Secure Autonomous Vehicle Embedded Computing and Sensing Paata J Secure Autonomous Vehicle Embedded Computing and Sensing Paata J. Kervalishvili 2nd SENS-ERA Workshop on “Advanced Sensor Systems and Networks” TEI Piraeus, Athens, Greece December 6, 2012 These works are performed in close cooperation with US colleagues lead by Prof. Alex Wiglinsky

The goal of the work is to enhance the security of unmanned platforms collaborating together on a specific task against malicious attacks targeting their on-board embedded computing and sensor systems. The main objectives of are: 1. To create a prototype test-bed facility designed to accurately assess potential security vulnerabilities in cooperative networks of unmanned platforms, as well as evaluate new concepts and countermeasures to harden these platforms and networks from malicious attacks 2. To identify potential security vulnerabilities associated with the embedded computing and sensor systems of unmanned ground vehicles, unmanned aerial vehicles, and complex networks. 3. To investigate real-time human-in-the-loop control algorithms for supporting multiple unmanned platforms via a single human operator. Leveraging traditional approaches for controlling multiple platforms, such as wireless networking and localization information obtained from global positioning system (GPS) devices, these unmanned platforms will also use their sensor systems in order to extract information about the actions of the other unmanned platforms within the network and extract from this information their updated role in the mission 4. To create efficient, lightweight cryptographic algorithms for realizations requiring a balance of computing, memory, and energy in order to reliably protect these unmanned systems from attacks designed to compromise the system or the network of systems by exploiting the leakage of critical information, such as power, electromagnetic emissions, execution time.

Background Embedded systems and sensor devices are increasingly becoming an integral part of many defense-critical applications ranging from unmanned aircraft, unmanned vehicles, robotics, naval applications, and many land-based operations. On the commercial side, embedded systems and sensor devices are employed from jet engines to vending machines and to manufacturing assembly lines, which rely on embedded systems and sensor devices at the core of their design in order to support their seamless operation. However, this increasing reliance on embedded computing and sensor technology, as well as the applications they support, introduces a new form of vulnerability into this critical infrastructure that only now is beginning to be recognized as a significant threat to operations with potentially very serious consequences. There have been a substantial amount of resources invested recently in the development of unmanned systems that can autonomously perform specified tasks in challenging environments. As a result of these activities, the research community’s understanding of these complex systems has significantly advanced, enabling ever-increasing complex operations and functions performed by these unmanned systems thought unrealizable only a decade ago. For example, both the DARPA Grand Challenge and DARPA Urban Challenge yielded several sophisticated implementations of self-driving ground vehicles capable of driving across long distances and/or challenging driving environments without the need for assistance from a human operator. Commercially, several companies are also exploring this new Secure Autonomous Vehicle Embedded Computing and Sensing

Despite these substantial investments in creating and perfecting unmanned autonomous vehicles, there is one key aspect in the design of these systems that is noticeably absent: security. To the best of our knowledge, only a minimal amount of research has been conducted in the area of securing unmanned autonomous platforms. Almost all of these research activities have focused on simply encrypting all data, both on the embedded system and the wireless channels, without assessing other potential vulnerabilities. In fact, several of these other potential vulnerabilities have already been demonstrated on actual hardware platforms and published in the open literature. For example, several researchers have explored embedded computing and sensor system vulnerabilities on commercial vehicles, which can be accessed by non-conventional methods such as the vehicle’s entertainment system or tire pressure sensors. Exploiting the firmware updating mechanism of these commercial vehicles has also been explored as a potential vulnerability, as well as attacks carried out over the wireless channels connecting the vehicular platform to some information network. Cryptographic attacks have also been demonstrated on these platforms, and techniques have already started being developed to assess whether the embedded computing and sensor system resources are being compromised by an attack. GPS spoofing is another research topic that is being explored, and the results of activities related to this topic can possess some serious impacts on the navigation of unmanned systems, as demonstrated.

The second activity focuses on identifying potential security vulnerabilities associated with the embedded computing and sensor systems of unmanned ground vehicles, unmanned aerial vehicles, and complex networks of cooperating. For example, it will be explored active attack techniques targeting the sensor technologies commonly used in autonomous platforms, e.g. ultrasound sensors, infrared sensors, and hall effect sensors. An autonomous platform decides on its action based on inputs received from these sensors. By attacking the sensors, the adversary can cause autonomous platform suicides and vandalism as well as denial-of-service and can even gain full control of the autonomous platform. We propose to further investigate their vulnerabilities to side-channel attacks. The third activity focuses on enabling trust and attack identification in distributed, cooperative networks of unmanned platforms, such as those illustrated in Figure 2. Leveraging advanced techniques and algorithms, such as distributed change point detection, we can quickly detect the presence of an attacker and further identify the location of suspicious behavior. The enabling observation is that the abnormal behavior will cause subtle changes in the distributions of the random observations of distributed sensors. Based on the main objectives the first activity focuses on the actual implementation of a prototype test-bed facility for the identification of potential security vulnerabilities in autonomous platforms, as well as the validation of new algorithms and techniques for hardening these platforms from attack. At the core of this test-bed is an unmanned ground vehicle that consists of a commericially available sports utility vehicle, an array of different sensors including LIDAR, a drive-by-wire kit, and other electronic components and instruments. The proposed unmanned ground vehicle platform is illustrated in Figure 3. Hence, by quickly detecting such changes, one can detect the presence of malicious behavior quickly.

Furthermore, the sensors that are closer to the point of attack will observe such a change earlier than those sensors that are further away from the point of attack. Hence by investigating the times when the sensors observe changes, one can gain valuable information about the point of attack. In the proposed project, we will design and implement various detection schemes. Using the proposed test-bed, we will study various trade-offs among detection delay, false alarm, implementation complexity, and communication overhead, with the goal of identifying schemes that have good performance and are amenable to implementation. The fourth activity focuses on real-time human-in-the-loop control algorithms for supporting multiple unmanned platforms via a single human operator. Specifically, this activity will investigate how a single human operator can control a network of different types of autonomous platforms, such as UGVs and UAVs, to execute a specific task or mission. The fifth activity involves research into topics such as securing firmware from counterfeiting. Typically, firmware can be protected using a security built-in microprocessor, which is usually more expensive, or using a cryptographic authentication IC, also referred as security co-processor. The proposed test-bed will incorporate both types of configuration to evaluate and compare their security performance.

Conclusion I This work enable state-of-the-art research into the physical security of networks of autonomous systems. Specifically, this project will help foster new research into identifying and mitigating attacks on autonomous platforms (UGVs, UAVs) that were designed to exploit security weaknesses in logical systems such as software or cryptographic protocols in order to gain access to the unauthorized information, disable the functions of the sensors as well as extract information from the sensors and actuators of an autonomous system, and inject false information into an automotive autonomous system in order to redirect its path and behavior. Since many autonomous systems obtain their external information via wireless transmissions, either from a command-and-control center or from another autonomous system, this presents a possible vulnerability for attack from an external entity. Moreover, given the dependency of most autonomous systems on embedded processors and sensor systems located throughout a platform, this proposed project will help enable research into identifying various forms of embedded processor hardware and firmware attacks, as well as provide a resource for assessing the effectiveness of new approaches to harden these embedded processors.

Conclusion II With the current research efforts being pursued in the area of security for autonomous systems, almost all activities are focused on attacks and vulnerabilities that take place at the network layer and above. Conversely, research efforts into securing the lower layers of these systems have been rather minimal and remain to be extensively explored, such as attacks on chips, tampering, reverse engineering, anti-counterfeiting, and information leakage. Thus, given the high level of dependency that these systems possess with respect to the physical environment around them, such as sensory information, microcontrollers, and control data between different platforms, and coupling with these vulnerabilities the exponential growth in the area of complex networks of autonomous platforms, research into physical security of networks of autonomous systems has the potential to be transformative and very high impact given our growing reliance on this technology. Moreover, these issues and their potential solutions lie at the boundaries of embedded processing, physical security, robotics, and wireless communications. Research work developed evaluation methods for assessing the security of networks of autonomous systems. It is necessary to underline that this is the first work that attempts to assess autonomous system security for networks of both unmanned ground vehicles and unmanned aerial vehicles. However, in order to achieve these goals, specialized equipment is needed to accurately assess and evaluate these systems.

THANK YOU VERY MUCH FOR YOUR ATTENTION