Cybersecurity Vulnerability/Threat Analysis for Collaborative Sensing and Autonomy OS

Problem statement and objectives: The promises of highly automated transportation systems (HATS) are clear and compelling: a path to zero roadway fatalities, low-cost mobility of people and goods, widening transportation accessibility and equity, and reduced environmental impacts. But, HATS will fail to gain the public’s trust if they are seen as uniquely vulnerable to cyberattacks. Thus, it is imperative to proactively perform vulnerability/threat analysis for critical components in HATS, especially the relatively new ones such as AI, autonomy, and V2X, so that their potential cybersecurity problems can be sufficiently identified, understood, and ideally addressed before wide deployment. Scope: In this 1-year project period, the research team will specifically focus on two highly-critical but under-studied components from the cybersecurity perspective in HATS: collaborative sensing and autonomy OS (operating system). Cooperative sensing aims at leveraging V2X to enable sensor data-sharing among surrounding vehicles so that the sensing capability of each individual vehicle participant such as perception and PNT (Positioning, Navigation and Timing) can be dramatically increased. However, such data sharing by nature introduces critical cybersecurity concerns. However, so far no prior works have performing a systematic vulnerability/threat analysis for the latest deep learning-based collaborative sensing algorithms. This project thus aims to fill this gap. In HATS, the autonomy software modules (e.g., perception, planning, control) are built on top of an autonomy OS (e.g., Robotic Operating System, or ROS). Although there exist numerous prior vulnerability/threat analysis studies on different types of autonomy software modules, very few have considered the vulnerability/threat analysis for autonomy OS. Specifically, so far no prior work has systematically studied the cybersecurity of the inter-module communication process in HATS autonomy OS, which is one of the most fundamental functionality in an autonomy OS while also being one of the most safety- and mission-critical since vulnerabilities/threats in this process can allow an attacker to directly manipulate the whole system workflow by compromising even the least sensitive node that contains no critical functionality. This project thus aims to also fill this gap. Methods: To fill the two research gaps above, the team proposes to design novel vulnerability/threat analysis methodologies tailored to the design and implementations of the two targeted components: collaborative sensing and autonomy OS. For collaborative sensing, the team plans to first comprehensively identify the potential attack targets based on a general design pipeline derived from the different latest deep learning-based algorithm designs (e.g., for late-fusion ones the team can only attack the sensing outputs, while for early- and intermediate-fusion designs the team can also attack the sensing inputs and intermediate feature spaces), and then design new attacks for each attack targets. For autonomy OS, since the analysis target is software code, the team will leverage formal methods in the program language and software engineering fields such as static control and data flow analysis to achieve systematic vulnerability discovery and threat analysis. In both analysis, the team will particularly focus on attack surfaces and vectors that can affect PNT, perception, and transportation safety.

• Record URL:
  https://utc.engineering.osu.edu/cybersecurity-vulnerabilitythreat-analysis-collaborative-sensing-and-autonomy-os

Language

• English

Project

• Status: Active
• Funding: $150000
• Contract Numbers:

  69A3552348327

• Sponsor Organizations:

  Office of the Assistant Secretary for Research and Technology

  University Transportation Centers Program
  Department of Transportation
  Washington, DC  United States  20590
• Managing Organizations:

  Center for Automated Vehicle Research with Multimodal Assured Navigation

  Ohio State University
  Columbus, OH  United States  43210
• Project Managers:

  Kline, Robin

• Performing Organizations:

  University of California, Irvine

  Institute of Transportation Studies
  4000 Anteater Instruction and Research Building
  Irvine, CA  United States  92697
• Principal Investigators:

  Chen, Alfred

• Start Date: 20231030
• Expected Completion Date: 20240830
• Actual Completion Date: 0
• USDOT Program: University Transportation Centers Program

Subject/Index Terms

• TRT Terms: Autonomous vehicles; Computer security; Risk assessment
• Subject Areas: Data and Information Technology; Security and Emergencies; Transportation (General);

Filing Info

• Accession Number: 01901164
• Record Type: Research project
• Source Agency: Center for Automated Vehicle Research with Multimodal Assured Navigation
• Contract Numbers: 69A3552348327
• Files: UTC, RIP
• Created Date: Dec 1 2023 4:54AM