Transcript Secure Autonomous Vehicle Embedded Computing and Sensing

Secure Autonomous Vehicle
Embedded Computing and Sensing
Paata J. Kervalishvili
2nd SENS-ERA Workshop on “Advanced Sensor Systems and Networks”
TEI Piraeus, Athens, Greece December 6, 2012
These works are performed in close cooperation
with US colleagues lead by Prof. Alex Wiglinsky
The goal of the work is to enhance the security of unmanned platforms collaborating
together on a specific task against malicious attacks targeting their on-board embedded
computing and sensor systems.
The main objectives of are:
1. To create a prototype test-bed facility designed to accurately assess potential security
vulnerabilities in cooperative networks of unmanned platforms, as well as evaluate new
concepts and countermeasures to harden these platforms and networks from malicious
attacks
2. To identify potential security vulnerabilities associated with the embedded computing and
sensor systems of unmanned ground vehicles, unmanned aerial vehicles, and complex
networks.
3. To investigate real-time human-in-the-loop control algorithms for supporting multiple
unmanned platforms via a single human operator. Leveraging traditional approaches for
controlling multiple platforms, such as wireless networking and localization information
obtained from global positioning system (GPS) devices, these unmanned platforms will also
use their sensor systems in order to extract information about the actions of the other
unmanned platforms within the network and extract from this information their updated
role in the mission
4. To create efficient, lightweight cryptographic algorithms for realizations requiring a balance
of computing, memory, and energy in order to reliably protect these unmanned systems from
attacks designed to compromise the system or the network of systems by exploiting the
leakage of critical information, such as power, electromagnetic emissions, execution time.
Background
Embedded systems and sensor devices are increasingly becoming an integral part of many
defense-critical applications ranging from unmanned aircraft, unmanned vehicles, robotics,
naval applications, and many land-based operations. On the commercial side, embedded
systems and sensor devices are employed
from jet engines to vending machines and to manufacturing assembly lines, which rely
on embedded systems and sensor devices at the core of their design in order to support
their seamless operation.
However, this increasing reliance on embedded computing and sensor technology, as well
as the applications they support, introduces a new form of vulnerability into this critical
infrastructure that only now is beginning to be recognized as a significant threat to
operations with potentially very serious consequences.
There have been a substantial amount of resources invested recently in the development of
unmanned systems that can autonomously perform specified tasks in challenging environments.
As a result of these activities, the research community’s understanding of these complex
systems has significantly advanced, enabling ever-increasing complex operations and
functions performed by these unmanned systems thought unrealizable only a decade ago.
For example, both the DARPA Grand Challenge and DARPA Urban Challenge yielded several
sophisticated implementations of self-driving ground vehicles capable of driving across long
distances and/or challenging driving environments without the need
for assistance from a human operator. Commercially, several companies are also exploring
this new Secure Autonomous Vehicle Embedded Computing and Sensing
Despite these substantial investments in creating and perfecting unmanned autonomous
vehicles, there is one key aspect in the design of these systems that is noticeably
absent: security. To the best of our knowledge, only a minimal amount of research has
been conducted in the area of securing unmanned autonomous platforms. Almost all of these
research activities have focused on simply encrypting all data, both on the embedded system
and the wireless channels, without assessing other potential vulnerabilities.
In fact, several of these other potential vulnerabilities have already been demonstrated on
actual hardware platforms and published in the open literature. For example, several
researchers have explored embedded computing and sensor system vulnerabilities on
commercial vehicles, which can be accessed by non-conventional methods such as the
vehicle’s entertainment system or tire pressure sensors.
Exploiting the firmware updating mechanism of these commercial vehicles has also been
explored as a potential vulnerability, as well as attacks carried out over the wireless
channels connecting the vehicular platform to some information network.
Cryptographic attacks have also been demonstrated on these platforms, and techniques
have already started being developed to assess whether the embedded computing and
sensor system resources are being compromised by an attack. GPS spoofing is another
research topic that is being explored, and the results of activities related
to this topic can possess some serious impacts on the navigation of unmanned systems, as
demonstrated.
The second activity focuses on identifying potential security vulnerabilities associated with the
embedded computing and sensor systems of unmanned ground vehicles, unmanned aerial vehicles,
and complex networks of cooperating.
For example, it will be explored active attack techniques targeting the sensor
technologies commonly used in autonomous platforms, e.g. ultrasound sensors, infrared sensors, and
hall effect sensors.
An autonomous platform decides on its action based on inputs received from these
sensors. By attacking the sensors, the adversary can cause autonomous platform suicides and
vandalism as well as denial-of-service and can even gain full control of the autonomous platform.
We propose to further investigate their vulnerabilities to side-channel attacks.
The third activity focuses on enabling trust and attack identification in distributed, cooperative networks
of unmanned platforms, such as those illustrated in Figure 2. Leveraging advanced techniques and
algorithms, such as distributed change point detection, we can quickly detect the presence of an attacker
and further identify the location of suspicious behavior. The enabling observation is that the
abnormal behavior will cause subtle changes in the distributions of the random observations of
distributed sensors.
Based on the main objectives the first activity focuses on the actual implementation of a prototype
test-bed facility for the identification of potential security vulnerabilities in autonomous platforms, as
well as the validation of new algorithms and techniques for hardening these platforms from attack. At the
core of this test-bed is an unmanned ground vehicle that consists of a commericially available sports
utility vehicle, an array of different sensors including LIDAR, a drive-by-wire kit, and other
electronic components and instruments. The proposed unmanned ground vehicle platform is illustrated
in Figure 3.
Hence, by quickly detecting such changes, one can detect the presence of malicious behavior
quickly.
Furthermore, the sensors that are closer to the point of attack will observe such a
change earlier than those sensors that are further away from the point of attack. Hence by
investigating the times when the sensors observe changes, one can gain valuable information
about the point of attack. In the proposed project, we will design and implement various
detection schemes. Using the proposed test-bed, we will study various trade-offs among
detection delay, false alarm, implementation complexity, and communication overhead,
with the goal of identifying schemes that have good performance and are amenable to
implementation.
The fourth activity focuses on real-time human-in-the-loop control algorithms for
supporting multiple unmanned platforms via a single human operator. Specifically, this
activity will investigate how a single human operator can control a network of different
types of autonomous platforms, such as UGVs and UAVs, to execute a specific task or
mission.
The fifth activity involves research into topics such as securing firmware from
counterfeiting. Typically, firmware can be protected using a security built-in
microprocessor, which is usually more expensive, or using a cryptographic
authentication IC, also referred as security co-processor. The proposed test-bed will
incorporate both types of configuration to evaluate and compare their security
performance.
Conclusion I
This work enable state-of-the-art research into the physical security of networks of
autonomous systems. Specifically, this project will help foster new research into identifying
and mitigating attacks on autonomous platforms (UGVs, UAVs) that were designed to
exploit security weaknesses in logical systems such as software or cryptographic protocols in
order to gain access to the unauthorized information, disable the functions of the sensors
as well as extract information from the sensors and actuators of an autonomous system,
and inject false information into an automotive autonomous system in order to redirect its
path and behavior.
Since many autonomous systems obtain their external information via wireless
transmissions, either from a command-and-control center or from another autonomous
system, this presents a possible vulnerability for attack from an external entity.
Moreover, given the dependency of most autonomous systems on embedded processors and
sensor systems located throughout a platform, this proposed project will help enable research
into identifying various forms of embedded processor hardware and firmware attacks, as
well as provide a resource for assessing the effectiveness of new approaches to harden these
embedded processors.
Conclusion II
With the current research efforts being pursued in the area of security for autonomous
systems, almost all activities are focused on attacks and vulnerabilities that take place
at the network layer and above.
Conversely, research efforts into securing the lower layers of these systems have been rather
minimal and remain to be extensively explored, such as attacks on chips, tampering,
reverse engineering, anti-counterfeiting, and information leakage. Thus, given the high
level of dependency that these systems possess with respect to the physical
environment around them, such as sensory information, microcontrollers, and control
data between different platforms, and coupling with these vulnerabilities the exponential
growth in the area of complex networks of autonomous platforms, research into
physical security of networks of autonomous systems has the potential to be transformative
and very high impact given our growing reliance on this technology. Moreover, these issues
and their potential solutions lie at the boundaries of embedded processing, physical security,
robotics, and wireless communications.
Research work developed evaluation methods for assessing the security of networks of
autonomous systems.
It is necessary to underline that this is the first work that attempts to assess autonomous
system security for networks of both unmanned ground vehicles and unmanned aerial
vehicles. However, in order to achieve these goals, specialized equipment is needed to
accurately assess and evaluate these systems.