Analyzing Attacks on Cooperative Adaptive Cruise Control (CACC)

Cooperative Adaptive Cruise Control (CACC) is one of the driving applications of vehicular ad-hoc networks (VANETs) and promises to bring more efficient and faster transportation through cooperative behavior between vehicles. In CACC, vehicles exchange information, which is relied on to partially automate driving; however, this reliance on cooperation requires resilience against attacks and other forms of misbehavior. In this paper, we propose a rigorous attacker model and an evaluation framework for this resilience by quantifying the attack impact, providing the necessary tools to compare controller resilience and attack effectiveness simultaneously. Although there are significant differences between the resilience of the three analyzed controllers, we show that each can be attacked effectively and easily through either jamming or data injection. Our results suggest a combination of misbehavior detection and resilient control algorithms with graceful degradation are necessary ingredients for secure and safe platoons.Comment: 8 pages (author version), 5 Figures, Accepted at 2017 IEEE Vehicular Networking Conference (VNC

Security of Vehicular Platooning

Platooning concept involves a group of vehicles acting as a single unit through coordination of movements. While Platooning as an evolving trend in mobility and transportation diminishes the individual and manual driving concerns, it creates new risks. New technologies and passenger’s safety and security further complicate matters and make platooning attractive target for the malicious minds. To improve the security of the vehicular platooning, threats and their potential impacts on vehicular platooning should be identified to protect the system against security risks. Furthermore, algorithms should be proposed to detect intrusions and mitigate the effects in case of attack. This dissertation introduces a new vulnerability in vehicular platooning from the control systems perspective and presents the detection and mitigation algorithms to protect vehicles and passengers in the event of the attack

A Study of Potential Security and Safety Vulnerabilities in Cyber-Physical Systems

The work in this dissertation focuses on two examples of Cyber-Physical Systems (CPS), integrations of communication and monitoring capabilities to control a physical system, that operate in adversarial environments. That is to say, it is possible for individuals with malicious intent to gain access to various components of the CPS, disrupt normal operation, and induce harmful impacts. Such a deliberate action will be referred to as an attack. Therefore, some possible attacks against two CPSs will be studied in this dissertation and, when possible, solutions to handle such attacks will also be suggested. The first CPS of interest is vehicular platoons wherein it is possible for a number of partially-automated vehicles to drive autonomously towards a certain destination with as little human driver involvement as possible. Such technology will ultimately allow passengers to focus on other tasks, such as reading or watching a movie, rather than on driving. In this dissertation three possible attacks against such platoons are studied. The first is called ”the disbanding attack” wherein the attacker is capable of disrupting one platoon and also inducing collisions in another intact (non-attacked) platoon vehicles. To handle such an attack, two solutions are suggested: The first solution is formulated using Model Predictive Control (MPC) optimal technique, while the other uses a heuristic approach. The second attack is False-Data Injection (FDI) against the platooning vehicular sensors is analyzed using the reachability analysis. This analysis allows us to validate whether or not it is possible for FDI attacks to drive a platoon towards accidents. Finally, mitigation strategies are suggested to prevent an attacker-controlled vehicle, one which operates inside a platoon and drives unpredictably, from causing collisions. These strategies are based on sliding mode control technique and once engaged in the intact vehicles, collisions are reduced and eventual control of those vehicles will be switched from auto to human to further reduce the impacts of the attacker-controlled vehicle. The second CPS of interest in this dissertation is Heating, Ventilating, and Air Conditioning (HVAC) systems used in smart automated buildings to provide an acceptable indoor environment in terms of thermal comfort and air quality for the occupants For these systems, an MPC technique based controller is formulated in order to track a desired temperature in each zone of the building. Some previous studies indicate the possibility of an attacker to manipulate the measurements of temperature sensors, which are installed at different sections of the building, and thereby cause them to read below or above the real measured temperature. Given enough time, an attacker could monitor the system, understand how it works, and decide which sensor(s) to target. Eventually, the attacker may be able to deceive the controller, which uses the targeted sensor(s) readings and raises the temperature of one or multiple zones to undesirable levels, thereby causing discomfort for occupants in the building. In order to counter such attacks, Moving Target Defense (MTD) technique is utilized in order to constantly change the sensors sets used by the MPC controllers and, as a consequence, reduce the impacts of sensor attacks

Insider Vs. Outsider threats to autonomous vehicle platooning

Autonomous vehicles and platooning enhance productivity and present new opportunities and competitive advantages in the transportation industry. Platooning concept involves a group of vehicles acting as a single unit through coordination of movements. While Platooning as an evolving trend in mobility and transportation diminishes the individual and manual driving concerns, it creates new risks. New technologies and passengers’ safety and security further complicate matters and make platooning attractive target for the malicious minds. Threats and their potential impacts on vehicular platooning should be identified in order to protect the system against security risks. In this note, we show the range of the disruption that malicious insider and outsider can cause to the platoon. The insider attacker follows the normal control law of the platoon before it stArts the attack. This type of attack is implemented through control law modification, where the attacker maliciously misconfigures its controller. Outsider attacker is a non-platoon member who attempts to disrupt platoon. While the intruder can impact the other vehicles’ motions using its movement, it is not affected by other vehicles in the platoon. Outsider attack happens when attacker joins platoon deceitfully and tries to affect the platoon via its acceleration and deceleration. We demonstrate impacts of each attack on the platoon and discuss which type of attack poses the higher risks and results in the more catastrophic impacts

The OpenCDA Open-source Ecosystem for Cooperative Driving Automation Research

Advances in Single-vehicle intelligence of automated driving have encountered significant challenges because of limited capabilities in perception and interaction with complex traffic environments. Cooperative Driving Automation~(CDA) has been considered a pivotal solution to next-generation automated driving and intelligent transportation. Though CDA has attracted much attention from both academia and industry, exploration of its potential is still in its infancy. In industry, companies tend to build their in-house data collection pipeline and research tools to tailor their needs and protect intellectual properties. Reinventing the wheels, however, wastes resources and limits the generalizability of the developed approaches since no standardized benchmarks exist. On the other hand, in academia, due to the absence of real-world traffic data and computation resources, researchers often investigate CDA topics in simplified and mostly simulated environments, restricting the possibility of scaling the research outputs to real-world scenarios. Therefore, there is an urgent need to establish an open-source ecosystem~(OSE) to address the demands of different communities for CDA research, particularly in the early exploratory research stages, and provide the bridge to ensure an integrated development and testing pipeline that diverse communities can share. In this paper, we introduce the OpenCDA research ecosystem, a unified OSE integrated with a model zoo, a suite of driving simulators at various resolutions, large-scale real-world and simulated datasets, complete development toolkits for benchmark training/testing, and a scenario database/generator. We also demonstrate the effectiveness of OpenCDA OSE through example use cases, including cooperative 3D LiDAR detection, cooperative merge, cooperative camera-based map prediction, and adversarial scenario generation

Impact Sensitivity Analysis of Cooperative Adaptive Cruise Control Against Resource-Limited Adversaries

Cooperative Adaptive Cruise Control (CACC) is a promising technology that allows groups of vehicles to form in automated tightly-coupled platoons. CACC schemes exploit Vehicle-to-Vehicle (V2V) wireless communications to exchange kinematic information among adjacent vehicles. However, the use of communication networks brings security concerns as cyberattacks could access the vehicles' internal networks and computers to disrupt their operation and even cause crashes. In this manuscript, we present a sensitivity analysis of standard CACC schemes against a class of resource-limited attacks. We present a modelling framework that allows us to systematically compute outer ellipsoidal approximations of reachable sets induced by attacks. We use the size of these sets as a security metric to quantify the potential damage of attacks entering the dynamics at different points and study how two key system parameters (sampling and headway constant) change these metrics. We carry out the latter sensitivity analysis for two different controller implementations (as given the available sensors there is an infinite number of realizations of the same controller) and show how different implementations can significantly affect the impact of attacks. We present extensive simulation experiments to illustrate our ideas