Jinghan Yang, Andew Estornell, Yevgeniy Vorobeychik (Washington University in St. Louis)

A common vision for large-scale autonomous vehicle deployment is in a ride-hailing context. While this promises tremendous societal benefits, large-scale deployment can also exacerbate the impact of potential vulnerabilities of autonomous vehicle technologies. One particularly concerning vulnerability demonstrated in recent security research involves GPS spoofing, whereby a malicious party can introduce significant error into the perceived location of the vehicle. However, such attack focus on a single target vehicle. Our goal is to understand the systemic impact of a limited number of carefully placed spoofing devices on the quality of the ride hailing service that employs a large number of autonomous vehicles. We consider two variants of this problem: 1) a static variant, in which the spoofing device locations and their configuration are fixed, and 2) a dynamic variant, where both the spoofing devices and their configuration can change over time. In addition, we consider two possible attack objectives: 1) to maximize overall travel delay, and 2) to minimize the number of successfully completed requests (dropping off passengers at the wrong destinations). First, we show that the problem is NP-hard even in the static case. Next, we present an integer linear programming approach for solving the static variant of the problem, as well as a novel deep reinforcement learning approach for the dynamic variant. Our experiments on a real traffic network demonstrate that the proposed attacks on autonomous fleets are highly successful, and even a few spoofing devices can significantly degrade the efficacy of an autonomous ride-hailing fleet.

View More Papers

Commercial Vehicle Electronic Logging Device Security: Unmasking the Risk...

Jake Jepson, Rik Chatterjee, Jeremy Daily (Colorado State University)

Read More

Fine-Grained Trackability in Protocol Executions

Ksenia Budykho (Surrey Centre for Cyber Security, University of Surrey, UK), Ioana Boureanu (Surrey Centre for Cyber Security, University of Surrey, UK), Steve Wesemeyer (Surrey Centre for Cyber Security, University of Surrey, UK), Daniel Romero (NCC Group), Matt Lewis (NCC Group), Yogaratnam Rahulan (5G/6G Innovation Centre - 5GIC/6GIC, University of Surrey, UK), Fortunat Rajaona (Surrey…

Read More

VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests

Scott Jordan (University of California, Irvine), Yoshimichi Nakatsuka (University of California, Irvine), Ercan Ozturk (University of California, Irvine), Andrew Paverd (Microsoft Research), Gene Tsudik (University of California, Irvine)

Read More

Adversarial Robustness for Tabular Data through Cost and Utility...

Klim Kireev (EPFL), Bogdan Kulynych (EPFL), Carmela Troncoso (EPFL)

Read More