Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Multi-Agent Security Testbed for the Analysis of Attacks and Defenses in Collaborative Sensor Fusion (2401.09387v1)

Published 17 Jan 2024 in cs.RO, cs.SY, and eess.SY

Abstract: The performance and safety of autonomous vehicles (AVs) deteriorates under adverse environments and adversarial actors. The investment in multi-sensor, multi-agent (MSMA) AVs is meant to promote improved efficiency of travel and mitigate safety risks. Unfortunately, minimal investment has been made to develop security-aware MSMA sensor fusion pipelines leaving them vulnerable to adversaries. To advance security analysis of AVs, we develop the Multi-Agent Security Testbed, MAST, in the Robot Operating System (ROS2). Our framework is scalable for general AV scenarios and is integrated with recent multi-agent datasets. We construct the first bridge between AVstack and ROS and develop automated AV pipeline builds to enable rapid AV prototyping. We tackle the challenge of deploying variable numbers of agent/adversary nodes at launch-time with dynamic topic remapping. Using this testbed, we motivate the need for security-aware AV architectures by exposing the vulnerability of centralized multi-agent fusion pipelines to (un)coordinated adversary models in case studies and Monte Carlo analysis.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (35)
  1. “5g - v2x onward - 5gaa.org,” https://5gaa.org/5g-technology/, [Accessed 22-12-2023].
  2. “5gaa showcases cutting edge c-v2x technology, pioneering the future of vehicle connectivity - 5gaa,” https://5gaa.org/5gaa-showcases-cutting-edge-c-v2x-technology-pioneering-the-future-of-vehicle-connectivity/, [Accessed 22-12-2023].
  3. “Audi vehicles can now communicate with traffic lights in düsseldorf, germany — futurecar.com,” https://www.futurecar.com/3766/Audi-Vehicles-Can-Now-Communicate-with-Traffic-Lights-in-Dsseldorf-Germany, [Accessed 22-12-2023].
  4. “Lincoln mkz 2017 vehicle features,” University of Michigan, Tech. Rep. [Online]. Available: https://mcity.umich.edu/wp-content/uploads/2023/03/Mcity-Vehicle-Features_2023_03_13-1.pdf
  5. “Mcity 2.0,” https://mcity.umich.edu/our-work/mcity-test-facility/mcity-2/, [Accessed 22-12-2023]. [Online]. Available: https://mcity.umich.edu/our-work/mcity-test-facility/mcity-2/
  6. “What is V2X communication? Creating connectivity for the autonomous car era — zdnet.com,” https://www.zdnet.com/home-and-office/networking/what-is-v2x-communication-creating-connectivity-for-the-autonomous-car-era/, [Accessed 22-12-2023].
  7. M. Abdelfattah, K. Yuan, Z. J. Wang, and R. Ward, “Towards universal physical attacks on cascaded camera-lidar 3d object detection models,” in 2021 IEEE International Conference on Image Processing (ICIP).   IEEE, 2021, pp. 3592–3596.
  8. J. Benko, W. Clark, C. Craig, G. Culver, P. Mahan, A. Patel, D. Voce, N. Bezzo, and G. C. Lewin, “Security and resiliency of coordinated autonomous vehicles,” in 2019 Systems and Information Engineering Design Symposium (SIEDS).   IEEE, 2019, pp. 1–6.
  9. S. S. Blackman, “Multiple-target tracking with radar applications,” Dedham, 1986.
  10. S. Bono, M. Green, A. Stubblefield, A. Juels, A. D. Rubin, and M. Szydlo, “Security analysis of a cryptographically-enabled rfid device.” in USENIX, vol. 31, 2005, pp. 1–16.
  11. N. E. Boudette, “Tesla says autopilot makes its cars safer. crash victims say it kills.” International New York Times, pp. NA–NA, 2021.
  12. Y. Cao, C. Xiao, B. Cyr, Y. Zhou, W. Park, S. Rampazzi, Q. A. Chen, K. Fu, and Z. M. Mao, “Adversarial sensor attack on lidar-based perception in autonomous driving,” in Proceedings of the 2019 ACM SIGSAC conference on computer and communications security.   London, UK: ACM, 2019, pp. 2267–2281.
  13. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno, “Comprehensive experimental analyses of automotive attack surfaces,” in 20th USENIX (USENIX Security 11), 2011.
  14. G. Conte, D. Scaradozzi, D. Mannocchi, P. Raspa, L. Panebianco, and L. Screpanti, “Development and experimental tests of a ros multi-agent structure for autonomous surface vehicles,” Journal of Intelligent & Robotic Systems, vol. 92, pp. 705–718, 2018.
  15. M. Contributors, “MMDetection3D: OpenMMLab next-generation platform for general 3D object detection,” https://github.com/open-mmlab/mmdetection3d, 2020.
  16. R. S. Hallyburton, Y. Liu, Y. Cao, Z. M. Mao, and M. Pajic, “Security analysis of camera-lidar fusion against black-box attacks on autonomous vehicles,” in 31st USENIX (USENIX SECURITY).   Berkeley, CA: USENIX, 2022, pp. 1–18.
  17. R. S. Hallyburton and M. Pajic, “Datasets, models, and algorithms for multi-sensor, multi-agent autonomy using avstack,” arXiv preprint arXiv:2312.04970, 2023.
  18. ——, “Securing autonomous vehicles under partial-information cyber attacks on lidar data,” arXiv preprint arXiv:2303.03470, 2023.
  19. R. S. Hallyburton, S. Zhang, and M. Pajic, “Avstack: An open-source, reconfigurable platform for autonomous vehicle development,” in Proceedings of the ACM/IEEE 14th International Conference on Cyber-Physical Systems (with CPS-IoT Week 2023), 2023, pp. 209–220.
  20. O. A. Ibrahim, A. M. Hussain, G. Oligeri, and R. Di Pietro, “Key is in the air: Hacking remote keyless entry systems,” in Security and Safety Interplay of Intelligent Software Systems: ESORICS 2018 International Workshops, ISSA 2018 and CSITS 2018, Barcelona, Spain, September 6–7, 2018, Revised Selected Papers.   Springer, 2019, pp. 125–132.
  21. R. Jonker and T. Volgenant, “Improving the hungarian assignment algorithm,” Operations Research, vol. 5, no. 4, pp. 171–175, 1986.
  22. S. Julier and J. K. Uhlmann, “General decentralized data fusion with covariance intersection,” in Handbook of multisensor data fusion.   CRC Press, 2017, pp. 339–364.
  23. S. Kamkar, “Drive it like you hacked it: New attacks and tools to wirelessly steal cars,” Presentation at DEFCON, vol. 23, p. 10, 2015.
  24. K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham et al., “Experimental security analysis of a modern automobile,” in 2010 IEEE symposium on security and privacy, IEEE.   New York, NY: IEEE, 2010, pp. 447–462.
  25. M. Lee, M. Sunwoo, and K. Jo, “Collision risk assessment of occluded vehicle based on the motion predictions using the precise road map,” Robotics and Autonomous Systems, vol. 106, pp. 179–191, 2018.
  26. S. Malik and W. Sun, “Analysis and simulation of cyber attacks against connected and autonomous vehicles,” in 2020 International Conference on Connected and Autonomous Driving.   IEEE, 2020, pp. 62–70.
  27. C. Miller and C. Valasek, “Remote exploitation of an unaltered passenger vehicle,” Black Hat USA, vol. 2015, no. S 91, pp. 1–91, 2015.
  28. NHTSA, “Motor vehicles increasingly vulnerable to remote exploits,” Internet Crime Complaint Center (IC3), 2016. [Online]. Available: http://www.ic3.gov/media/2016/160317.aspx
  29. A. Petrillo, A. Pescape, and S. Santini, “A secure adaptive control for cooperative driving of autonomous connected vehicles in the presence of heterogeneous communication delays and cyberattacks,” IEEE transactions on cybernetics, vol. 51, no. 3, pp. 1134–1149, 2020.
  30. M. Quigley, K. Conley, B. Gerkey, J. Faust, T. Foote, J. Leibs, R. Wheeler, A. Y. Ng et al., “Ros: an open-source robot operating system,” in ICRA workshop on open source software, vol. 3, no. 3.2.   Kobe, Japan, 2009, p. 5.
  31. J. Sun, Y. Cao, Q. A. Chen, and Z. M. Mao, “Towards robust {{\{{LiDAR-based}}\}} perception in autonomous driving: General black-box adversarial sensor attack and countermeasures,” in 29th USENIX (USENIX Security 20).   Boston, MA: USENIX, 2020, pp. 877–894.
  32. J. Tu, M. Ren, S. Manivasagam, M. Liang, B. Yang, R. Du, F. Cheng, and R. Urtasun, “Physically realizable adversarial examples for lidar object detection,” in Proceedings of the IEEE/CVF CVPR.   New York, NY: IEEE, 2020, pp. 13 716–13 725.
  33. R. Xu, H. Xiang, X. Xia, X. Han, J. Li, and J. Ma, “Opv2v: An open benchmark dataset and fusion pipeline for perception with vehicle-to-vehicle communication,” in 2022 ICRA, 2022, pp. 2583–2589.
  34. Q. Zhang, S. Jin, J. Sun, X. Zhang, R. Zhu, Q. A. Chen, and Z. M. Mao, “On data fabrication in collaborative vehicular perception: Attacks and countermeasures,” arXiv preprint arXiv:2309.12955, 2023.
  35. B. Zou, P. Choobchian, and J. Rozenberg, “Cyber resilience of autonomous mobility systems: cyber-attacks and resilience-enhancing strategies,” Journal of transportation security, pp. 1–19, 2021.

Summary

  • The paper introduces MAST, a testbed enabling realistic simulation of both coordinated and uncoordinated adversarial attacks in sensor fusion pipelines.
  • It leverages the ROS framework to integrate advanced vehicular datasets and offers flexible, dynamic scenario setups through topic remapping.
  • Monte Carlo evaluations reveal significant vulnerabilities in centralized multi-agent fusion pipelines, highlighting the need for robust integrity checks.

A Multi-Agent Security Testbed for Analyzing Security of Collaborative Sensor Fusion

This article presents the development and evaluation of the Multi-Agent Security Testbed (MAST), a framework designed for assessing security threats and defenses in multi-sensor, multi-agent (MSMA) collaborative sensor fusion pipelines. Situated within the burgeoning field of autonomous vehicles (AVs), this work addresses the vulnerability of MSMA architectures to adversarial attacks by establishing a platform that supports a comprehensive range of security analyses.

Overview

The motivation behind this work stems from the increasing incorporation of multi-agent systems in AV technologies, which aim to enhance safety and operational effectiveness through collaborative autonomy enabled by sensor fusion and vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communication. Despite significant investment in these technologies, their corresponding security protocols remain underdeveloped, thus exposing them to potential cyber threats.

MAST, constructed within the Robot Operating System (ROS) framework, serves as a versatile testbed that integrates advanced vehicular datasets. It establishes a bridge between AV development tools and real-time simulation environments, thereby facilitating the deployment of variable agent configurations and adversary models. The framework also features dynamic topic remapping for flexible scenario setup, which is critical for deploying complex multi-agent scenarios.

Methodology

The testbed's primary innovation lies in its capability to simulate both coordinated and uncoordinated adversarial attacks with variable numbers of adversary nodes. The coordinated attacks consider adversarial nodes that can communicate with one another to launch synchronized disruptions in MSMA systems, while uncoordinated attacks model scenarios where each adversarial node operates independently.

The authors implemented adversarial attacks at various levels of the MSMA pipeline: sensing, perception, and communication. Their framework allows for the realistic testing of adversarial effects using Monte Carlo analysis and detailed case studies, which highlight crucial system vulnerabilities and inform the development of more robust, security-aware collaborative architectures.

Results and Implications

Case studies conducted using MAST reveal that centralized multi-agent fusion pipelines are particularly susceptible to adversarial manipulations, which can compromise situational awareness. The framework demonstrates that without robust security mechanisms, MSMA architectures remain vulnerable to a broad range of attacks that can disrupt AV operations by introducing false positives or masking genuine threats.

The Monte Carlo evaluations provide an in-depth statistical analysis of the impact of adversary parameters such as the number of compromised agents and false information injected. The findings reinforce the need for developing intelligent integrity checks and robust data association techniques to secure MSMA sensor fusion pipelines.

Future Directions

A critical area identified for future work is the implementation of integrity mechanisms at the command center level to filter adversarial data. Such mechanisms would enhance the resilience of collaborative sensor fusion systems against both detected and undetected malicious interventions.

Additionally, while the current framework incorporates static infrastructure agents with predefined datasets for simplicity, future developments could focus on extending the testbed to include dynamic dataset generation with multiple mobile agents. This expansion would more comprehensively capture real-world AV scenarios.

Conclusion

In summary, MAST represents a significant step towards a more secure integration of collaborative systems in autonomous vehicle applications. By enabling detailed security evaluations of MSMA pipelines in a flexible and scalable manner, MAST not only uncovers existing vulnerabilities but also serves as a foundational tool for driving advancements in the secure deployment of autonomous technologies. Such a testbed is critical for preemptively addressing the threats posed by increasingly sophisticated cyber-attacks on autonomous systems.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets