There is ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed. Motivated by such threat, this paper investigates the capabilities of an adversary who can directly control the frictional brake actuators and would like to induce wheel lockup conditions leading to catastrophic road injuries. This paper demonstrates that the adversary despite having a limited knowledge of the tire-road interaction characteristics has the capability of driving the states of the vehicle traction dynamics to a vicinity of the lockup manifold in a finite time by means of a properly designed attack policy for the frictional brakes. This attack policy relies on employing a predefined-time controller and a nonlinear disturbance observer acting on the wheel slip error dynamics. Simulations under various road conditions demonstrate the effectiveness of the proposed attack policy.
more »
« less
Generation of CAN-based Wheel Lockup Attacks on the Dynamics of Vehicle Traction
Recent automotive hacking incidences have demonstrated that when an adversary manages to gain access to a safety-critical CAN, severe safety implications will ensue. Under such threats, this paper explores the capabilities of an adversary who is interested in engaging the car brakes at full speed
and would like to cause wheel lockup conditions leading to catastrophic road injuries. This paper shows that the physical capabilities of a CAN attacker can be studied through the lens of closed-loop attack policy design. In particular, it is demonstrated that the adversary can cause wheel lockups by means of closed-loop attack policies for commanding the frictional brake actuators under a limited knowledge of the tire-road interaction characteristics. The effectiveness of the proposed wheel lockup attack policy is shown via numerical simulations under different road conditions.
more »
« less
- Award ID(s):
- 2035770
- PAR ID:
- 10318085
- Date Published:
- Journal Name:
- Workshop on Automotive and Autonomous Vehicle Security (AutoSec) 2022
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
There are a variety of ways, such as reflashing of targeted electronic control units (ECUs) to hijacking the control of a fleet of wheeled mobile robots, through which adversaries can execute attacks on the actuators of mobile robots and autonomous vehicles. Independent of the source of cyber-physical infiltration, assessing the physical capabilities of an adversary who has made it to the last stage and is directly controlling the cyber-physical system actuators is of crucial importance. This paper investigates the potentials of an adversary who can directly manipulate the traction dynamics of wheeled mobile robots and autonomous vehicles but has a very limited knowledge of the physical parameters of the traction dynamics. It is shown that the adversary can exploit a new class of closed-loop attack policies that can be executed against the traction dynamics leading to wheel lock conditions. In comparison with a previously proposed wheel lock closed-loop attack policy, the attack policy in this paper relies on less computations and knowledge of the traction dynamics. Furthermore, the proposed attack policy generates smooth actuator input signals and is thus harder to detect. Simulation results using various tire-ground interaction conditions demonstrate the effectiveness of the proposed wheel lock attack policy.more » « less
-
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics [1]. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.more » « less
-
Motivated by ample evidence in the automotive cybersecurity literature that the car brake ECUs can be maliciously reprogrammed, it has been shown that an adversary who can directly control the frictional brake actuators can induce wheel lockup conditions despite having a limited knowledge of the tire-road interaction characteristics~\cite{mohammadi2021acc}. In this paper, we investigate the destabilizing effect of such wheel lockup attacks on the lateral motion stability of vehicles from a robust stability perspective. Furthermore, we propose a quadratic programming (QP) problem that the adversary can solve for finding the optimal destabilizing longitudinal slip reference values.more » « less
-
Temperature sensing and control systems are widely used in the closed-loop control of critical processes such as maintaining the thermal stability of patients, or in alarm systems for detecting temperature-related hazards. However, the security of these systems has yet to be completely explored, leaving potential attack surfaces that can be exploited to take control over critical systems. In this paper we investigate the reliability of temperature-based control systems from a security and safety perspective. We show how unexpected consequences and safety risks can be induced by physical-level attacks on analog temperature sensing components. For instance, we demonstrate that an adversary could remotely manipulate the temperature sensor measurements of an infant incubator to cause potential safety issues, without tampering with the victim system or triggering automatic temperature alarms. This attack exploits the unintended rectification effect that can be induced in operational and instrumentation amplifiers to control the sensor output, tricking the internal control loop of the victim system to heat up or cool down. Furthermore, we show how the exploit of this hardware-level vulnerability could affect different classes of analog sensors that share similar signal conditioning processes. Our experimental results indicate that conventional defenses commonly deployed in these systems are not sufficient to mitigate the threat, so we propose a prototype design of a low-cost anomaly detector for critical applications to ensure the integrity of temperature sensor signals.more » « less