Attacks on Self-Driving Cars and Their Countermeasures: A Survey
16 Nov 2020-IEEE Access (Institute of Electrical and Electronics Engineers (IEEE))-Vol. 8, pp 207308-207342
TL;DR: This paper analyzed the attacks that already targeted self-driving cars and extensively present potential cyber-attacks and their impacts on those cars along with their vulnerabilities and the possible mitigation strategies taken by the manufacturers and governments.
Abstract: Intelligent Traffic Systems (ITS) are currently evolving in the form of a cooperative ITS or connected vehicles. Both forms use the data communications between Vehicle-to-Vehicle (V2V), Vehicle-to-Infrastructure (V2I/I2V) and other on-road entities, and are accelerating the adoption of self-driving cars. The development of cyber-physical systems containing advanced sensors, sub-systems, and smart driving assistance applications over the past decade is equipping unmanned aerial and road vehicles with autonomous decision-making capabilities. The level of autonomy depends upon the make-up and degree of sensor sophistication and the vehicle’s operational applications. As a result, self-driving cars are being compromised perceived as a serious threat. Therefore, analyzing the threats and attacks on self-driving cars and ITSs, and their corresponding countermeasures to reduce those threats and attacks are needed. For this reason, some survey papers compiling potential attacks on VANETs, ITSs and self-driving cars, and their detection mechanisms are available in the current literature. However, up to our knowledge, they have not covered the real attacks already happened in self-driving cars. To bridge this research gap, in this paper, we analyze the attacks that already targeted self-driving cars and extensively present potential cyber-attacks and their impacts on those cars along with their vulnerabilities. For recently reported attacks, we describe the possible mitigation strategies taken by the manufacturers and governments. This survey includes recent works on how a self-driving car can ensure resilient operation even under ongoing cyber-attack. We also provide further research directions to improve the security issues associated with self-driving cars.
Citations
More filters
TL;DR: This work looks into the current state of research and development in environment detection, pedestrian detection, path planning, motion control, and vehicle cybersecurity for autonomous vehicles and compares the different proposed technologies.
Abstract: Vehicular technology has recently gained increasing popularity, and autonomous driving is a hot topic. To achieve safe and reliable intelligent transportation systems, accurate positioning technologies need to be built to factor in the different types of uncertainties such as pedestrian behavior, random objects, and types of roads and their settings. In this work, we look into the other domains and technologies required to build an autonomous vehicle and conduct a relevant literature analysis. In this work, we look into the current state of research and development in environment detection, pedestrian detection, path planning, motion control, and vehicle cybersecurity for autonomous vehicles. We aim to study the different proposed technologies and compare their approaches. For a car to become fully autonomous, these technologies need to be accurate enough to gain public trust and show immense accuracy in their approach to solving these problems. Public trust and perception of auto vehicles are also explored in this paper. By discussing the opportunities as well as the obstacles of autonomous driving technology, we aim to shed light on future possibilities.
44 citations
TL;DR: In this article , a survey summarizes and reviews the existing results on attack/anomaly detection and resilience of connected and automated vehicles in control frameworks, and some potential research directions and challenges are identified.
Abstract: Recent advances in attack/anomaly detection and resilience strategies for connected and automated vehicles (CAVs) are reviewed from vehicle dynamics and control perspective. Compared to traditional vehicles, CAVs are featured in the increasing number of perception sensors, advanced intra-vehicle communication technologies, capabilities of driving automation and connectivity between single vehicles. These features bring about safety issues which are not encountered in traditional vehicle systems. One main type of these issues is the attack or anomaly launched onto the perception sensors and the communication channels. With such a consideration, this survey summarizes and reviews the existing results on attack/anomaly detection and resilience of CAVs in control frameworks. This paper reviews the results according to the positions at which the attacks/anomalies occur. These positions are divided into three categories, namely, intra-vehicle communication network, perception sensors and inter-vehicle communication network. From this perspective, the recent attack/anomaly detection and resilience results are reviewed according to different positions attacked. After reviewing existing results, some potential research directions and challenges are identified.
23 citations
TL;DR: In this paper , a survey summarizes and reviews the existing results on attack/anomaly detection and resilience of connected and automated vehicles in control frameworks, and some potential research directions and challenges are identified.
Abstract: Recent advances in attack/anomaly detection and resilience strategies for connected and automated vehicles (CAVs) are reviewed from vehicle dynamics and control perspective. Compared to traditional vehicles, CAVs are featured in the increasing number of perception sensors, advanced intra-vehicle communication technologies, capabilities of driving automation and connectivity between single vehicles. These features bring about safety issues which are not encountered in traditional vehicle systems. One main type of these issues is the attack or anomaly launched onto the perception sensors and the communication channels. With such a consideration, this survey summarizes and reviews the existing results on attack/anomaly detection and resilience of CAVs in control frameworks. This paper reviews the results according to the positions at which the attacks/anomalies occur. These positions are divided into three categories, namely, intra-vehicle communication network, perception sensors and inter-vehicle communication network. From this perspective, the recent attack/anomaly detection and resilience results are reviewed according to different positions attacked. After reviewing existing results, some potential research directions and challenges are identified.
19 citations
TL;DR: This paper proposes a Blockchain-integrated Multi-Agent Deep Reinforcement Learning (Block-MADRL) architecture for enhancing the efficiency of CACC while cooperatively detecting attacks, reducing the fuel efficiency of identified attackers and securely notifying the overall network.
Abstract: Connected and Autonomous Vehicles (CAVs) are an emerging solution to the issues of safe and sustainable transportation systems in the future. One major transport technology for CAVs is Cooperative Adaptive Cruise Control (CACC), for which unsignalized autonomous intersection crossing is a growing use case. CACC relies heavily on inter-vehicular communication and is thus vulnerable to message forgery and jamming attacks. Most solutions for CACC focus exclusively on enhancing efficiency or security but do not offer an integrated framework for achieving both on a large scale. In this paper, we propose a Blockchain-integrated Multi-Agent Deep Reinforcement Learning (Block-MADRL) architecture for enhancing the efficiency of CACC while cooperatively detecting attacks, reducing the fuel efficiency of identified attackers and securely notifying the overall network. Our approach uses multi-agent deep reinforcement learning to find fuel and throughput optimizing solutions for CACC and a cooperative verification mechanism based on Extended Isolation Forest (EIF) for attack detection. Attacker data is securely stored in a Road Side Unit (RSU) level blockchain, and we design a low-latency, high throughput consensus protocol for speedy and secure data dissemination. Simulation results indicate over 29.5% better lane throughput with our approach during acceleration forgery attack, up to 23% induced reduction in fuel efficiency of malicious vehicles, 17.6% higher blockchain throughput through our consensus protocol and over 8% improvement in attack detection rate compared to the state-of-the-art.
13 citations
01 Feb 2022
TL;DR: In this paper , a conceptual System Dynamics (SD) model is developed to analyse cybersecurity in the complex, uncertain deployment of connected and autonomous vehicles (CAVs), which integrates six critical avenues and maps their respective parameters that either trigger or mitigate cyber-attacks in the operation of CAVs using a systematic theoretical approach.
Abstract: Emerging Connected and Autonomous Vehicles (CAVs) technology have a ubiquitous communication framework. It poses security challenges in the form of cyber-attacks, prompting rigorous cybersecurity measures. There is a lack of knowledge on the anticipated cause-effect relationships and mechanisms of CAVs cybersecurity and the possible system behaviour, especially the unintended consequences. Therefore, this study aims to develop a conceptual System Dynamics (SD) model to analyse cybersecurity in the complex, uncertain deployment of CAVs. Specifically, the SD model integrates six critical avenues and maps their respective parameters that either trigger or mitigate cyber-attacks in the operation of CAVs using a systematic theoretical approach. These six avenues are: i) CAVs communication framework, ii) secured physical access, iii) human factors, iv) CAVs penetration, v) regulatory laws and policy framework, and iv) trust-across the CAVs-industry and among the public. Based on the conceptual model, various system archetypes are analysed. "Fixes that Fail", in which the upsurge in hacker capability is the unintended natural result of technology maturity, requires continuous efforts to combat it. The primary mitigation steps are human behaviour analysis, knowledge of motivations and characteristics of CAVs cyber-attackers, CAVs users and Original Equipment Manufacturers education. "Shifting the burden", where policymakers counter the perceived cyber threats of hackers by updating legislation that also reduces CAVs adaptation by imitations, indicated the need for calculated regulatory and policy intervention. The "limits to success" triggered by CAVs penetration increase the defended hacks to establish regulatory laws, improve trust, and develop more human analysis. However, it may also open up caveats for cyber-crimes and alert that CAVs deployment to be alignment with the intended goals for enhancing cybersecurity. The proposed model can support decision-making and training and stimulate the roadmap towards an optimized, self-regulating, and resilient cyber-safe CAV system.
12 citations
References
More filters
16 May 2010
TL;DR: It is demonstrated that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems and present composite attacks that leverage individual weaknesses.
Abstract: Modern automobiles are no longer mere mechanical devices; they are pervasively monitored and controlled by dozens of digital computers coordinated via internal vehicular networks. While this transformation has driven major advancements in efficiency and safety, it has also introduced a range of new potential risks. In this paper we experimentally evaluate these issues on a modern automobile and demonstrate the fragility of the underlying system structure. We demonstrate that an attacker who is able to infiltrate virtually any Electronic Control Unit (ECU) can leverage this ability to completely circumvent a broad array of safety-critical systems. Over a range of experiments, both in the lab and in road tests, we demonstrate the ability to adversarially control a wide range of automotive functions and completely ignore driver input\dash including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on. We find that it is possible to bypass rudimentary network security protections within the car, such as maliciously bridging between our car's two internal subnets. We also present composite attacks that leverage individual weaknesses, including an attack that embeds malicious code in a car's telematics unit and that will completely erase any evidence of its presence after a crash. Looking forward, we discuss the complex challenges in addressing these vulnerabilities while considering the existing automotive ecosystem.
1,463 citations
Proceedings Article•
08 Aug 2011TL;DR: This work discovers that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft.
Abstract: Modern automobiles are pervasively computerized, and hence potentially vulnerable to attack. However, while previous research has shown that the internal networks within some modern cars are insecure, the associated threat model--requiring prior physical access--has justifiably been viewed as unrealistic. Thus, it remains an open question if automobiles can also be susceptible to remote compromise. Our work seeks to put this question to rest by systematically analyzing the external attack surface of a modern automobile. We discover that remote exploitation is feasible via a broad range of attack vectors (including mechanics tools, CD players, Bluetooth and cellular radio), and further, that wireless communications channels allow long distance vehicle control, location tracking, in-cabin audio exfiltration and theft. Finally, we discuss the structural characteristics of the automotive ecosystem that give rise to such problems and highlight the practical challenges in mitigating them.
1,370 citations
"Attacks on Self-Driving Cars and Th..." refers background in this paper
...San Diego’s [45] team of researchers from Washington University and the University of California experimented with a multitude of attacks such as cd players, Bluetooth, and radio....
[...]
...Here, the highway users, aswell as traffic management and infrastructure centers, work together as a combination of radars, cameras, sensors, advanced Radio Frequency Identification (RFID), high-tech, ultrasonic, and simulated traffic beams to enhance transportation [45], [46]....
[...]
TL;DR: The possible ITS applications that can use UAVs are described, and the potential and challenges for UAV-enabled ITS for next-generation smart cities are highlighted.
Abstract: There could be no smart city without a reliable and efficient transportation system. This necessity makes the ITS a key component of any smart city concept. While legacy ITS technologies are deployed worldwide in smart cities, enabling the next generation of ITS relies on effective integration of connected and autonomous vehicles, the two technologies that are under wide field testing in many cities around the world. Even though these two emerging technologies are crucial in enabling fully automated transportation systems, there is still a significant need to automate other road and transportation components. To this end, due to their mobility, autonomous operation, and communication/processing capabilities, UAVs are envisaged in many ITS application domains. This article describes the possible ITS applications that can use UAVs, and highlights the potential and challenges for UAV-enabled ITS for next-generation smart cities.
683 citations
"Attacks on Self-Driving Cars and Th..." refers background in this paper
...Nevertheless, automatic vehicles still pose high risks of being exposed to threats, and attacks can be possible to occur on all technology devices fitted in them [7], [8]....
[...]
TL;DR: In this paper, the authors study and systematize existing research on CPS security under a unified framework, which consists of three orthogonal coordinates: 1) from the security perspective, they follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from CPS components, they focus on cyber, physical, and cyber-physical components.
Abstract: With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. In this paper, we study and systematize existing research on CPS security under a unified framework. The framework consists of three orthogonal coordinates: 1) from the security perspective, we follow the well-known taxonomy of threats, vulnerabilities, attacks and controls; 2) from the CPS components perspective, we focus on cyber, physical, and cyber-physical components; and 3) from the CPS systems perspective, we explore general CPS features as well as representative systems (e.g., smart grids, medical CPS, and smart cars). The model can be both abstract to show general interactions of components in a CPS application, and specific to capture any details when needed. By doing so, we aim to build a model that is abstract enough to be applicable to various heterogeneous CPS applications; and to gain a modular view of the tightly coupled CPS components. Such abstract decoupling makes it possible to gain a systematic understanding of CPS security, and to highlight the potential sources of attacks and ways of protection. With this intensive literature review, we attempt to summarize the state-of-the-art on CPS security, provide researchers with a comprehensive list of references, and also encourage the audience to further explore this emerging field.
658 citations
26 Jun 2018
TL;DR: This paper presents an approach to joint classification, detection and semantic segmentation using a unified architecture where the encoder is shared amongst the three tasks, and performs extremely well in the challenging KITTI dataset.
Abstract: While most approaches to semantic reasoning have focused on improving performance, in this paper we argue that computational times are very important in order to enable real time applications such as autonomous driving. Towards this goal, we present an approach to joint classification, detection and semantic segmentation using a unified architecture where the encoder is shared amongst the three tasks. Our approach is very simple, can be trained end-to-end and performs extremely well in the challenging KITTI dataset. Our approach is also very efficient, allowing us to perform inference at more then 23 frames per second. Training scripts and trained weights to reproduce our results can be found here: https://github.com/MarvinTeichmann/MultiNet
633 citations
"Attacks on Self-Driving Cars and Th..." refers background in this paper
...It is still the GNSS system that promotes communication with proximate cars, distant service providers, highway setups, and essential events through communication tools calledV2X [22], [23], [47]....
[...]
...From the lessons learned and the predictive analysis of potential future security threats for self-driving cars and ITSs, it is important to establish reliable and effective protection mechanisms against the security threats before putting the self-driving cars on roads [22], [23]....
[...]