Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

STOP! Camera Spoofing via the in-Vehicle IP Network

Dror Peri, Avishai Wool

TL;DR

The effectiveness of the width-varying defense, which randomly modifies the width of every frame, is demonstrated through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions.

Abstract

Autonomous driving and advanced driver assistance systems (ADAS) rely on cameras to control the driving. In many prior approaches an attacker aiming to stop the vehicle had to send messages on the specialized and better-defended CAN bus. We suggest an easier alternative: manipulate the IP-based network communication between the camera and the ADAS logic, inject fake images of stop signs or red lights into the video stream, and let the ADAS stop the car safely. We created an attack tool that successfully exploits the GigE Vision protocol. Then we analyze two classes of passive anomaly detectors to identify such attacks: protocol-based detectors and video-based detectors. We implemented multiple detectors of both classes and evaluated them on data collected from our test vehicle and also on data from the public BDD corpus. Our results show that such detectors are effective against naive adversaries, but sophisticated adversaries can evade detection. Finally, we propose a novel class of active defense mechanisms that randomly adjust camera parameters during the video transmission, and verify that the received images obey the requested adjustments. Within this class we focus on a specific implementation, the width-varying defense, which randomly modifies the width of every frame. Beyond its function as an anomaly detector, this defense is also a protective measure against certain attacks: by distorting injected image patches it prevents their recognition by the ADAS logic. We demonstrate the effectiveness of the width-varying defense through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions. The best the attack was able to achieve against this defense was injecting a stop sign for a duration of 0.2 seconds, with a success probability of 0.2%, whereas stopping a vehicle requires about 2.5 seconds.

STOP! Camera Spoofing via the in-Vehicle IP Network

TL;DR

The effectiveness of the width-varying defense, which randomly modifies the width of every frame, is demonstrated through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions.

Abstract

Autonomous driving and advanced driver assistance systems (ADAS) rely on cameras to control the driving. In many prior approaches an attacker aiming to stop the vehicle had to send messages on the specialized and better-defended CAN bus. We suggest an easier alternative: manipulate the IP-based network communication between the camera and the ADAS logic, inject fake images of stop signs or red lights into the video stream, and let the ADAS stop the car safely. We created an attack tool that successfully exploits the GigE Vision protocol. Then we analyze two classes of passive anomaly detectors to identify such attacks: protocol-based detectors and video-based detectors. We implemented multiple detectors of both classes and evaluated them on data collected from our test vehicle and also on data from the public BDD corpus. Our results show that such detectors are effective against naive adversaries, but sophisticated adversaries can evade detection. Finally, we propose a novel class of active defense mechanisms that randomly adjust camera parameters during the video transmission, and verify that the received images obey the requested adjustments. Within this class we focus on a specific implementation, the width-varying defense, which randomly modifies the width of every frame. Beyond its function as an anomaly detector, this defense is also a protective measure against certain attacks: by distorting injected image patches it prevents their recognition by the ADAS logic. We demonstrate the effectiveness of the width-varying defense through theoretical analysis and by an extensive evaluation of several types of attack in a wide range of realistic road driving conditions. The best the attack was able to achieve against this defense was injecting a stop sign for a duration of 0.2 seconds, with a success probability of 0.2%, whereas stopping a vehicle requires about 2.5 seconds.
Paper Structure (28 sections, 10 equations, 14 figures, 3 tables)

This paper contains 28 sections, 10 equations, 14 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. CAN bus attacks and defenses
  4. Sensor attacks and defenses
  5. WiFi and IP-based attacks
  6. Adversary Model
  7. Contributions
  8. Preliminaries
  9. The GigE Vision Protocol
  10. The Experimental Car Setup
  11. External Datasets
  12. The Attack Tool
  13. Defenses
  14. Passive Defense
  15. Detector Categories
  16. ...and 13 more sections

Figures (14)

  • Figure 1: Networking Architecture Structure. Note the attacker's position in an ECU connected to the GB Ethernet.
  • Figure 2: A schematic representation of the first 40 rows in a frame, with 1936 pixels per row, each pixel encoded by one byte, and 9000-byte GVSP packets. The pixels of successive packets alternate between black and white.
  • Figure 3: The full-frame injection scheme
  • Figure 4: Full frame injection attack sequence. Note the box around the stop sign in (b) indicating that the sign was recognized.
  • Figure 5: Attack tool examples: the boxes around the signs or red lights indication a successful detection.
  • ...and 9 more figures