SLAMSpoof: Practical LiDAR Spoofing Attacks on Localization Systems Guided by Scan Matching Vulnerability Analysis (2502.13641v1)

Abstract: Accurate localization is essential for enabling modern full self-driving services. These services heavily rely on map-based traffic information to reduce uncertainties in recognizing lane shapes, traffic light locations, and traffic signs. Achieving this level of reliance on map information requires centimeter-level localization accuracy, which is currently only achievable with LiDAR sensors. However, LiDAR is known to be vulnerable to spoofing attacks that emit malicious lasers against LiDAR to overwrite its measurements. Once localization is compromised, the attack could lead the victim off roads or make them ignore traffic lights. Motivated by these serious safety implications, we design SLAMSpoof, the first practical LiDAR spoofing attack on localization systems for self-driving to assess the actual attack significance on autonomous vehicles. SLAMSpoof can effectively find the effective attack location based on our scan matching vulnerability score (SMVS), a point-wise metric representing the potential vulnerability to spoofing attacks. To evaluate the effectiveness of the attack, we conduct real-world experiments on ground vehicles and confirm its high capability in real-world scenarios, inducing position errors of $\geq$4.2 meters (more than typical lane width) for all 3 popular LiDAR-based localization algorithms. We finally discuss the potential countermeasures of this attack. Code is available at https://github.com/Keio-CSG/slamspoof

An Analysis of "SLAMSpoof: Practical LiDAR Spoofing Attacks on Localization Systems Guided by Scan Matching Vulnerability Analysis"

This paper addresses a critical vulnerability in autonomous vehicle localization systems, specifically focusing on the susceptibility of LiDAR-based strategies to spoofing attacks. The authors present "SLAMSpoof," a method designed to exploit weaknesses in the scan matching processes used by LiDAR to estimate vehicle positions accurately. The research outlines the potential for malicious alterations that could lead autonomous vehicles to make hazardous navigational errors.

Overview of the Problem

Autonomous vehicles rely heavily on LiDAR sensors for navigation and localization. These sensors provide the precision needed to resolve fine details about the environment, such as lane boundaries and traffic signals. However, the inherent susceptibility of LiDAR to spoofing attacks poses a significant threat. In a spoofing scenario, an attacker projects false signals that overwrite legitimate sensor readings, introducing 'ghost' points or obscuring real ones. Such disruptions can cause substantial deviations in vehicle positioning, potentially leading to dangerous driving decisions.

SLAMSpoof Methodology

The paper details the development of SLAMSpoof, purported to be the first practical LiDAR spoofing attack tailored for assessing vulnerabilities in autonomous vehicle localization processes. A pivotal innovation introduced by the authors is the Scan Matching Vulnerability Score (SMVS), a metric quantifying a localization system's susceptibility to spoofing attacks. This score guides attackers to areas making localization algorithms vulnerable due to the spatial distribution of critical point cloud features.

The SLAMSpoof approach involves several key steps. Initially, it determines high-vulnerability locations along a potential path using SMVS. Once identified, LiDAR spoofing devices are strategically positioned to maximize disruption. This methodology's efficacy is supported through extensive simulations and real-world experiments, demonstrating significant positioning errors in various localization strategies when subject to spoofing.

Experimental Validation

The authors conducted both simulated and real-world experiments to validate SLAMSpoof's efficiency. Their findings reveal that the method can induce position errors larger than typical lane widths (≥4.2 meters) in common LiDAR-based localization algorithms, including A-LOAM, KISS-ICP, and hdl_localization. While the injection attacks showed higher impacts in simulations, removal attacks proved more effective in physical trials, attributed to specific technical constraints during real-world execution.

Implications and Future Directions

The implications of this research are profound for the development of autonomous vehicles. The documented vulnerability of LiDAR-based localization to spoofing necessitates the adoption of more robust security measures. The paper suggests countermeasures such as pulse signature detection in LiDAR systems and the integration of multiple sensor types, including IMUs, to provide resilience against spoofing efforts. These defenses, in conjunction with the SMVS framework, could enhance the reliability and safety of autonomous navigation technologies.

The authors emphasize the need for ongoing diligence in assessing and mitigating security risks within autonomous vehicle systems. As LiDAR technology remains integral for achieving the precision required in self-driving applications, ensuring its reliable operation in the face of adversarial threats is paramount. The introduction of SLAMSpoof contributes to a critical understanding of existing vulnerabilities, serving as both a cautionary instance and a catalyst for further innovation in the secure design of autonomous systems. Future research should explore additional algorithms and hardware enhancements to fortify LiDAR's security against potential spoofing attacks.

In conclusion, SLAMSpoof underscores a substantial security challenge in autonomous vehicle localization, providing both a theoretical and practical framework for addressing these vulnerabilities. The integration of SMVS into security assessments presents a valuable tool for the continued advancement of resilient autonomous vehicle technologies.