I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2021-11-12 DOI:10.1145/3460120.3484766

Wei Wang, Yao Yao, Xin Liu, Xiang Li, Pei Hao, Ting Zhu

{"title":"I Can See the Light: Attacks on Autonomous Vehicles Using Invisible Lights","authors":"Wei Wang, Yao Yao, Xin Liu, Xiang Li, Pei Hao, Ting Zhu","doi":"10.1145/3460120.3484766","DOIUrl":null,"url":null,"abstract":"The camera is one of the most important sensors for an autonomous vehicle (AV) to perform Environment Perception and Simultaneous Localization and Mapping (SLAM). To secure the camera, current autonomous vehicles not only utilize the data gathered from multiple sensors (e.g., Camera, Ultrasonic Sensor, Radar, or LiDAR) for environment perception and SLAM but also require the human driver to always realize the driving situation, which can effectively defend against previous attack approaches (i.e., creating visible fake objects or introducing perturbations to the camera by using advanced deep learning techniques). Different from their work, in this paper, we in-depth investigate the features of Infrared light and introduce a new security challenge called I-Can-See-the-Light- Attack (ICSL Attack) that can alter environment perception results and introduce SLAM errors to the AV. Specifically, we found that the invisible infrared lights (IR light) can successfully trigger the image sensor while human eyes cannot perceive IR lights. Moreover, the IR light appears magenta color in the camera, which triggers different pixels from the ambient visible light and can be selected as key points during the AV's SLAM process. By leveraging these features, we explore to i) generate invisible traffic lights, ii) create fake invisible objects, iii) ruin the in-car user experience, and iv) introduce SLAM errors to the AV. We implement the ICSL Attack by using off-the-shelf IR light sources and conduct an extensive evaluation on Tesla Model 3 and an enterprise-level autonomous driving platform under various environments and settings. We demonstrate the effectiveness of the ICSL Attack and prove that current autonomous vehicle companies have not yet considered the ICSL Attack, which introduces severe security issues. To secure the AV, by exploring unique features of the IR light, we propose a software-based detection module to defend against the ICSL Attack.","PeriodicalId":135883,"journal":{"name":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3460120.3484766","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

The camera is one of the most important sensors for an autonomous vehicle (AV) to perform Environment Perception and Simultaneous Localization and Mapping (SLAM). To secure the camera, current autonomous vehicles not only utilize the data gathered from multiple sensors (e.g., Camera, Ultrasonic Sensor, Radar, or LiDAR) for environment perception and SLAM but also require the human driver to always realize the driving situation, which can effectively defend against previous attack approaches (i.e., creating visible fake objects or introducing perturbations to the camera by using advanced deep learning techniques). Different from their work, in this paper, we in-depth investigate the features of Infrared light and introduce a new security challenge called I-Can-See-the-Light- Attack (ICSL Attack) that can alter environment perception results and introduce SLAM errors to the AV. Specifically, we found that the invisible infrared lights (IR light) can successfully trigger the image sensor while human eyes cannot perceive IR lights. Moreover, the IR light appears magenta color in the camera, which triggers different pixels from the ambient visible light and can be selected as key points during the AV's SLAM process. By leveraging these features, we explore to i) generate invisible traffic lights, ii) create fake invisible objects, iii) ruin the in-car user experience, and iv) introduce SLAM errors to the AV. We implement the ICSL Attack by using off-the-shelf IR light sources and conduct an extensive evaluation on Tesla Model 3 and an enterprise-level autonomous driving platform under various environments and settings. We demonstrate the effectiveness of the ICSL Attack and prove that current autonomous vehicle companies have not yet considered the ICSL Attack, which introduces severe security issues. To secure the AV, by exploring unique features of the IR light, we propose a software-based detection module to defend against the ICSL Attack.

查看原文本刊更多论文

我能看见光:使用隐形光攻击自动驾驶汽车

摄像头是自动驾驶汽车(AV)进行环境感知和同时定位与绘图(SLAM)的最重要传感器之一。为了保护摄像头，目前的自动驾驶汽车不仅利用从多个传感器(如摄像头、超声波传感器、雷达或激光雷达)收集的数据进行环境感知和SLAM，而且还要求人类驾驶员始终意识到驾驶情况，这可以有效地防御以前的攻击方法(即，通过使用先进的深度学习技术创建可见的假物体或对摄像头引入扰动)。与他们的工作不同，在本文中，我们深入研究了红外光的特征，并引入了一种新的安全挑战，称为i - can - see -the- Attack (ICSL攻击)，它可以改变环境感知结果并给自动驾驶汽车引入SLAM错误。具体来说，我们发现不可见的红外光(IR光)可以成功触发图像传感器，而人眼无法感知红外光。此外，红外光在相机中呈现洋红色，与环境可见光触发不同的像素点，可以作为AV SLAM过程中的关键点。通过利用这些特性，我们探索了i)生成看不见的交通灯，ii)创建假的看不见的物体，iii)破坏车内用户体验，以及iv)向自动驾驶引入SLAM错误。我们通过使用现成的红外光源实现ICSL攻击，并在特斯拉Model 3和企业级自动驾驶平台上进行了广泛的评估在各种环境和设置。我们证明了ICSL攻击的有效性，并证明目前的自动驾驶汽车公司还没有考虑到ICSL攻击，这会带来严重的安全问题。为了保护AV，通过探索红外光的独特功能，我们提出了一个基于软件的检测模块来防御ICSL攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量