATLAB to evaluate the full-scale version of our architecture as well.

Page updated

Google Sites

Report abuse