Automated CV simulation tool-chain based on VENTOS for Simulation level validation for multi-node
automotive platooning EE architecture under false data injection attack
automated tool-chain has been built on top of an existing connected vehicle simulation tool, VENTOS,
for CV traffic. The outline of the proposed tool-chain is given below. The proposed tool-chain can be
used to generate sequences of false data (attack vectors) for any type of platoon structure. It also
provides a visual simulation of that attack vector on the underlying platoon structure to simulate such
an attack on a platoon where i) each vehicle's dynamics can be customized, ii) the platoon topology can
be defined. This enables us to investigate the different vulnerable situations designed for different
such system dynamics and CV topologies. Customizable vehicle dynamics can be further leveraged for the
development of control-theoretic attack detectors.
Attack detection algorithm design for single node automotive EE architecture under false data injection
The ideal target to inject a false data injection attack (FDIA) in an automotive EE architecture is the
controller area network or CAN bus because it is used by most of the safety-critical control loops in a
vehicle. Lack of any security schemes makes CAN protocol vulnerable to such attacks as well. A message
ID that an FDI attacker intends to falsify is called the victim message and the electronic control unit
(ECU) that is responsible for transmitting the victim message is called victim ECU. The first step of FDIA
is achieved by sending the victim ECU to the CAN bus to bus-off. The following figure demonstrates the
phases of bus-off (step 1, 2, 3). Following the disconnection of the actual ECU the attacker is able to send
falsified messages that replaces the victim messages.
Computer-Aided Design (CAD) Framework for Simulation level validation for single node automotive EE
architecture under false data injection attack
Computer-aided design (CAD) framework has been developed for estimating the vulnerability of automotive
CPSs. Outline of the proposed framework is given in the below figure. We have considered a model-based
representation of safety-critical automotive controllers and monitoring systems working in a closed loop
with vehicle dynamics and verified their safety and robustness with respect to false data injection attacks.
The proposed framework tries to find out which sensor and/or actuation signal is vulnerable by generating
stealthy and successful attacks using a formal method-based counterexample guided abstraction refinement
(CEGAR) process. Software tool for basic attack vector generation of simple linearized automotive control
loops has been made ready. We intend to make a structured methodology to visualize the effect of the formally
synthesized attack vectors that are designed to violate specific system properties and how to counter them.
Attack detection algorithm design for automotive platooning EE architecture
A preliminary version of a detection mechanism to detect false data injection (FDI) attacks on a platoon
has been developed. Each vehicle's state x consists of position (s), velocity, (v) and acceleration (a)
They communicate their states to their neighbor vehicles. The tool-chain, described in the previous step,
considers an attack model where an attacker falsifies a vehicle's state while the state is being communicated.
Virtual software-in-loop (SIL) testing of adaptive cruise control (ACC) system designed for light-duty
vehicles in Carmaker 8.0
In car simulation software Carmaker 8.0, we have built a cruise control model for a single car. We
design the controller in Simulink which is connected to the plant in Carmaker. The actuation of
control signal on the vehicle's longitudinal dynamics is visualized on Carmaker (Fig. 8) where on
input of any constant speed, the controller will make the car move with that specific velocity.
This facilitates the design and validates our own controller.
Real-time hardware-in-loop (HIL) emulation of adaptive cruise control (ACC) system (for single node)
under bus-off attack and detection in controller area network (CAN) protocol
We first successfully implemented CAN bus-off attack on an Infineon ECU in closed loop with an ETAS
Labcar RTPC emulating an ACC system. The attacker is implemented in an Arduino Uno interfaced with
the CAN bus using Sparkfun CAN shield. The following figure demonstrates how the closed-loop behaves
under the bus-off attack followed by the FDIA. On application of our aperiodic control execution-based
detection algorithm, the bus-off attack is eventually detected and the closed loop stabilizes under the
aperiodic control execution.
Development of a platoon test-bed that consists of race cars capable of performing autonomous maneuvers
For the purpose of conducting rigorous analysis upon implementation of attack, detection and mitigation
algorithms, a test bed has been developed, consisting of four one-tenth scale race cars. Utilising the onboard processors,
sensors and actuators, makes it capable of running modern algorithms in the discipline of AI, Deep Learning, Computer Vision
and a lot more.
Simultaneous Localisation and Mapping (SLAM)
Adaptive Monte Carlo Localisation (AMCL)
Waypoint Following
Local Path Planning
Global Path Planning
End-to-End Learning
Cooperative Adaptive Cruise Control (CACC)
A vehicle-to-vehicle communication network is created using a python socket library which allows cars
to transmit and receive data using the processor's IP address. This is achieved via client and server
scripts running as threads running in each car according to the decided network topology. A car sends
its state (acceleration, velocity, position, orientation) to the cars connected to it. Based on the state,
the control actions are calculated for safe maneuvers in a connected vehicle platoon.
Work In Progress
Work In Progress
Future Plan
- In case of vehicle platoons, a stealthy attacker is likely to have registered itself as a
legitimate member of the platoon. Therefore, certification-based authentication can be fooled. Attacker
vehicles can send false data to the platoon members to initiate collision or reduce traffic throughput
without creating any suspicions. Threshold-based anomaly detectors are widely used to detect such false
data. In this regard, we plan the following two works:
- We will explore the statistical change detection methods (like, chi-square, CUSUM, etc.) to
determine the suitable threshold for the attack detector while considering the distributed nature
of attacks in the platoon.
- Further, we also plan to make the detection more robust against intelligent attackers by framing
a two-player game between the attacker and detector. Both the attacker and detector agents learn the
environment and each other's strategies using standard RL policies. The objective of the attacker would
be to stealthily falsify the communication data to violate safety/performance goals as early as possible.
Whereas, the detector's objective would be catching the intelligent attacker before the latter succeeds.
- In cooperative adaptive cruise control (CACC), the vehicles in a platoon use NN-based image processing along
with other sensor data to gather information about their surroundings. With this information, NN-based controllers
intelligently maneuver the platoon vehicles. Data falsification attacks can hamper the safety of such controllers.
We plan to evaluate the safety of the NN-based controllers in presence of data falsification attacks leveraging
reachability analysis. This can serve as a mitigation strategy against data falsification attacks.
- Our final goal would be implementing the proposed control-theoretic detection and robust mitigation methods
on hardware-in-loop real-time setup as well as a small-scale platoon setup using f1/10 vehicle chassis.