skip to main content

Title: RESILIENT CONTROL UNDER CYBER-ATTACKS IN CONNECTED ACC VEHICLES
This paper focuses on the detection of cyber-attack on a communication channel and simultaneous radar health monitoring for a connected vehicle. A semi-autonomous adaptive cruise control (SA-ACC) vehicle is considered which has wireless communication with its immediately preceding vehicle to operate at small time-gap distances without creating string instability. However, the reliability of the wireless connectivity is critical for ensuring safe vehicle operation. The presence of two unknown inputs related to both sensor failure and cyber-attack seemingly poses a difficult estimation challenge. The dynamic system is first represented in descriptor system form. An observer with estimation error dynamics decoupled from the cyber-attack signal is developed. The performance of the observer is extensively evaluated in simulations. The estimation system is able to detect either a fault in the velocity measurement radar channel or a cyber-attack. Also, the proposed observer-based controller achieves resilient SA-ACC system under the cyber-attacks. The fundamental estimation algorithm developed herein can be extended in the future to enable cyber-attack detection in more complex connected vehicle architectures.
Authors:
; ;
Award ID(s):
1631133
Publication Date:
NSF-PAR ID:
10198608
Journal Name:
Proceedings of the ASME Dynamic Systems and Control Conference
ISSN:
2151-1853
Sponsoring Org:
National Science Foundation
More Like this
  1. With the large-scale deployment of connected and autonomous vehicles, the demand on wireless communication spectrum increases rapidly in vehicular networks. Due to increased demand, the allocated spectrum at the 5.9 GHz band for vehicular communication cannot be used efficiently for larger payloads to improve cooperative sensing, safety, and mobility. To achieve higher data rates, the millimeter-wave (mmWave) automotive radar spectrum at 76-81 GHz band can be exploited for communication. However, instead of employing spectral isolation or interference mitigation schemes between communication and radar, we design a joint system for vehicles to perform both functions using the same waveform. In thismore »paper, we propose radar processing methods that use pilots in the orthogonal frequency-division multiplexing (OFDM) waveform. While the radar receiver exploits pilots for sensing, the communication receiver can leverage pilots to estimate the time-varying channel. The simulation results show that proposed radar processing can be efficiently implemented and meet the automotive radar requirements. We also present joint system design problems to find optimal resource allocation between data and pilot subcarriers based on radar estimation accuracy and effective channel capacity.« less
  2. Abstract Previous work with simulations of oceanographic high-frequency (HF) radars has identified possible improvements when using maximum likelihood estimation (MLE) for direction of arrival; however, methods for determining the number of emitters (here defined as spatially distinct patches of the ocean surface) have not realized these improvements. Here we describe and evaluate the use of the likelihood ratio (LR) for emitter detection, demonstrating its application to oceanographic HF radar data. The combined detection–estimation methods MLE-LR are compared with multiple signal classification method (MUSIC) and MUSIC parameters for SeaSonde HF radars, along with a method developed for 8-channel systems known asmore »MUSIC-Highest. Results show that the use of MLE-LR produces similar accuracy, in terms of the RMS difference and correlation coefficients squared, as previous methods. We demonstrate that improved accuracy can be obtained for both methods, at the cost of fewer velocity observations and decreased spatial coverage. For SeaSondes, accuracy improvements are obtained with less commonly used parameter sets. The MLE-LR is shown to be able to resolve simultaneous closely spaced emitters, which has the potential to improve observations obtained by HF radars operating in complex current environments. Significance Statement We identify and test a method based on the likelihood ratio (LR) for determining the number of signal sources in observations subject to direction finding with maximum likelihood estimation (MLE). Direction-finding methods are used in broad-ranging applications that include radar, sonar, and wireless communication. Previous work suggests accuracy improvements when using MLE, but suitable methods for determining the number of simultaneous signal sources are not well known. Our work shows that the LR, when combined with MLE, performs at least as well as alternative methods when applied to oceanographic high-frequency (HF) radars. In some situations, MLE and LR obtain superior resolution, where resolution is defined as the ability to distinguish closely spaced signal sources.« less
  3. Autonomous vehicle (AV) software systems are emerging to enable rapidly developed self-driving functionalities. Since such systems are responsible for safety-critical decisions, it is necessary to secure them in face of cyber attacks. Through an empirical study of representative AV software systems Baidu Apollo and Autoware, we discover a common over-privilege problem with the publish-subscribe communication model widely adopted by AV systems: due to the coarse-grained message design for the publish-subscribe communication, some message fields are over-granted with publish/subscribe permissions. To comply with the least-privilege principle and reduce the attack surface resulting from such problem, we argue that the publish/subscribe permissionsmore »should be defined and enforced at the granularity of message fields instead of messages. To systematically address such publish-subscribe over-privilege problems, we present AVGuardian, a system that includes (1) a static analysis tool that detects over-privilege instances in AV software and generates the corresponding access control policies at the message field granularity, and (2) a low-overhead, module-transparent, runtime publish/subscribe permission policy enforcement mechanism to perform online policy violation detection and prevention. Using our detection tool, we are able to automatically detect 581 over-privilege instances in total in Baidu Apollo. To demonstrate the severity, we further constructed several concrete exploits that can lead to vehicle collision and identity theft for AV owners, which have been reported to Baidu Apollo and confirmed as valid. For defense, we prototype and evaluate the policy enforcement mechanism, and find that it has very low overhead, does not affect original AV decision logic, and also is resilient to message replay attacks.« less
  4. Cyber-Physical Systems (CPS) connected in the form of Internet of Things (IoT) are vulnerable to various security threats, due to the infrastructure-less deployment of IoT devices. Device-to-Device (D2D) authentication of these networks ensures the integrity, authenticity, and confidentiality of information in the deployed area. The literature suggests different approaches to address security issues in CPS technologies. However, they are mostly based on centralized techniques or specific system deployments with higher cost of computation and communication. It is therefore necessary to develop an effective scheme that can resolve the security problems in CPS technologies of IoT devices. In this paper, amore »lightweight Hash-MAC-DSDV (Hash Media Access Control Destination Sequence Distance Vector) routing scheme is proposed to resolve authentication issues in CPS technologies, connected in the form of IoT networks. For this purpose, a CPS of IoT devices (multi-WSNs) is developed from the local-chain and public chain, respectively. The proposed scheme ensures D2D authentication by the Hash-MAC-DSDV mutual scheme, where the MAC addresses of individual devices are registered in the first phase and advertised in the network in the second phase. The proposed scheme allows legitimate devices to modify their routing table and unicast the one-way hash authentication mechanism to transfer their captured data from source towards the destination. Our evaluation results demonstrate that Hash-MAC-DSDV outweighs the existing schemes in terms of attack detection, energy consumption and communication metrics.« less
  5. Connected vehicle (CV) systems are cognizant of potential cyber attacks because of increasing connectivity between its different components such as vehicles, roadside infrastructure and traffic management centers. However, it is a challenge to detect security threats in real-time and develop appropriate/effective countermeasures for a CV system because of the dynamic behavior of such attacks, high computational power requirement and a historical data requirement for training detection models. To address these challenges, statistical models, especially change point models, have potentials for real-time anomaly detections. Thus, the objective of this study is to investigate the efficacy of two change point models, Expectationmore »Maximization (EM) and two forms of Cumulative Summation (CUSUM) algorithms (i.e., typical and adaptive), for real-time V2I cyber attack detection in a CV Environment. To prove the efficacy of these models, we evaluated these two models for three different type of cyber attack, denial of service (DOS), impersonation, and false information, using basic safety messages (BSMs) generated from CVs through simulation. Results from numerical analysis revealed that EM, CUSUM, and adaptive CUSUM could detect these cyber attacks, DOS, impersonation, and false information, with an accuracy of (99\%, 100\%, 100\%), (98\%, 100\%, 100\%), and (100\%, 98\%, 100\%) respectively.« less