SELF-DRIVING AND CONNECTED CARS: FOOLING SENSORS AND TRACKING DRIVERS presented at BlackHatEU 2015

by Jonathan Petit,

Summary : Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles.
Automated vehicles are equipped with multiple sensors (LiDAR, radar, camera, etc.) enabling local awareness of their surroundings. A fully automated vehicle will solely rely on its sensors readings to make short-term (i.e. safety-related) and long-term (i.e. planning) driving decisions. In this context, sensors have to be robust against intentional or unintentional attacks that aim at lowering sensor data quality or alter sensor input to disrupt the automation system. This talk presents remote attacks on camera-based system and LiDAR using commodity hardware. Results from laboratory experiments show effective blinding, jamming, replay, relay, and spoofing attacks. We propose software and hardware countermeasures that improve sensors resilience against these attacks. As such sensors are also deployed in today's cars for advanced driver assistance systems (ADAS), our results have a short-term relevancy beyond automated driving.
Connected Vehicle is an upcoming technology that allow vehicles and road-side infrastructure to communicate to increase traffic efficiency and safety. To enable cooperative awareness, vehicles continually broadcast messages containing their location. These messages can be received by anyone, jeopardizing location privacy. A misconception is that such attacks are only possible by a global attacker with extensive resources (e.g. sniffing stations at every intersections giving a full city-wide coverage). In this paper, we demonstrate the feasibility of location tracking attack in an ITS in the presence of a mid-sized attacker (i.e. an attacker that has partial network coverage but can choose which parts to cover). We conduct an empirical study on the campus of the University of Twente, The Netherlands by deploying ITS hardware on a small scale. As road intersections are likely targets for an attacker to eavesdrop, we propose a graph-based approach to determine which intersections an attacker should cover. We also derive a cost analysis that gives an indication of the financial resources an attacker needs to track a vehicle. To mitigate location tracking attacks, we assess the benefit of pseudonym change strategies and propose a privacy metric to quantify a vehicle's level of privacy in the presence of mid-sized attackers. Experiment results demonstrate that tracking is feasible even if such an attacker covers a small number of intersections. If this is deficiency of privacy protection is left unaddressed, it will be cost efficient for any interested parties to set up scalable passive surveillance and sousveillance operations.