Illusion and Dazzle: Adversarial Optical Channel Exploits Against Lidars for Automotive Applications

Shin, Hocheol; Kim, Dohyun; Kwon, Yujin; Kim, Yong‐Dae

doi:10.1007/978-3-319-66787-4_22

Cited by 168 publications

(217 citation statements)

References 11 publications

Supporting

Mentioning

216

Contrasting

Unclassified

Order By: Relevance

“…Threat model. To achieve the attack goal above, we consider Li-DAR spoofing attacks as our threat model, which is a demonstrated practical attack vector for LiDAR sensors [42,44] as described in §2.2. In AV settings, there are several possible scenarios to perform such attack.…”

Section: Attack Goal and Threat Modelmentioning

confidence: 99%

“…Another class of defenses aims to reduce the influence of the attack by modifying the internal sensing structure of the LiDAR. Different solutions include reducing the receiving angle and filtering unwanted light spectra to make LiDARs less susceptible to attacks [42,44]. However, these techniques also reduce the capacity of the LiDAR to measure the reflected laser pulses, which limits the range and the sensitivity of the device.…”

Section: Av System-level Defensesmentioning

confidence: 99%

“…To perform the analysis, we target the LiDAR-based perception implementation in Baidu Apollo, an open-source AV system that has over 100 partners and has reached a mass production agreement with multiple partners such as Volvo and Ford [8,9]. We consider a LiDAR spoofing attack, i.e., injecting spoofed LiDAR data points by shooting lasers, as our threat model since it has demonstrated feasibility in previous work [42,44]. With this threat model, we set the attack goal as adding spoofed obstacles in close distances to the front of a victim AV (or front-near obstacles) in order to alter its driving decisions.…”

Section: Introductionmentioning

confidence: 99%

“…In our study, we first reproduce the LiDAR spoofing attack from the work done by Shin et al [44] and try to exploit Baidu Apollo's LiDAR-based perception pipeline, which leverages machine learning for object detection as with the majority of the state-of-the-art LiDAR-based AV perception techniques [6]. We enumerate different spoofing patterns from the previous work, e.g., a spoofed wall, and different spoofing angles and shapes, but none of them succeed in generating a spoofed road obstacle after the machine learning step.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

Cao

Xiao

Cyr

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

389

374

View full text Add to dashboard Cite

In Autonomous Vehicles (AVs), one fundamental pillar is perception, which leverages sensors like cameras and LiDARs (Light Detection and Ranging) to understand the driving environment. Due to its direct impact on road safety, multiple prior efforts have been made to study its the security of perception systems. In contrast to prior work that concentrates on camera-based perception, in this work we perform the first security study of LiDAR-based perception in AV settings, which is highly important but unexplored. We consider LiDAR spoofing attacks as the threat model and set the attack goal as spoofing obstacles close to the front of a victim AV. We find that blindly applying LiDAR spoofing is insufficient to achieve this goal due to the machine learning-based object detection process. Thus, we then explore the possibility of strategically controlling the spoofed attack to fool the machine learning model. We formulate this task as an optimization problem and design modeling methods for the input perturbation function and the objective function. We also identify the inherent limitations of directly solving the problem using optimization and design an algorithm that combines optimization and global sampling, which improves the attack success rates to around 75%. As a case study to understand the attack impact at the AV driving decision level, we construct and evaluate two attack scenarios that may damage road safety and mobility. We also discuss defense directions at the AV system, sensor, and machine learning model levels. CCS CONCEPTS• Security and privacy → Domain-specific security and privacy architectures; • Computer systems organization → Neural networks.

show abstract

Section: Attack Goal and Threat Modelmentioning

confidence: 99%

Section: Av System-level Defensesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

Cao

Xiao

Cyr

et al. 2019

Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security

389

374

View full text Add to dashboard Cite

show abstract

“…To motivate our definition, the term injection was chosen because it captures the fact that values reported by a system are altered; it is not channel-specific; and it has already been adopted by different works [5], [11], [13], [35]- [44]. The out-of-band qualifier is necessary to distinguish the attacks studied in this survey from signal injection attacks on sensors using pulse reflections such as LiDARs [9], [14], [31], signal injection attacks on the physical layer of communication protocols [45], and false data injection attacks [28], [46]. As explained in Section I-A, these attacks are out-of-scope, as they do not depend on hardware vulnerabilities, but instead use external communication interfaces.…”

Section: Choice Of Terminologymentioning

confidence: 99%

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Giechaskiel

Rasmussen

2020

IEEE Commun. Surv. Tutorials

View full text Add to dashboard Cite

Recent research has shown that the integrity of sensor measurements can be violated through out-of-band signal injection attacks. These attacks target the conversion process from a physical quantity to an analog property-a process that fundamentally cannot be authenticated. Out-of-band signal injection attacks thus pose previously-unexplored security risks by exploiting hardware imperfections in the sensors themselves, or in their interfaces to microcontrollers. In response to the growingyet-disjointed literature in the subject, this article presents the first survey of out-of-band signal injection attacks. It focuses on unifying their terminology and identifying commonalities in their causes and effects through a chronological, evolutionary, and thematic taxonomy of attacks. By highlighting cross-influences between different types of out-of-band signal injections, this paper underscores the need for a common language irrespective of the attack method. By placing attack and defense mechanisms in the wider context of their dual counterparts of side-channel leakage and electromagnetic interference, this study identifies common threads and gaps that can help guide and inform future research. Overall, the ever-increasing reliance on sensors embedded in everyday commodity devices necessitates that a stronger focus be placed on improving the security of such systems against out-of-band signal injection attacks.

show abstract

Intelligent In‐Vehicle Interaction Technologies

Murali

Kaboli

Dahiya

2021

Advanced Intelligent Systems

View full text Add to dashboard Cite

Autonomous vehicles (AVs) will soon become a reality with almost every major automotive original equipment manufacturer (OEM) such as Tesla, BMW, Daimler, and big technology giants such as Google's Waymo and Apple Car pushing toward the full self-driving objective. According to the SAE J3016 taxonomy [1] of autonomous driving, there are six levels of automated driving systems ranging from level 0 (completely manual) to level 5 (full selfdriving [FSD]) automated systems that are expected to function in all geographic locations, all weather conditions, and under all conditions. The proposed benefits of intelligent vehicles include fewer road accidents, enhanced safety, reduced traffic congestion, effective commute time usage, and importantly enjoyable and comfortable ride. With increased autonomy, the drivers also assume the role of mere passengers who are engaged in nondriving activities and are unavailable to participate in traffic interactions. This would increase complexity in a mixed-autonomy traffic environment as interactions with pedestrians and cyclists are based on visual cues with the driver. Therefore, intelligent vehicles also need to autonomously interact with other traffic participants such as pedestrians and cyclists and other vehicles.Human-vehicle interaction (HVI) is closely related to the field of human-robot interaction (HRI). It entails the problem of understanding and shaping the interaction dynamics between humans and vehicles. Particularly, the domain of interaction involves the study of sensation, perception, information exchange, inference, and decision-making. [2] With increasing levels of automation, the driver will have more time and choice to perform various tasks other than driving and this opens new avenues for interaction. As a result, a growing number of sensors are being incorporated into the vehicles to understand the driver's and/or passenger's actions, emotions, and personal choices to offer the precise functionalities and services for an enjoyable ride. [3] Figure 1 shows the schematic of in-vehicle interaction consisting of various interactive interfaces and sensing modalities present in the vehicle as well as some modes of interaction such as gestures, speech, and eye gaze.The advances in HVI have been presented in previous review articles, which have mainly focused on the detection of particular characteristics for driving assistance such as driver attention detection, [4] emotion recognition, [5] drowsiness detection, [6] mental workload, [7] and so on. A few other articles have reviewed the interior designs of AVs to better support and interact with drivers and passengers. [8,9] Likewise, the user interfaces (UIs) and user experience (UX) of vehicle interiors have been studied in context with manual as well as automated driving. [10] A number of previous works have also studied the interaction with the external

show abstract

Illusion and Dazzle: Adversarial Optical Channel Exploits Against Lidars for Automotive Applications

Cited by 168 publications

References 11 publications

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

Adversarial Sensor Attack on LiDAR-based Perception in Autonomous Driving

Taxonomy and Challenges of Out-of-Band Signal Injection Attacks and Defenses

Intelligent In‐Vehicle Interaction Technologies

Contact Info

Product

Resources

About