Secure Trajectory Planning Against Undetectable Spoofing Attacks

Abstract

This paper studies, for the first time, the trajectory planning problem in adversarial environments, where the objective is to design the trajectory of a robot to reach a desired final state despite the unknown and arbitrary action of an attacker. In particular, we consider a robot moving in a two-dimensional space and equipped with two sensors, namely, a Global Navigation Satellite System (GNSS) sensor and a Radio Signal Strength Indicator (RSSI) sensor. The attacker can arbitrarily spoof the readings of the GNSS sensor and the robot control input so as to maximally deviate his trajectory from the nominal precomputed path. We derive explicit and constructive conditions for the existence of undetectable attacks, through which the attacker deviates the robot trajectory in a stealthy way. Conversely, we characterize the existence of secure trajectories, which guarantee that the robot either moves along the nominal trajectory or that the attack remains detectable. We show that secure trajectories can only exist between a subset of states, and provide a numerical mechanism to compute them. We illustrate our findings through several numerical studies, and discuss that our methods are applicable to different models of robot dynamics, including unicycles. More generally, our results show how control design affects security in systems with nonlinear dynamics.Comment: Accepted for publication in Automatic