ghost cars and fake obstacles autonomy software security
play

Ghost Cars and Fake Obstacles : Autonomy Software Security in - PowerPoint PPT Presentation

Mar 30, 2023 •335 likes •718 views

Ghost Cars and Fake Obstacles : Autonomy Software Security in Emerging Autonomous Driving & Smart Transportation Qi Alfred Chen Assistant Professor, Dept. of CS A bit about me Qi Alfred Chen Assistant Prof. in CS@UC Irvine

  1. Ghost Cars and Fake Obstacles : Autonomy Software Security in Emerging Autonomous Driving & Smart Transportation Qi Alfred Chen Assistant Professor, Dept. of CS

  2. A bit about me • Qi Alfred Chen – Assistant Prof. in CS@UC Irvine – Ph.D., U of Michigan • Area: Cybersecurity 2

  3. Impact: Demo & vuln. report 17,000 views a day! NDSS’16 IEEE S&P’16 Euro S&P’17 CCS’17 Usenix Sec’14 NDSS’16 CCS’17 CCS’15 CCS’17 NDSS’18 NDSS’18 3

  4. Impact: Media coverage Usenix Securiy’14 Euro S&P’17 IEEE S&P’16 4

  5. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) 5

  6. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) 6

  7. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) Autonomy software 7

  8. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) Autonomy software [ISOC NDSS’18] [ACM CCS’19] First software security analysis of a First software security analysis of CV-based transportation system LiDAR-based AV perception 8

  9. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) [ISOC NDSS’18] [ACM CCS’19] First software security analysis of a First software security analysis of CV-based transportation system LiDAR-based AV perception 9

  10. Background: Connected Vehicle technology • Wirelessly connect vehicles & infrastructure to dramatically improve mobility & safety • Will soon transform transportation systems today – 2016.9, USDOT launched CV Pilot Program CV technology Under deployment OBU RSU 10 CV = Connected Vehicle OBU = On-Board Unit RSU = Road-Side Unit

  11. First security analysis of CV-based transp. • Target : Intelligent Traffic Signal System (I-SIG) – Use real-time CV data for intelligent signal control – USDOT sponsored design & impl. – Fully implemented & tested in Anthem, AZ, & Palo Alto, CA • ~30% reduction in total vehicle delay – Under deployment in NYC and Tampa, FL Real-time CV data I-SIG RSU Control 11 CV = Connected Vehicle OBU = On-Board Unit RSU = Road-Side Unit

  12. Threat model • Malicious vehicle owners deliberately control the OBU to send spoofed data – OBU is compromised physically 1 , wirelessly 2 , or by malware 3 Real-time Spoofed CV CV data data I-SIG RSU Control Influence Malicious vehicle owner signal control 12 1 Koscher et al.@IEEE S&P’10 2 Checkoway et al.@Usenix Security'11 3 Mazloom et al.@UsenixWOOT’16

  13. Attack goals Traffic congestion Increase total delay of vehicles in the intersection Personal gain Minimize attacker’s travel time (at the cost of others’) 13

  14. Attack goals This work Traffic congestion Increase total delay of vehicles in the intersection Personal gain Minimize attacker’s travel time (at the cost of others’) 14

  15. Analysis methodology Analysis of Attack input data flow Data spoofing Source code strategies Spoofing w/ Dynamic analysis high delay inc Spoofing Increased option enum delay calc Congestion creation vuln. Traffic snapshots from simulator Exploit construction Congestion creation exploit 15

  16. Software vulnerability discovery • Finding : Traffic control algorithm level vulnerabilities – Spoofed data from one single attack vehicle can greatly manipulate the traffic control – The smart control algorithm can be fooled to: • Add tens of “ghost” vehicles to waste green light • Extend green light by spoofing as a late arriving vehicle Spoof the vehicle location! 16

  17. Attack video demo • Demo time! – https://www.youtube.com/watch?v=3iV1sAxPuL0 17

  18. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) [ISOC NDSS’18] [ACM CCS’19] First software security analysis of a First software security analysis of CV-based transportation system LiDAR-based AV perception 18

  19. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) [ISOC NDSS’18] [ACM CCS’19] First software security analysis of a First software security analysis of CV-based transportation system LiDAR-based AV perception 19

  20. Background: Autonomous Vehicle technology • Equip vehicles with various types of sensors to enable self driving 20

  21. Background: Autonomous Vehicle technology • Under active development in huge number of companies, some already made into production 21

  22. Goal: First security analysis of AV software • New attack surface: Sensors – Key input channel for critical control decisions – Public channel shared with potential adversaries • Fundamentally unavoidable attack surface! • LiDAR 22

  23. Background: LiDAR basics 23

  24. Background: LiDAR attacks • Known attack: LiDAR spoofing 1 – Shoot laser to LiDAR to inject points How to use this to attack the autonomy logic? 24 1 Shin et al.@CHES’17

  25. First security analysis of LiDAR-based perception in AV • Target : Baidu Apollo AV software system – Production-grade system, drive some buses in China already – Open sourced (“Android in AV ecosystem”) – Partner with 100+ car companies, including BMW, Ford, etc. • Attack : LiDAR spoofing attack from road-side laser shooting devices to create fake objects – Trigger undesired control operations, e.g., emergency brake Set up road-side Fake device to shoot laser object 25

  26. Analysis methodology overview • Attack input perturbation modelling – Model LiDAR spoofing attack and pre-processing step into analytical functions • Machine learning model security analysis – Formulate and solve an optimization problem over a DNN model • Security implication analysis – Understand attack impact on AV driving behaviors & road safety 26

  27. Analysis results • Successfully find attack input that can inject fake object! 27

  28. Security implication: Emergency brake attack • Cause AV to decrease speed from 43km/h to 0 km/h within 1 sec! 28

  29. Security implication: Car “freezing” attack • “Freeze” an AV at an intersection forever ! 29

  30. Recent interest: Autonomy software security in smart transportation Autonomous Vehicle (AV) Connected Vehicle (CV) Summary: • Initiated the first research efforts to perform security analysis of control software stacks in CV/AV systems • Discovered new attacks , analyzed root causes , and demonstrated security & safety implications • Only the beginning of CV/AV autonomy s/w security research • Join and see how you can contribute! [ISOC NDSS’18] [ACM CCS’19] First software security analysis of a First software security analysis of CV-based transportation system LiDAR-based AV perception 30

  31. Why of interest to you to join? • For enthusiasts about self driving & smart transp. – Learn technology detail, & how to hack it (and gain fame  ) • For job hunters – Your relevant knowledge & hacking experience can help get internship/full-time in CV/AV companies • For students want to do grad school (esp. PhD) – Research experience (& maybe papers ) in hot research topic 31

  32. Why of interest to you to join? • For enthusiasts about self driving & smart transp. – Learn technology detail, & how to hack it (and gain fame  ) • For job hunters – Your relevant knowledge & hacking experience can help get internship/full-time in CV/AV companies • For students want to do grad school (esp. PhD) – Research experience (& maybe papers ) in hot research topic 32

  33. Why of interest to you to join? • For enthusiasts about self driving & smart transp. – Learn technology detail, & how to hack it (and gain fame  ) • For job hunters – Your relevant knowledge & hacking experience can help get internship/full-time in CV/AV companies • For students want to do grad school (esp. PhD) – Research experience (& maybe papers ) in hot research topic 33

  34. Why of interest to you to join? • For enthusiasts about self driving & smart transp. – Learn technology detail, & how to hack it (and gain fame  ) • For job hunters – Your relevant knowledge & hacking experience can help get internship/full-time in CV/AV companies • For students want to do grad school (esp. PhD) – Research experience (& maybe papers ) in hot research topic 34

  35. Why of interest to you to join? • For enthusiasts about self driving & smart transp. – Learn technology detail, & how to hack it (and gain fame  ) • For job hunters – Your relevant knowledge & hacking experience can help get internship/full-time in CV/AV companies • For students want to do grad school (esp. PhD) – Research experience (& maybe papers ) in hot research topic 35

Recommend

A GHOST FROM POSTSCRIPT for RUXCON 2017 A GHOST FROM POSTSCRIPT WHO ARE WE redrain

A GHOST FROM POSTSCRIPT for RUXCON 2017 A GHOST FROM POSTSCRIPT WHO ARE WE redrain

REDRAIN & MIN(SPARK) ZHENG A GHOST FROM POSTSCRIPT for RUXCON 2017 A GHOST FROM POSTSCRIPT WHO ARE WE redrain min(spark) zheng Qihoo 360CERT CUHK PhD Alibaba Security Expert Low-level security researcher Pentester with interest in

818 views • 52 slides
Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA)

Fake ke WhatsA tsAPP Mess ssag ages Information Security Education and Awareness (ISEA) Project Phase-II Check Fake WhatsApp messages before you forward You may receive many spam emails. Fake WhatsApp forwards in a day while using

390 views • 21 slides
deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security

Software and Web Security deel 2 sws1 1 Software and Web Security - 1 & 2 Software is the main source of security vulnerabilities esp in systems accessible via a network part 1 security problems in machine code, compiled from C(++)

1.35k views • 67 slides
Investigating Model-Based Autonomy for Solar Probe Plus. Workshop on Spacecraft Flight Software.

Investigating Model-Based Autonomy for Solar Probe Plus. Workshop on Spacecraft Flight Software.

Investigating Model-Based Autonomy for Solar Probe Plus. Workshop on Spacecraft Flight Software. December, 2013. Bill Van Besien Flight Software Engineer (Notice: This presentation does not contain export controlled information) Contents

946 views • 31 slides
Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software

1 Software and Web Security deel 2 deel 2 sws1 Software and Web Security - 1 & 2 y Software is the main source of security vulnerabilities esp in systems accessible via a network i t ibl i t k part 1 part 1 security problems

672 views • 65 slides
Erin Murray The general first idea was to have a playful ghost flying around a building for

Erin Murray The general first idea was to have a playful ghost flying around a building for

Erin Murray The general first idea was to have a playful ghost flying around a building for their own enjoyment. The story of the ghost then became more prominent as I developed my storyboards. The ghost was looking for a place to haunt

336 views • 10 slides
Security on Plastics: Fake or Real? Nele Mentens, Jan Genoe, Thomas Vandenabeele, Lynn

Security on Plastics: Fake or Real? Nele Mentens, Jan Genoe, Thomas Vandenabeele, Lynn

Security on Plastics: Fake or Real? Nele Mentens, Jan Genoe, Thomas Vandenabeele, Lynn Verschueren, Dirk Smets, Wim Dehaene, Kris Myny Cryptographic Hardware and Embedded Systems (CHES) August 26-28, 2019, Atlanta, US Outline Flexible

333 views • 21 slides
The Ghost in the Machine Dawie van den Heever SSM with implants 2 SSM with implants 3 SSM

The Ghost in the Machine Dawie van den Heever SSM with implants 2 SSM with implants 3 SSM

1 The Ghost in the Machine Dawie van den Heever SSM with implants 2 SSM with implants 3 SSM with implants 4 ECG reconstruction & classification 5 Robotic limbs 6 PANDAS 7 Ghost in the Shell 8 Ghost in the Machine 9

419 views • 17 slides
E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA

E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA

AppealTraining.com Webinar Series E R I S A A p p e a l s Overcoming the FAKE Appeal Process What is ERISA Employee Retirement Income Security Act federal law governing employer-sponsored benefit plans. Claim impact:

579 views • 26 slides
Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon,

Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars Aurlien Francillon, Boris Danev, Srdjan apkun Monday February 7, 2011 System Security Group 1 Modern Cars Evolution Increasing amount of electronics in cars

552 views • 24 slides
So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News

So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News

So what is Fake News Fake news is a type of hoax or deliberate spread of misinformation: News Media Social Media with the intent to mislead in order to gain financially or politically . So what is Fake News It employs eye-catching

1.3k views • 55 slides
Ghost Peaks: How to Fix a Haunting Problem Jacob A. Rebholz Teledyne Tekmar VOC Product Line

Ghost Peaks: How to Fix a Haunting Problem Jacob A. Rebholz Teledyne Tekmar VOC Product Line

Ghost Peaks: How to Fix a Haunting Problem Jacob A. Rebholz Teledyne Tekmar VOC Product Line Manager Outline of Topics What is a ghost peak? How to identify ghost peaks and their source How to correct various sources of

561 views • 43 slides
INSIDE NVIDIA'S AI INFRASTRUCTURE FOR SELF-DRIVING CARS (HINT: ITS ALL ABOUT THE DATA)

INSIDE NVIDIA'S AI INFRASTRUCTURE FOR SELF-DRIVING CARS (HINT: ITS ALL ABOUT THE DATA)

INSIDE NVIDIA'S AI INFRASTRUCTURE FOR SELF-DRIVING CARS (HINT: ITS ALL ABOUT THE DATA) CLEMENT FARABET | | San Jose 2019 1 Self-driving cars requires tremendously large datasets for training and testing 2 NVIDIA DRIVE: SOFTWARE-DEFINED

829 views • 44 slides
Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum

Contents: Quantum Cryptography 1. Fake Quantum Theory. 2. Simple Quantum Protocols. 3. More Fake Quantum Theory: Fake Tensor Products, Entanglement. 4. A Glance at Genuine Quantum Theory. 5. Quantum Computing, Shors

560 views • 8 slides
Who can you believe? How to avoid being deceived And why by fake news it matters A

Who can you believe? How to avoid being deceived And why by fake news it matters A

Who can you believe? How to avoid being deceived And why by fake news it matters A special initiative of Five genuine facts about fake news 1. 2. 3. Fake news But its growing And it has real is nothing new. out

540 views • 27 slides
TOP TEN OBSTACLES FOR DISTRIBUTED LEDGERS SARAH MEIKLEJOHN (UCL) TOP TEN OBSTACLES [ M 18] 10

TOP TEN OBSTACLES FOR DISTRIBUTED LEDGERS SARAH MEIKLEJOHN (UCL) TOP TEN OBSTACLES [ M 18] 10

TOP TEN OBSTACLES FOR DISTRIBUTED LEDGERS SARAH MEIKLEJOHN (UCL) TOP TEN OBSTACLES [ M 18] 10 Usability 9 Governance 8 Comparisons 7 Key Management 6 Agility 5 Interoperability 4 Scalability 3 Cost-Effectiveness 2 Privacy 1 Scalability

394 views • 28 slides
Piloting HCV GHOST in Michigan www.michigan.gov/hepatitis November 29, 2017 Joe Coyle, MPH

Piloting HCV GHOST in Michigan www.michigan.gov/hepatitis November 29, 2017 Joe Coyle, MPH

Piloting HCV GHOST in Michigan www.michigan.gov/hepatitis November 29, 2017 Joe Coyle, MPH Outline MDHHS HCV Surveillance Basics of HCV GHOST Example of GHOST in Action Implications for Public Health Surveillance MDHHS HCV

455 views • 34 slides
DoD Priorities for Autonomy Research and Development MORLEY O. STONE, ST, PhD Autonomy PSC Lead

DoD Priorities for Autonomy Research and Development MORLEY O. STONE, ST, PhD Autonomy PSC Lead

DoD Priorities for Autonomy Research and Development MORLEY O. STONE, ST, PhD Autonomy PSC Lead 21 October 2011 NDIA Disruptive Technologies Conference November 8-9, 2011 Washington, DC Title Distribution Statement A: Approved for public

362 views • 11 slides
Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director

Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director

Broadcasting your attack: Security testing DAB radio in cars Andy Davis, Research Director Image: computerworld.com.au Agenda Who am I and why am I interested in security testing DAB? Overview of DAB How do we broadcast DAB?

790 views • 33 slides
Security on Plastics: Fake or Real? Nele Mentens KU Leuven, imec-COSIC/ESAT Joint work with Jan

Security on Plastics: Fake or Real? Nele Mentens KU Leuven, imec-COSIC/ESAT Joint work with Jan

Security on Plastics: Fake or Real? Nele Mentens KU Leuven, imec-COSIC/ESAT Joint work with Jan Genoe, Thomas Vandenabeele, Lynn Verschueren, Dirk Smets, Wim Dehaene, Kris Myny KU Leuven & IMEC CROSSING conference September 9, 2019,

526 views • 20 slides
Ghost River State of the Watershed (2018) - Ghost Watershed Alliance Society Photo credit: R.

Ghost River State of the Watershed (2018) - Ghost Watershed Alliance Society Photo credit: R.

Ghost River State of the Watershed (2018) - Ghost Watershed Alliance Society Photo credit: R. Drury State of the Watershed Report Formal process by Alberta Government Followed Handbook for State of the Watershed Reporting Used

470 views • 44 slides
Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software

Software Security By Hunter Stevenson Khalid Alharbi CSCI 5828 Foundations of Software Engineering Spring 2012 What is the talk NOT about? Cryptography. Database security. Operating Systems security. Network security.

1.37k views • 121 slides
Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit

Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit

Long-term security for cars Daniel J. Bernstein 1 , 2 Tanja Lange 1 1 Technische Universiteit Eindhoven 2 University of Illinois at Chicago 16 November 2016 2 / 31 3 / 31 4 / 31 D-Wave quantum computer isnt universal . . . Cant store

989 views • 53 slides
Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs:

Software Security: Defenses & Principles CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ January 25, 2011 Testing for Software Security Issues

444 views • 42 slides

More recommend