0% found this document useful (0 votes)
17 views24 pages

Gao22 ADSecurity

The document discusses the security challenges faced by the autonomous driving industry, highlighting the immature state of current technologies and the significant risks associated with their operation. It analyzes security across four dimensions: sensors, operating systems, control systems, and vehicle-to-everything (V2X) communication, while also proposing a multilayer defense framework to enhance security. The article reviews existing vulnerabilities, attack surfaces, and real-world incidents to underscore the importance of robust security measures in autonomous vehicles.

Uploaded by

viveknathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
17 views24 pages

Gao22 ADSecurity

The document discusses the security challenges faced by the autonomous driving industry, highlighting the immature state of current technologies and the significant risks associated with their operation. It analyzes security across four dimensions: sensors, operating systems, control systems, and vehicle-to-everything (V2X) communication, while also proposing a multilayer defense framework to enhance security. The article reviews existing vulnerabilities, attack surfaces, and real-world incidents to underscore the importance of robust security measures in autonomous vehicles.

Uploaded by

viveknathan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 24

7572 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO.

10, MAY 15, 2022

Autonomous Driving Security: State


of the Art and Challenges
Cong Gao , Geng Wang , Weisong Shi , Fellow, IEEE, Zhongmin Wang , and Yanping Chen

Abstract—The autonomous driving industry has mushroomed accidents. However, current autonomous driving technologies
over the past decade. Although autonomous driving has undoubt- are immature and still in development. The safety of the pas-
edly become one of the most promising technologies of this sengers and the vehicle itself is far from guaranteed [1], [2].
century, its development faces multiple challenges, of which secu-
rity is the major concern. In this article, we present a thorough For instance, in 2018, an Uber unmanned vehicle collided
analysis of autonomous driving security. First, the attack sur- with a pedestrian wheeling a bicycle across the road during
face of autonomous driving is presented. After an analysis of a road test in Arizona [3]. This was the world’s first case
the operation of autonomous driving in terms of key compo- of an autonomous vehicle accident, which caused the death
nents and technologies, the security of autonomous driving is of a pedestrian. The incident subsequently led to a stormy
elaborated in four dimensions: 1) sensors; 2) operating system;
3) control system; and 4) vehicle-to-everything (V2X) commu- discussion of the safety of autonomous vehicles.
nication. Sensor security is examined from five components,
which are mainly responsible for self-positioning and environ-
mental perception. The analysis of operating system security, A. Autonomous Driving Security
the second dimension, is concentrated on the robot operating An autonomous vehicle is a comprehensive system, which
system. Concerning the control system security, the controller mainly consists of a positioning system, a perception system,
area network is approached mainly from vulnerabilities and
protection measures. The fourth dimension, V2X communi- a planning system, and a control system [4]. The security of
cation security, is probed from four categories of attacks: autonomous vehicles generally refers to the security during the
1) authenticity/identification; 2) availability; 3) data integrity; driving process, including the security of the sensor, operat-
and 4) confidentiality with corresponding solutions. Moreover, the ing system, control system, and vehicle-to-everything (V2X)
drawbacks of existing methods adopted in the four dimensions communication.
are also provided. Finally, a conceptual multilayer defense frame-
work is proposed to secure the information flow from external 1) Sensor Security: Sensor security mainly deals with the
communication to the physical autonomous vehicle. security of the actual components, such as the onboard sensors
and onboard chips. For instance, Google’s self-driving vehicles
Index Terms—Attack surface, autonomous driving, control
area network, data distribution service (DDS), robot operating employ a variety of sensors to detect the driving environment.
system, security, sensor, unmanned vehicle, vehicle-to-everything The collected sensor data are used to analyze whether a vehicle
(V2X) communication. is in a safe driving state.
2) Operating System Security: Operating system security
refers to ensuring the integrity and availability of the operating
I. I NTRODUCTION system and preventing unauthorized access. At present, most
ITH the rapid improvement of intelligent vehicles,
W autonomous driving has attracted much research atten-
tion. Autonomous vehicles are considered to be beneficial for
autonomous vehicles are developed based on a robot system.
For instance, Baidu’s autonomous vehicle platform Apollo [5]
is based on the most famous robot operating system, ROS [6].
alleviating traffic congestion and reducing the number of road ROS is a robot middleware platform that provides the basic
functions of an operating system for heterogeneous computer
Manuscript received July 15, 2021; revised October 4, 2021; accepted
November 19, 2021. Date of publication November 23, 2021; date of cur-
clusters. However, ROS was originally designed without con-
rent version May 9, 2022. This work was supported in part by the Science sidering security. Other similar operating systems also suffer
and Technology Project of the Shaanxi Provincial Science and Technology from this problem.
Department, China, under Grant 2019ZDLGY07-08; in part by the Scientific
Research Program Funded by Shaanxi Provincial Education Department, 3) Control System Security: Control system security guar-
China, under Grant 21JP115; and in part by the Special Funds for Construction antees that the onboard decision-making system gives correct
of Key Disciplines in Universities in Shaanxi, China. (Corresponding author: instructions for steering, acceleration, deceleration, and park-
Cong Gao.)
Cong Gao and Geng Wang are with the School of Computer Science ing of the autonomous vehicle based on the data collected
and Technology, Xi’an University of Posts and Telecommunications, Xi’an from both the environment and the vehicle itself. However,
710121, China (e-mail: [email protected]; [email protected]). with the increasing variety of external interfaces of a vehicle,
Weisong Shi is with the College of Engineering, Wayne State University,
Detroit, MI 48202 USA (e-mail: [email protected]). novel attack surfaces keep emerging. Thus, the control system
Zhongmin Wang and Yanping Chen are with the Shaanxi Key is vulnerable to illegal invasions.
Laboratory of Network Data Analysis and Intelligent Processing, Xi’an 4) V2X Communication Security: V2X communication
University of Posts and Telecommunications, Xi’an 710121, China (e-mail:
[email protected]; [email protected]). security refers to the security of the communication
Digital Object Identifier 10.1109/JIOT.2021.3130054 of vehicle-to-vehicle (V2V), vehicle-to-infrastructure (V2I),
2327-4662 
c 2021 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.
See https://www.ieee.org/publications/rights/index.html for more information.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7573

vehicle-to-pedestrian (V2P), and vehicle-to-network (V2N).


The design of a vehicle network system is supposed to guar-
antee the above communication against attacks. Moreover,
the information about surrounding vehicles and environmental
conditions coming from V2X communication further con-
tributes to the security of a vehicle.

B. Attack Surface
The notion of attack surface usually attributed to Michael
Howard of Microsoft. It is informally introduced to act as an
indicator of the security of a software system [7].
Early research on attack surface [8]–[12] mainly focused on
software systems and laid a solid foundation for subsequent
study. Michael Howard considered that attack surface is a set Fig. 1. Attack surfaces of autonomous driving.
of attack features: open sockets, open RPC endpoints, open
named pipes, services, etc., [7]. Manadhata et al. [12] presented
the definition that a system’s attack surface is the subset of automated vehicles and cooperative automated vehicles were
resources that an attacker can use to attack the system. analyzed, respectively.
Ren et al. [2] briefly categorized security threats sur- Based on the analysis of the above literatures, we broadly
rounding an autonomous vehicle into three groups of attacks divide the attack surfaces of autonomous driving into three
surfaces: 1) various sensors; 2) in-vehicle access and control categories. As shown in Fig. 1, they are sensors, in-vehicle
systems; and 3) in-vehicle network protocols. systems, and V2X. For sensors: GNSS/IMU stands for global
Recent literature about attack surface focused on creating navigation satellite system and inertial measurement unit.
empirical and theoretical measures for the attack surface of a LiDAR is short for light detection and ranging. For in-vehicle
software system or computer network [13], such as [14]–[17]. systems: OBD-II is short for the second generation of onboard
In the field of autonomous driving, notable literatures diagnostics. TPMS stands for tire pressure monitoring system.
concerning attack surface are as follows. ADAS is short for the advanced driving assistance system. For
Maple et al. [18] developed a reference architecture using a V2X: OTA stands for over-the-air. It is essentially just a syn-
hybrid functional-communication viewpoint for attack surface onym for wireless. DSRC is short for dedicated short-range
analysis of connected autonomous vehicles (CAVs). communication. Fig. 1 is by no means exhaustive but aims to
Salfer and Eckert [19] proposed a method for the attack raise the security issues of autonomous vehicles.
surface and vulnerability assessment automation of automotive
electronic control units (ECUs) based on development data and
software flash images. C. Content and Roadmap
Checkoway et al. [20] conducted a detailed analysis of In this article, we review the state of the art and challenges
the external attack surface for automobiles. This work mainly involving the above four aspects of autonomous driving and
focused on remote compromise. point out the drawbacks of existing solutions. The main
In [21], threat areas of in-vehicle infotainment systems were components and related technologies of autonomous driving
discussed. Seven vulnerabilities of Linux-based in-vehicle are presented. The discussion of sensor security is focused
infotainment systems and 15 potential attack surfaces were on the cameras, GNSS/IMUs, ultrasonic sensors, millimeter-
identified. wave radar, and LiDAR. The discussion of operating system
Chattopadhyay et al. [22] developed a security-by-design security is focused on ROS. A security enhancement data
framework for autonomous vehicles. The framework con- distribution service (DDS) adopted by ROS version 2 is
tains a high-level model, which defines the attack surfaces described in detail. The analysis of control system secu-
of autonomous vehicles into three layers. rity is focused on the controller area network (CAN). The
Dominic et al. [23] presented a risk assessment frame- vulnerabilities of CAN are analyzed based on five attack
work for autonomous and cooperative automated driving. paths: 1) OBD-II; 2) electronic vehicle charger; 3) CD player;
A threat model was proposed based on the threat model 4) TPMS; and 5) Bluetooth. Two types of protection meth-
described by the national highway traffic safety administra- ods are presented: 1) those based on encryption/authentication
tion (NHTSA) [24] and security requirements described by and 2) those based on intrusion detection. The recent devel-
the E-safety vehicle intrusion protected applications (EVITA) opment of the control area network standard is also presented
project [25]. Attack surfaces were described in five categories: based on CAN with flexible data rate (CAN FD). V2X com-
1) inertial/odometric; 2) range sensors; 3) global positioning munication security is analyzed based on four categories of
system (GPS); 4) map update; and 5) V2V/V2I. attacks: 1) authenticity/identification; 2) availability; 3) data
Petit and Shladover [26] studied the potential cyber attacks integrity; and 4) confidentiality. Moreover, the blockchain-
against automated vehicles. The attack surfaces in autonomous based security measures for vehicular network are reviewed.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7574 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

Finally, six real-world security incidents of autonomous vehi-


cles are presented. Then, a conceptual multilayer defense
framework for the security of autonomous driving is
proposed.
The remainder of this article is structured as follows. In
Section II, we review the main components and technologies
of an autonomous driving system. In Section III, we discuss
the security of five key sensors for autonomous vehicles. In
Section IV, we analyze the security of the popular operating
systems for autonomous vehicles. The discussion is concen-
trated on ROS, which plays a dominant role in the field of
autonomous driving. In Section V, we discuss the security of
control systems based on CAN. Vulnerabilities, attacks, and
protections of CAN are presented. New standard of CAN is
presented based on CAN FD. In Section VI, we summarize
attacks against the communication in the Internet of Vehicles
(IoVs) and the corresponding solutions. In Section VII-A,
six real-world security incidents of autonomous vehicles are
introduced. These incidents are presented in four categories:
1) sensor security; 2) operating system security; 3) con- Fig. 2. Technology stack of autonomous driving.
trol system security; and 4) V2X communication security. In
Section VII-B, we propose a conceptual defense framework
for automotive information security. Finally, we present our built based on this information. For instance, V2X is able
conclusions in Section VIII. to collect real-time information about the surrounding vehi-
cles and environmental conditions. This information is used
for planning, which is critical in reducing traffic jams and
II. AUTONOMOUS D RIVING T ECHNOLOGIES enhancing the safety of the driving. Target actions given by
An autonomous driving system is a kind of intelligent the planning process are based on the information related to
system that realizes autonomous driving based on onboard V2X and the model of the environment. The control mod-
computer systems. It is an integration of multiple tech- ule issues commands, in accordance with the actions aimed
nologies. Generally speaking, an autonomous driving system at, to the corresponding actuators. An actuator acts on the
requires powerful computing ability. The computing resources environment and changes the status of the vehicle. The tech-
are responsible for the realization of the vehicle position- nologies mainly involve localization, perception, planning, and
ing, environmental perception, path planning, motion control, control.
etc. For instance, Xiao et al. [27] proposed a blockchain-
based algorithm called DAER to allocate resources for B. Technologies
intensive computing tasks. In general, the realization of
1) Localization: Existing solutions to the localization of
an autonomous driving system is based on multisensor
autonomous vehicles fall into two groups: 1) a vehicle
information fusion and should meet the requirements of
networking solution based on V2X with shared location
high performance and high security. The security of the
information and 2) a single agent solution based on multi-
related technologies for autonomous driving is a prerequi-
sensor information fusion. To ensure the safe and reliable
site for ensuring the security of autonomous vehicles on the
operation of autonomous vehicles on the road, the accurate
road.
positioning of the vehicles is a prerequisite.
The autonomous driving technology stack is shown in
As one of the core functions of vehicle sensing systems,
Fig. 2. There are two major aspects: 1) components and
positioning plays an extremely important role in research
2) technologies.
into autonomous vehicles. In other words, positioning is a
fundamental problem in this research area. The GNSS/IMU
A. Components package is an effective solution for positioning of autonomous
The key components of autonomous driving include vehicles [28]. However, this method is unable to achieve
GNSS/IMUs, sensors, V2X, and actuators. The GNSS/IMU high-precision positioning when the GNSS signals are weak,
is critical in the localization. It is a core component for sensor such as in underground parking lots and urban areas sur-
fusion and safe driving. Sensors play a pivotal role in envi- rounded with high-rise buildings. Besides, GNSS signals are
ronmental perception. Therefore, sensors should be deployed easily interfered with by a GPS jammer [29]. Map-assisted
around an autonomous vehicle. The detection coverage of positioning is another popular type of autonomous vehicle
cooperative homogeneous sensors is often made to be over- positioning method. Simultaneous localization and mapping
lapping so as to provide redundancy and accuracy. Different (SLAM) [30] is an example of this kind of algorithm. This
sensors use different detection technologies to perceive spe- technology is also known as concurrent mapping and local-
cific environmental information. An environment model is ization (CML). SLAM determines the current position of a

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7575

vehicle based on the observed environmental characteristics.


However, during a long-distance movement, the deviation of
the SLAM positioning gradually increases, thus resulting in an
inaccurate positioning, which is unacceptable for certain appli-
cation scenarios. The above problem with SLAM positioning
is effectively addressed by employing LiDAR to construct a
point cloud map of the area of interest in advance [31], [32].
Several semantics are added to the map, both automatically
and manually, such as specific markings of the lane lines, the Fig. 3. Three layers of planning.
location of traffic lights, and traffic rules on different roads.
This kind of semantic map is called a high definition (HD) 1) Mission Planning: Mission planning is also referred
map. to as path planning or routing planning. It focuses on
2) Perception: As the most challenging module in the task-level planning, such as the selection of a path
autonomous vehicles, the perception system directly affects between a starting point and an end point [37]. A given
the results given by planning system and control system. road system can be considered as a weighted directed
Conventional perception modules mainly utilize computer diagram. This diagram contains plenty of information,
vision technologies to extract information of the driving such as the connectivity among the different roads, traf-
environment. The obtained information is used to conduct fic rules, and the widths of the roads. This information
lane lines detection, obstacle detection, vehicle recogni- contributes the semantics of an HD map mentioned
tion/tracking, etc. in Section II-B1. As each directed edge in the dia-
Autonomous vehicles are equipped with a variety of sensors. gram is weighted, the core idea of path planning for
Among these sensors, ultrasonic radar, millimeter-wave radar, an autonomous vehicle is essentially the path search
LiDAR, and cameras can be considered as vision in a broad problem in a weighted directed diagram. In order to
sense. Due to low response speed and low resolution, ultra- make a vehicle move from A to B, it is expected
sonic radars are typically used for coarse-grained occasions, to obtain an optimal path, which is subject to several
such as car reversing aid alarm systems [33]. On the one hand, constraints, such as time, distance, and congestion.
when a vehicle is running at a high speed, the performance of 2) Behavior Planning: Behavior planning is also called
ultrasonic radar ranging is unable to catch up with the vari- decision making. Since autonomous vehicles usually
ation of displacement. On the other hand, as the scattering travel in a complicated environment, which is full of
angle of an ultrasonic radar is large, the signal reflected back is uncertainty and dynamics, challenges may come from:
weak especially for the measurement of a distant target. Hence, a) the degradation of the performance of the sensors and
the decrease in measurement accuracy might be significant. actuators, such as a snow-covered LiDAR and a skidding
Millimeter-wave radar and LiDAR are mainly responsible for tire on wet ground; b) vehicles and pedestrians breaking
the ranging of medium and long distances. LiDAR generally the rules, or other objects, such as reckless animals and
relies on multiple laser transmitters and receivers to build 3-D boxes falling off a truck; and c) unknown social con-
point cloud maps. These maps are used to achieve real-time ventions in unfamiliar areas, such as local festivals and
environmental perception. Two distinct advantages of LiDAR gatherings. Therefore, behavior planning is introduced
ranging are high precision and long distance. However, the to make the appropriate decisions for the next move of
actual performance of LiDAR might be poor in certain weather the autonomous vehicle, according to the result of the
conditions (e.g., rain, snow, and fog), since the straight laser mission planning and a wide variety of live information.
is blocked by obstacles. A millimeter-wave radar emits radio For instance, behavior planning instructs the vehicle to
waves to determine the position of a target. This kind of radar follow or pass other vehicles, wait for or pass by pedes-
is hardly affected by harsh weather conditions; thus, it is better trians, etc. One approach to behavior planning is to use
than LiDAR in this respect. However, millimeter-wave radars a complex finite-state machine (FSM), which contains a
are less capable in describing the shape of an object than large number of actions [38], [39]. The FSM starts from
that of LiDAR. Cameras are mainly used for capturing the an initial state and jumps to different states based on
information about traffic lights, traffic signs, and other objects. the variations of the driving scenario. The corresponding
In general, the images collected by a camera are examined and actions are passed to the motion planning.
partitioned to extract key features involving potential objects 3) Motion planning: Motion planning refers to the pro-
of interest. The extracted information is then compared with a cess of planning a series of consecutive actions. This
feature library for the purpose of image recognition. However, series corresponds to a specific goal, such as acceleration
the functionality of a camera is dramatically crippled by strong and obstacle avoidance. In general, there are two impor-
light or bad weather. tant performance metrics for a motion planning algo-
3) Planning: The planning module of an autonomous vehi- rithm: a) computational efficiency and b) integrity [37].
cle can be divided into three layers: 1) mission planning [34]; Computational efficiency refers to the processing speed
2) behavior planning [35]; and 3) motion planning [36]. In of accomplishing a motion plan. The computational effi-
most cases, they are conducted in the sequential order shown ciency of a motion planning algorithm depends largely
in Fig. 3. on the corresponding configuration space. The integrity

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7576 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

of a motion planning algorithm is described as follows. III. S ENSOR S ECURITY


Provided a problem is solvable, the motion planning Autonomous vehicles are equipped with a variety of sensors,
algorithm is able to find a solution in bounded time. For such as camera, GNSS/IMU, ultrasonic radar, millimeter-wave
an unsolvable problem, the algorithm is capable of jus- radar, and LiDAR. These sensors are responsible for collect-
tifying its infeasibility. In the scenario of autonomous ing information about the positioning of the vehicle itself, its
driving, the initial configuration of a motion planning surrounding environment, etc.
algorithm usually contains the current states of the El-Rewini et al. [45] presented a comprehensive review
vehicle, including its position, linear velocity, angular of potential cyber threats related to the sensing layer.
velocity, etc. The target configuration is derived from Sensors of autonomous vehicles were classified as two cate-
the behavior planning. In practice, the movement of a gories: 1) vehicle dynamics sensors (e.g., TPMSs, magnetic
vehicle always possesses certain restrictions, such as encoders, and inertial sensors) and 2) environment sensors
maximum steering angle, maximum acceleration, and (e.g., LiDAR, ultrasonic sensors, cameras, radio detection
maximum speed. These constraints are defined in the and ranging systems, and GPS units). The authors also
configuration space. offered perspectives through existing countermeasures from
4) Control: When an autonomous vehicle completes its literature and stressed the need for data-driven cybersecurity
self-positioning and its perception of its surrounding environ- solutions.
ment, as well as its planning decision, it needs to transform Sensors are at the forefront of the field of autonomous driv-
the obtained series of action into controlled operations of the ing. At present, most attacks against autonomous vehicles are
vehicle. In general, vehicle control consists of lateral con- related to sensors. Common attacks carried out against sen-
trol and longitudinal control [40]. Lateral control refers to the sors inject misinformation or try to degrade the performance
adjustment of the steering wheel and the tires’ lateral force. of the sensors by any means possible. As different sensors
Longitudinal control refers to the acceleration and braking of possess different operating principles, various types of attacks
the vehicle. are used [26].
In practice, the most common demands for control of an
autonomous vehicle are acceleration, steering, and braking.
The input of the control module is a series of path points. The
role of the control module is to make the vehicle move along A. Camera
these path points to the greatest extent possible. A good control 1) Role in Autonomous Driving: As computer vision assists
module should possess three features: 1) accuracy; 2) feasi- autonomous vehicles to complete many perception tasks, the
bility; and 3) stability. Feedback control is widely used in camera is the most basic vision sensor, and is indispensable for
the field of automation control. The most typical feedback autonomous driving [46]. Cameras used by autonomous vehi-
controller is the proportional–integral–derivative (PID) con- cles are mainly divided into three categories: 1) monocular
troller [41]. As a linear controller, ordinary PID controllers cameras; 2) binocular cameras; and 3) multinocular cameras.
are widely used in industrial processes due to their simplicity. The monocular camera is widely used in ADASs. However,
However, the application of a PID controller to autonomous there is a drawback to the use of a monocular camera. For a
vehicles faces the following challenge: the algorithms of a monocular camera with fixed resolution, a farther scene cor-
PID controller need to determine specific hyperparameters responds to a larger view, but it will be less clear. In contrast,
and their values [42]. For autonomous driving, the uncer- a closer scene appears more clear. Although the binocular
tainty of the external environment and the nonholonomic camera addresses the above problem of monocular camera,
constraints of a vehicle make it difficult to find the appropriate monocular cameras are used more than binocular cameras
hyperparameters and their corresponding optimal values. in autonomous driving at present. The main reasons are the
5) Computing System: As the computing resources avail- expensive computational overhead of binocular camera algo-
able to the onboard computing units are limited, it is difficult rithms and the shortage of space in an autonomous vehicle for
to deploy a large number of computation-intensive services on such equipment.
the vehicle. Edge computing is an effective way to address 2) Attacks and Countermeasures: In general, autonomous
this problem. Zhang et al. [43] proposed a vehicular data vehicles of Level 3/4 require the cooperation of multiple
analysis platform called OpenVDAP. The platform includes cameras for the perception of the surrounding environment,
four main parts: 1) an onboard heterogeneous vehicle comput- including pedestrians, lane lines, traffic signs, other vehicles,
ing/communication unit (VCU); 2) an isolation-supported and etc. In the task of traffic light recognition, if cameras capture
security/privacy-aware vehicle operating system (EdgeOSV); a red light or a pedestrian, the vehicle should slow down or
3) a driving data integrator (DDI); and 4) an edge-aware stop to avoid an accident. Hackers can place extra traffic lights
application library (LibvDAP). This platform is deployed on or fake pedestrians to trigger a stop of the vehicle. In addi-
the autonomous vehicle to perform the calculations for the tion, a highlighted IR laser can also interfere with cameras,
onboard applications. The service quality of the onboard appli- preventing the generation of effective images [47]. Attacks
cations and user experience is improved. Liu et al. [44] against camera and underlying computer vision algorithms of
summarized the most advanced autonomous driving comput- autonomous vehicles are common [47], [48].
ing systems. There are seven performance indicators, nine key Zhang et al. [49] proposed a framework based on three cam-
technologies, and 12 challenges. eras to detect attacks against cameras. This framework uses

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7577

the information captured by the cameras to obtain different (LSTM) model. The distance between two consecutive loca-
versions of depth maps (i.e., disparity). tions of an autonomous vehicle is predicted by the LSTM
Cao et al. [50] pointed out that all prior studies on model. Experiments were conducted with a real-world driving
autonomous driving systems only focused on camera or dataset called Comma2k19 [63].
LiDAR-based autonomous driving perception alone. The Mit et al. [64] analyzed Tesla’s Level 2 autonomous driving
authors studied the security of multisensor fusion (MSF)-based system under different GNSS spoofing scenarios. To examine
perception in autonomous driving. A novel attack pipeline was various multiconstellation mitigation, GPS was spoofed and
developed to attack all fusion sources simultaneously. other constellations were jammed.
DiPalma et al. [51] developed an adversarial patch attack Dasgupta et al. [65] developed a deep reinforcement learn-
against camera-based obstacle detection. The adversarial patch ing (RL)-based turn-by-turn GNSS spoofing attack detection
with appropriate size and appearance is added to the back of using low-cost in-vehicle sensor data. The experiments were
a box truck. The experiments of the attack were conducted carried out with the Honda Research Institute Driving Data
against an Apollo autonomous vehicle running in production- set [66].
grade autonomous driving simulator LGSVL [52]. Broumandan and Lachapelle [67] proposed a spoofing
Kyrkou et al. [53] pointed out that advanced artificial detection model based on consistency check between GNSS
intelligence and machine learning techniques play an vital and IMU/odometer package. This model focuses on the uti-
role in proactive defense against attacks on autonomous lization of inertial measurement units and vehicle odometer
vehicles’ cameras. The authors developed a project called readings.
CARAMEL [54]. This project shows the use of AI/ML-based Song et al. [68] developed a credible navigation algorithm
techniques in detection and possibly mitigation of dynamic for GNSS attack detection using an auxiliary sensor system. A
cyber attacks on the camera system/data in autonomous driv- credible Kalman filter and measurement information given by
ing. Both external attacks on camera sensor and direct attacks the auxiliary sensor system are used to verify the credibility
on camera sensor data were analyzed. Experiments were of the GNSS positioning result.
carried out on CARLA [55].

C. Ultrasonic Sensor
B. GNSS/IMU 1) Role in Autonomous Driving: Ultrasonic sensors were
1) Role in Autonomous Driving: GNSS/IMU is a real-time first introduced into vehicles for automated parking assistance
localization method in autonomous driving [56]. As a highly systems [69]. An ultrasonic sensor emits an ultrasonic signal
accurate localization method, GNSS-RTK is able to achieve in a certain direction through ultrasonic transmitting devices.
centimeter-level position accuracy under dynamic measure- A timer starts at the moment the signal is transmitted. The
ment. Here, RTK stands for real-time kinematics. However, emitted ultrasonic signal is reflected back when it encounters
the frequency of location update is low, and the satellite sig- obstacles during the transmission. When the reflected signal is
nal can be easily blocked [57]. IMUs and odometers are used received by the corresponding receiver, the timer stops. Based
to accumulate displacement and direction variations for the on the recorded time interval, the distance between the vehicle
purpose of compensation during the period between two con- and the obstacle can be calculated.
secutive positionings of the GNSS-RTK. Although the update 2) Attacks and Countermeasures: Attacks threatening ultra-
frequency is high for the IMU and odometer, there are accu- sonic sensors mainly include spoofing attacks and jamming
mulated errors. Through the combination of GNSS and IMU, attacks.
we can achieve real-time localization with low delay, high Xu et al. [33] developed random spoofing, adaptive spoof-
precision, and high frequency. ing, and jamming attacks on ultrasonic sensors and validated
2) Attacks and Countermeasures: When a high-powered these attacks on stand-alone sensors and moving vehicles.
fake GPS signal transmitter is placed near an autonomous Yan et al. [70] conducted an actual experiment with a spoof-
vehicle, the genuine GPS signal might be covered up. Thus, ing attack in which an ultrasonic signal generated by hackers
the localization of the autonomous vehicle is misled [58]. was introduced ([70, Sec. 5]). The generated signal is designed
By combining two simple attack methods, GNSS signal jam- to reach the receiver of the vehicle earlier than the genuine
ming and spoofing, GNSS/IMU localization can be easily signal expected to be reflected back.
compromised [59]. Lim et al. [71] conducted an in-depth evaluation of vulner-
Magiera and Katulski [60] proposed a spoofing detection abilities of ultrasonic sensor for autonomous vehicles. Several
method using phase delay measurement. This method uses experimental attacks against ultrasonic sensor are launched.
multiple antennas to receive GPS signals of different qualities. Lou et al. [72] thoroughly studied the signal injection attacks
Then, the accuracy and precision of the phase delay estimation and proposed a physical-layer defense system (SoundFence) to
are assessed. secure ultrasonic sensors in autonomous vehicles.
In order to eliminate spoofing signals, Han et al. [61] con-
structed the subspace projection of the spoofing signals using
the pseudocode characteristics of spoofing signals. D. Millimeter-Wave Radar
Dasgupta et al. [62] proposed a prediction-based spoof- 1) Role in Autonomous Driving: Millimeter wave gener-
ing attack detection scheme with the long short-term memory ally refers to an electromagnetic wave with a wavelength

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7578 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

of 1–10 mm. In most countries, vehicle-mounted millimeter- Shin et al. [78] used a delay component to delay the LiDAR
wave radar operates in the frequency bands of 24 and signals returned from a target vehicle. The delayed signals are
77 GHz [73]. In addition, a few countries have adopted the emitted to the target vehicle by a malicious transmitter.
frequency band of 60 GHz (e.g., Japan). Millimeter wave is Cao et al. [79] showed two types of attacks: 1) an attack
able to work in rainy, foggy, and snowy weather conditions device placed at the roadside emits malicious laser pulses at
due to its strong penetrating ability. passing autonomous vehicles and 2) an attack device carried
2) Attacks and Countermeasures: If a hacker obtains the by a vehicle emits malicious laser pulses at nearby victim
waveform parameters of a millimeter wave, a millimeter- vehicles.
wave radar at the same frequency band may be jammed [33]. Petit et al. [47] used two transceivers to relay LiDAR sig-
Moreover, millimeter wave may also be subject to electromag- nals from the target vehicle to another vehicle at a different
netic interference. location.
Yan et al. [70] conducted security experiments on the radar Sun et al. [80] proposed CARLO to mitigate spoofing
and autopilot system in Tesla Model S ([70, Sec. 6]). The attacks on LiDAR. CARLO uses ignored occlusion patterns
experimental results showed that millimeter-wave radar of an in the LiDAR point clouds as invariant physical features.
autonomous vehicle suffers from electromagnetic jamming and Changalvala and Malik [81] developed a 3-D quantization
spoofing. The authors also proposed that randomness should index modulation (QIM) data hiding technique for the pur-
be introduced into control parameters, taking logic check, con- pose of securing the raw data from the LiDAR sensor. The
fidence priority, and attack detection system into consideration experiments conducted on the KITTI object detection bench-
when designing a sensor data fusion strategy. mark suite [82] showed that the proposed method was able to
Kapoor et al. [74] proposed a spatiotemporal challenge– detect and localize insider data tampering attacks.
response (STCR) method. This method emits probing signals Yang et al. [83] proposed an adversarial attack against deep
in multiple randomly selected directions at the same time. learning models, which perform object detection on raw 3-D
Then, the reflected signals are verified according to their points collected by a LiDAR sensor of an autonomous vehicle.
directions of emission and arrival. You et al. [84] developed a general methodology called 3-D
Digital radio-frequency memory (DRFM) [75] is a kind of temporal consistency check (3D-TC2). It takes advantage of
microwave signal storage system, which is characterized by spatiotemporal information from motion prediction to verify
using a digital form to store the signals. objects detected by 3-D object detectors.
Guan et al. [76] proposed an anti-jamming method based
on hash functions. The experimental results showed that
the method is significantly effective in suppressing the echo F. Multisensor Cross-Validation
interference. When observations from several different sensors are com-
Sun et al. [77] conducted an end-to-end security analysis of bined, there is a robust and comprehensive perception model
a millimeter-wave-based sensing system in autonomous vehi- for autonomous vehicles. In general, for the above five
cles. Practical physical layer attacks and defense strategies types of sensor, it is easy to attack an individual sensor.
were implemented. Five real-world attack scenarios were However, attacking all the sensors of an autonomous vehicle at
constructed to spoof a victim autonomous vehicle. the same time becomes more difficult. Currently, production
autonomous driving systems predominantly adopt an MSF-
based design, which, in principle, can be more robust against
E. LiDAR attacks under the assumption that not all fusion sources are (or
1) Role in Autonomous Driving: LiDAR is currently the can be) attacked at the same time [50]. Thus, it is expected
most important sensor for autonomous driving. The operating that MSF technologies can effectively mitigate sensor attacks
principle of LiDAR is to emit a laser beam and receive sig- on autonomous vehicles. When the information coming from
nals reflected back from a target. Several pieces of information different sources is inconsistent, the vehicle might be under
related to the target can be obtained by comparing the outgo- attack. For example, when GNSS/IMU and LiDAR yield dif-
ing and incoming signals, such as distance, azimuth, altitude, ferent positioning results, at least one of the two systems
and even shape. LiDAR generates HD maps by capturing might have been attacked. Besides, if a sensor system of an
dense 3-D point cloud data from stationary and moving objects autonomous vehicle believes there is a traffic light, but HD
around itself. The advantages of LiDAR lie in its long detec- Map indicates there is no traffic light at the same position,
tion range and accurate describing ability for 3-D information then in most cases the sensors of the vehicle are likely to
of objects. have been attacked.
2) Attacks and Countermeasures: Like the above-
mentioned four sensors, LiDAR can also be easily interfered
with. The main ways to attack LiDAR are the spoofing attack G. Sensor Failure
and the relay attack. A spoofing attack refers to injecting Onboard vehicle sensors may fail due to bad calibration,
signals into the LiDAR receivers of the target vehicles, while erroneous readings, physical or electrical failure, etc. Besides
the relay attack refers to using a transmitter and receiver being caused by attacks, abnormal sensor readings may also be
to inject and receive the signals of the target vehicles, caused by failure. However, there is no standard or universally
respectively. agreed definition for sensor failure [85].

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7579

Realpe et al. [86] proposed a system called the fault- IV. O PERATING S YSTEM S ECURITY
tolerant perception paradigm for fault detection of sensors in An autonomous driving system integrates multiple soft-
autonomous vehicles. The system deals with possible sensor ware modules, such as localization, perception, planning, and
failure by defining a federated data fusion architecture. control. These modules need to meet certain real-time require-
Pous et al. [87] used analytical redundancy and a nonlinear ments. Therefore, autonomous driving requires an operating
transformation to generate residual signals for the detection of system to manage these modules. The operating system mainly
faulty sensors. The method uses statistical tools to optimally provides the functions of communication and resource alloca-
determine a threshold based on the characteristics of the signal, tion among the modules. Next, we discuss the security of the
prior probabilities, and other information. operating system. The sensors of an autonomous vehicle con-
Byun et al. [88] proposed a fault diagnosis logic and signal tinuously generate data during their operation. The processing
restoration algorithm. The premise of this method is that only of data generated by each sensor imposes strong real-time
one sensor fails at any given time. requirements on the operating system. Due to the strong
connections among the modules in the autonomous driv-
ing system, effective communication and resource allocation
H. Actual Sensor Failure Versus Attacks
among the modules become challenging.
Both actual sensor failure and attacks might lead to wrong
decisions in autonomous driving. Moreover, certain attacks are A. Early Mobile Robot Operating Systems
designed in an oversimplified and crude way. They simply aim
Before autonomous driving, there were mainly three popular
to cause sensor failure. However, actual sensor failure and
mobile robot operating systems.
attacks against sensors are different.
1) Miro: Miro is an object-oriented robot middleware.
In most cases, attacks against sensors tend to proceed
Technically, Miro implements an object-oriented design by
stealthily. The tampering of sensor data is often mild and not
adopting the common object request broker architecture
obvious. The tampered sensor data just seems like the normal
(CORBA) standard [91].
data. Besides, the expected attack effect is to fool the high-
2) URBI: URBI is a universal robotic body interface based
level algorithms by tampering the sensor data. On the contrary,
on a client/server architecture [92]. URBI does not provide a
actual sensor failure often results in obvious changes of sen-
graphical programming interface.
sor data, such as no readings for a significant time period,
3) OpenRDK: OpenRDK is a modular management frame-
extremely high or low readings. For an MSF system such as
work for designing distributed robot systems [93]. OpenRDK
the autonomous driving system, actual sensor failure can be
is implemented with C++.
easily noticed by multisensor cross-validation. In this case,
These three operating systems mainly provide a software
safety measures can be taken timely. Thus, security and safety
component management framework for mobile robots. Since
issues are likely to be prevented. On the contrary, as attacks are
these operating systems lack software libraries and visual
hard to be detected, both capacity-constrained artificial intelli-
debugging tools, they are not suitable for autonomous vehi-
gence packages equipped with autonomous driving system and
cles. In fact, they are not used by any autonomous vehicles.
a negligent human driver will not be aware of an attack until
Initially, the operating system of most autonomous vehicles
serious incidents happen (e.g., a traffic accident). To the best of
was basically developed based on ROS.
our knowledge, there is no literature concerning distinguishing
between actual sensor failure and attacks. Researchers tend to
B. ROS
study methodologies and techniques to discover and defense
attacks. Actual sensor failure is left as hardware problems. ROS is a powerful and flexible robot programming frame-
Though actual sensor failure also leads to abnormal sensor work. It is a distributed multiprocessing framework based on
data, it is often neglected by researchers. The effect of actual messaging. Many key components of autonomous driving are
sensor failure is just treated equally as that of attacks. Thereby, implemented on ROS, such as quaternion-based coordinate
researchers just try to mitigate the consequences of both actual transformation [94], a robotic 3-D mapping framework [95],
sensor failure and attacks, such as [89] and [90]. and the positioning algorithm SLAM [96]. The message mech-
anism of ROS enables a modular design based on software
functions. Each module is able to read and distribute messages.
I. Drawbacks of Existing Protection Methods
At present, the research on sensor attacks on autonomous C. Security of ROS
vehicle is still at an early stage. The methods of protection Attacks on sensors are external attacks that do not require
against sensor attacks mainly focus on a single type of sensor. access to the autonomous vehicle’s operating system. Internal
Little attention has been paid to detection methods for the attacks involve hacking into the autonomous vehicle’s oper-
cases of multiple types of sensor being attacked. On the whole, ating system. The autonomous vehicle’s operating systems
there is no systematic theory or architecture for the detec- implemented based on ROS have a common security issue:
tion of and defense against attacks. In addition, most existing ROS does not provides authentication for messaging and node
protection methods focus on the detection of attacks. For an creation [97]. There are mainly two types of attack [4]: 1) a
identified attack, there are no recovery methods for sensor hijacked ROS node is able to continuously generate and dis-
data, which are able to work in an intrusion-tolerant manner. tribute messages. This kind of malicious behavior might make

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7580 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

the system run out of memory (OOM). Then, the autonomous 2) Access Control Service Plugin: This defines and
vehicle’s operating system would start to close ROS node enforces restrictions on the DDS-related capabilities of
processes. This would result in a crash of the operating system a domain participant.
and 2) messages sent by a hijacked topic or service of ROS 3) Cryptographic Service Plugin: This handles all
may be tampered with or forged, thus leading to abnormal cryptography-related operations, including encryption,
behavior of the operating system. decryption, hashing, signature, etc.
The first attack is rooted in the fact that ROS has no isola- 4) Logging Service Plugin: This provides for the auditing
tion mechanism; thus, an ROS node is able to access system of DDS security-related events.
resources without any restriction. The source of the second 5) Data Tagging Service Plugin: This tags specific DDS
attack resides in the fact that the messaging among nodes is security-related actions performed by the users, provid-
not encrypted; thus, attackers are able to obtain the message ing the ability to add tags to data samples.
content readily [98]. Unlike Apollo, Autoware [108] is currently developed based
SROS [99] is a set of security enhancements for ROS. on ROS2 [109]. ROS2 has made significant improvements
There are transport layer security (TLS) support for commu- to the original ROS framework. It uses an advanced dis-
nication within ROS, the use of x.509 certificate permitting tributed architecture, rather than the original master–slave
chains of trust, definable namespace globbing for ROS node structure. ROS2 adopts DDS as its messaging model. The DDS
restrictions and permitted roles, covenant user-space tooling security extensions are used to protect the data during trans-
for the autogeneration of node key pairs, audit ROS networks, mission [110]. The adoption of DDS improves the reliability
and construct/train access control policies. Zhang et al. [100] and real-time performance of multirobot collaboration.
proposed an access control framework named AC4AV for DDS is an industry standard implemented by many com-
autonomous driving vehicles. Different access control mod- panies, such as RTI implementation Connext [111], eProsima
els are developed to protect in-vehicle data in real-time data implementation Fast DDS [112], and ADLINK implementa-
and historical data. tion DDS [113]. There are many aspects to consider when
Apollo 3.5 and later versions replace the original ROS choosing a DDS implementation, such as protocol legality
middleware and use the Apollo Cyber role-based trust (RT) and whether it is cross-platform. In order to prevent ROS2
middleware instead [101]. Unlike ROS, there is no master from depending on a specific DDS program, ROS2 sup-
node in Cyber RT. The entire network topology of Cyber ports multiple implementations. Morita and Matsubara [114]
RT is divided into different domains. When a new node proposed a dynamic binding mechanism, which is able to
joins the network, it sends broadcast messages to other nodes choose an appropriate DDS implementation.
in the domain with a real-time publish subscribe (RTPS) Compared with ROS, ROS2 is enhanced in the following
protocol [102]. three aspects [115].
Xu et al. [103] deployed a data-driven prediction archi- 1) Real Time: DDS has a variety of transport configura-
tecture for autonomous driving on the Apollo platform. The tions, such as deadline, fault tolerance, and reliability. It
architecture enables rapid and efficient deployment of Apollo’s brings real-time support to ROS2.
prediction technologies across different regions. 2) Continuity: Although ROS has the concept of a data
queue, it still has great limitations. For instance, sub-
scribers cannot receive data before joining the network.
D. Security Enhancement of ROS2 But DDS can provide data history service for ROS.
A DDS [104] was first applied in the U.S. Navy to Even a newly added node can obtain all the previously
handle the compatibility problem of a large number of soft- released data.
ware upgrades in the complex network environment of its 3) Reliability: Based on the DDS reliability config-
ships [105]. It has become a standard solution for data pub- uration, users can choose the performance mode
lish/subscribe in distributed real-time systems. An autonomous (BEST_EFFORT) or the stable mode (RELIABLE)
vehicle’s operating system needs to establish a universal, according to their demands.
high speed, and efficient DDS framework across multiple At present, the security of ROS2 is highly dependent
cores, multiple CPUs, and multiple boards. DDS is able on the security of DDS [106]. The implementation of
to ensure a real-time, efficient, and flexible distribution of ROS2 only employs the first three SPIS of DDS mentioned
data and meets the needs of various distributed real-time above.
communication applications. The security standard for DDS 1) Builtin Authentication Plugin (Called “DDS: Auth: PKI-
implements three-way handshakes, which contains three mes- DH”): This plugin uses a verified PKI. It requires each
sages: 1) HandshakeRequest; 2) HandshakeReply; and 3) participant to have a public key, a private key, and an
HandshakeFinal [106]. x.509 certificate.
The DDS security specification defines five service plugin 2) Builtin Access Control Plugin (Called “DDS: Access:
interfaces (SPIS) to increase security [107]. Permission”): This plugin also uses a PKI. It requires
1) Authentication Service Plugin: This is central to the two signed XML documents per domain participant: a) a
entire SPI architecture. It provides methods to verify the governance file and b) a permissions file.
identity of an application or user that invokes operations 3) Builtin Cryptographic Plugin (Called “DDS:
on DDS. Crypto:AES-GCM-GMAC”): It provides authenticated

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7581

B. Vulnerabilities of CAN and Attack Methods


Currently, as the CAN bus has no authentication or access
control, it is easily hijacked by hackers [121]. There have been
many car network attacks against the CAN bus. Miller and
Valasek [122] used system vulnerabilities to remotely control
a Jeep’s multimedia system. Then, they attacked the V850
controller and modified its firmware to obtain permission to
remotely send commands to the CAN bus for the purpose of
controlling the power system and braking system. This issue
caused a recall of 1.4 million vehicles. Greenberg [123] also
attacked a Jeep’s CAN bus and successfully controlled the
steering, braking, acceleration, etc.
Fig. 4. CAN bus network.
Generally speaking, it is difficult to get into the CAN
encryption using advanced encryption standard (AES) bus itself. However, the entertainment system and the
in Galois counter mode (GCM), namely, AES-GCM. OBD-II port of the maintenance system are connected to
The main reason why ROS2 uses built-in plugins instead of the CAN bus. These connections expose possible attack
other plugins is to allow all compatible DDS implementations paths to the CAN bus. Five popular attack paths are as
to be interoperable with ROS2. Thus, the security features of follows.
ROS2 are able to work with all vendors with minimal effort. 1) OBD-II Invasion: OBD-II improves OBD in terms of
diagnostic functions and standardization. The OBD-II port is
E. Drawbacks of ROS2 mainly used to access vehicle status. During vehicle main-
tenance, technicians use the detection software (e.g., Ford’s
ROS2 lacks certain vital mechanisms. Here, are two exam- NGS, Nissan’s Consult II, and Toyota’s Diagnostic Tester)
ples: 1) secure OTA update [116]: this establishes a connection developed by vehicle vendors to manipulate the OBD-II port
between a background server of the vehicle manufacturer and and examine the vehicle. Since the OBD-II port is connected
an autonomous vehicle by WiFi. Update packages are down- to the CAN bus, hackers who have access to the detection
loaded from a server to update the local software of the software can easily intercept information on the CAN bus and
vehicle. If the OTA is compromised by hackers, the secu- control the vehicle [124].
rity of autonomous vehicles will be affected and 2) secure
2) Invasion of Chargers for Electric Vehicles: Charging
key exchange [117]: current solutions for a communication
equipment is an essential component of an electric vehicle.
channel for key exchange between remote listeners and talk-
The charging equipment also connects to the CAN bus. As
ers are not sufficiently secure. Thus, they are vulnerable to
the charging equipment of an electric vehicle communicates
key interception attacks.
with an external charging pile, hackers have the opportunity
to invade the CAN bus from the external charging pile [125].
V. C ONTROL S YSTEM S ECURITY
3) CD Player Invasion: In general, a media player is con-
Various mechanical components and digital devices in nected to the CAN bus. Hackers can encode attack codes into
autonomous vehicles are controlled by ECUs. The commu- a music CD. When the CD is played, the malicious codes
nication among different ECUs in a vehicle is conducted by a invade the CAN bus from the CD player. Hence, the hackers
digital bus. are able to control the CAN bus [20].
4) TPMS Invasion: TPMS stands for the tire pressure mon-
A. CAN itoring system. For the attack path, hackers inject attack codes
CAN is the main bus protocol of the in-car electronic into the TPMS. When the TPMS detects a specific value of
network [118]. It has the advantages of stability and reliabil- tire pressure, the malicious codes are activated to attack the
ity, strong real-time performance, strong anti-jamming ability, vehicle [126].
and long transmission distance. A CAN bus adopts differential 5) Bluetooth Invasion: Autonomous vehicles support
signal transmission. In general, its normal communication only Bluetooth connections to other electronic devices (e.g.,
needs two signal lines: 1) CAN-H and 2) CAN-L. The two smartphones, personal digital assistants, and laptops).
possess opposed characteristics to avoid external electromag- Malicious programs on smartphones are able to communicate
netic interference and radiation [119]. In a CAN, a node can with the CAN bus by the Bluetooth connection [127].
initiate communication to other nodes at any time. There is As the CAN bus lacks authentication, a CAN frame only
no master–slave relationship between the nodes. However, the indicates its destination. There is no information of the source
right to use the bus is in accordance with node priorities. An of the message. As a result, malicious information can be
autonomous vehicle often adds several telematics nodes in the regarded as valid information as long as the message for-
CAN bus network [120]. As shown in Fig. 4, these nodes are mat is correct. Based on this issue, the security protection
connected to the CAN bus in order to facilitate remote control, methods for CAN bus fall into two categories: 1) those based
remote upgrade, and other functions. Hackers can hack into the on encryption/authentication and 2) those based on intrusion
CAN bus network through the onboard diagnostics (OBD) port. detection.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7582 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

C. Protection Methods for CAN Bus Kang and Kang [138] studied an intrusion detection system
1) Methods Based on Encryption/Authentication: These using a deep neural network (DNN). The system employs
methods mainly conduct authentication for messages and probability-based feature vectors extracted from messages in a
ECUs or encrypt messages to ensure the security of the vehicle-mounted network to train the parameters of the DNN.
CAN bus. As the CAN bus lacks encryption schemes and Markovitz and Wool [139] developed a greedy algorithm
the frame size is small, this kind of method often requires to split messages into different fields. Then, a semantically
adding hardware to the ECUs or upgrading the existing aware anomaly detection system is built based on the field
firmware. classification.
Groll and Ruland [128] employed a key distribution cen-
ter in the vehicle network to divide the vehicle network into
different areas. Different keys are assigned to these areas for D. CAN FD
communication. CAN FD was initially introduced as a specification [140] of
To prevent attackers from sniffing and tampering with the BOSCH [141] in 2012. Then, it was formally presented in [142].
ECU codes, Yu et al. [129] used a Markov decision process CAN FD is able to perform standard CAN communication.
to model the interaction between the attacker and the system It shares the physical layer with the CAN as defined in the
and encrypted the storage system of the onboard ECU. BOSCH CAN specification [143]. CAN FD can be considered
Murvay and Groza [130] implemented a method for iden- as a protocol, which provides efficient distributed real-time
tifying the sources of the messages, based on an analysis of control with a high level of security. Safe data transfer, cogent
the frames on the bus. error detection, signaling, and self-checking are implemented
Wang and Sawhney [131] proposed a framework named in the CAN FD node. Though CAN FD is considered to be
Vecure to protect the CAN bus of vehicles. This framework the next-generation in-vehicle network protocol, it has some
uses the structure of a trust group to strengthen access control security vulnerabilities suffered by CAN [144]. When a CAN
and prevent false messages from entering the CAN bus network. data frame is broadcasted, the confidentiality and authentication
Woo et al. [132] sent attack messages to the CAN bus network are not guaranteed. CAN FD is also vulnerable to the above
remotely through Bluetooth and OBD-II. For this attack, they problem and suffers from eavesdropping and replay attacks.
presented a lightweight message encryption method based on Woo et al. [144] proposed a seven-phase security archi-
the advanced encryption standard-128 (AES-128) algorithm. tecture for in-vehicle CAN FD. Based on the analysis
2) Methods Based on Intrusion Detection: Methods based on of attack models, the proposed architecture contains long-
intrusion detection focus on establishing a detection model by term symmetric key exchange, authenticated key exchange,
analyzing the time series, frequency, and other characteristics of encryption/authentication of CAN FD data frames, etc.
the messages. This kind of method introduces less overhead than Xie et al. [145] pointed out that CAN FD lacks a
using encryption and authentication. However, these methods security authentication mechanism and is vulnerable to mas-
require a more comprehensive understanding of a vehicle’s CAN querade attacks. The authors developed a two-stage security
protocols. In addition, the false alarm rate of these methods is enhancement for real-time parallel in-vehicle applications.
higher than that of the other kind. Xie et al. [146] proposed a security-aware obfuscated priority
Ning et al. [119] used a local outlier factor (LOF) to identify assignment approach for CAN FD messages.
attacks and detect intrusions in automotive networks. Data Xie et al. [147] developed a security enhancement method
packets transmitted by different ECUs on the CAN bus produce for independent in-vehicle CAN FD messages. The proposed
distinct voltage waveforms. method is able to dynamically adjust the MAC size of an
Song et al. [133] proposed a lightweight intrusion detection independent message.
algorithm for a CAN bus based on an analysis of the time Yu and Wang [148] pointed out that unauthorized devices
intervals of the CAN messages. This proposal is rooted in the are able to access CAN FD by embedding external intruding
periodicity of the CAN messages. devices to in-vehicle networks.
Taylor et al. [134] proposed an anomaly detection method Xie et al. [149] proposed an AUTOSAR-compliant system
based on the statistics of the traffic in the vehicle network. This model, which considers both time and security constraint.
method is able to detect injection attacks aimed at messages. Here, AUTOSAR stands for automotive open system archi-
However, it cannot detect attacks aimed at aperiodic messages. tecture [150]. The model is defined as the basis for the design
Cho and Shin [135] proposed a clock-based intrusion space exploration (DSE) method of CAN FD.
detection system, which analyzes the clock offsets of the Xiao et al. [151] pointed out that a key security mech-
vehicle-mounted message timestamps to detect various attack anism message authentication between ECUs for countering
scenarios. message spoofing and replay attack is crucial to the AUTOSAR-
Marchetti and Stabili [136] constructed multiple models of compliant system proposed in [149]. As the session key
normal ID sequences of the collected messages based on the establishment with AUTOSAR compliance was not well
transition matrix group. addressed, the authors developed an AUTOSAR-compliant key
Taylor et al. [137] proposed a learning model based on an management architecture.
LSTM network to detect message sequences in the CAN bus. Agrawal et al. [152] developed a security architecture for the
The learning model predicts the next data word from each communication between ECUs on different channels through
sender on the bus. gateway ECU (GECU).

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7583

E. Drawbacks of Existing Protection Methods


1) CAN: Most methods based on encryption/authentication
require an update of the current CAN hardware. Moreover,
these algorithms introduce extra computation into the CAN
bus. This may affect the real-time performance of the CAN
bus. Most existing methods based on intrusion detection can
only be applied to a limited number of intrusion scenarios.
Moreover, the actual performance of these methods is still
unsatisfactory in terms of the false positive rate. In summary,
both these types of protection methods contain complicated
algorithms and introduce significant computational costs. Thus,
the real-time requirements of a CAN bus are hardly met.
2) CAN FD: Though CAN FD is superior to CAN in terms
of data payload size and bandwidth consumption, security
is not well addressed for CAN FD. All attacks, which are
possible to CAN, are also applicable for CAN FD [152].
With the increasing number of external intruding devices,
the real-time performance of security enhancement built on
topology construction/optimization is compromised. Moreover,
popular security measures for CAN FD are based on encryp-
tion/authentication and intrusion detection methods, as well Fig. 5. V2X communication network.
as for CAN. The design and implementation of these tech-
niques are seriously confined by the real-time requirements for as navigation, remote monitoring, emergency assistance, and
autonomous driving systems. in-car entertainment.

VI. V2X C OMMUNICATION S ECURITY B. V2X Communication Attacks and Solutions


When an autonomous vehicle is on the road, it becomes part Hasrouny et al. [153] presented a classification of attacks
of the IoV. V2X is a catch-all term for the communication on V2X based on the compromised services. The attacks
mechanisms of the IoV. As mentioned in Section I, these are classified into four groups: 1) authenticity/identification;
mechanisms usually include V2V, V2I, V2P, and V2N. A 2) availability; 3) data integrity; and 4) confidentiality. Here,
vehicle can obtain a series of traffic information (e.g., real-time we conduct an in-depth study based on this classification and
traffic status, pedestrians, and status of surrounding vehicles) review several notable publications. Representative studies of
with V2X. Protecting the security of V2X communication is an these four categories are summarized in Table I.
important domain of autonomous driving. In this section, we 1) Authenticity/IdentificationAttacksandCountermeasures:
discuss the potential security risks of V2X and corresponding 1) Sybil Attack: In a vehicular ad hoc network (VANET),
solutions. a vehicle joining the network becomes a wireless node.
Since a node may join and leave a VANET freely, data
are backed up among multiple nodes to enhance its
A. V2X Communication availability to the network. An attacker may use a single
The four kinds of communication in the V2X are shown malicious node to masquerade multiple identities, data
in Fig. 5: V2V, V2I, V2P, and V2N. In V2V, the most com- being backed up in the same malicious node. Similarly,
mon application scenarios are urban streets and highways, malicious messages can be propagated to other nodes
where vehicles send data to each other for information shar- by the same malicious node with multiple identities.
ing. This information includes the vehicle’s speed, direction For example, an attacker may propagate a fake traffic
of motion, acceleration, braking, relative position, steering, scene to several nodes. When another normal node in the
etc. By predicting the driving behavior of other vehicles, a network receives the fake traffic scene from those nodes,
vehicle is able to take safety measures in advance. In V2I, the normal node may modify its driving route. This may
vehicle-mounted devices communicate with the infrastructure lead to a traffic accident [189]. Park et al. [154] proposed a
point roadside units (RSUs). The RSUs obtain information detection method based on timestamp series. The method
about nearby vehicles and publish real-time information on does not need a special vehicular PKI to authenticate a
Internet portals. In V2P, vehicles identify the behavior of nearby vehicle. Li et al. [155] introduced a public-key encryption
pedestrians with multiple sensors. When necessary, warnings model of pseudonym generation. This scheme allows a
can be issued with lights and the horn. It is expected that legitimate third party to obtain the real ID of a vehicle
pedestrians will then become aware of the potential danger. In for identity authentication. Yao et al. [156] proposed a
V2N, vehicle-mounted devices communicate with cloud servers method for detecting Sybil attacks based on vehicular
to exchange information. The cloud stores and analyzes the voiceprints. Received signal strength indicator (RSSI)
uploaded data to provide various services to the vehicles, such time series are used as vehicle-mounted speech to measure

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7584 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

TABLE I
ATTACKS ON V2X

the similarity of the received series. Feng et al. [157] Arsalan and Rehman [163] proposed a protocol timing
proposed an event-based reputation system (EBRS) to attack prevention (TAP) method based on a software-
detect a Sybil attack on a VANET. defined network (SDN) [195], referred to as data
2) Key or Certificate Replication Attack: An attacker sniffers networking (NDN) [196], to address the problem of the
the network to obtain a certificate/key. The obtained cre- timing attack on a VANET.
dentials are then sent to an authentication server to declare 2) Availability Attacks and Countermeasures:
a legal identity [190]. Azees et al. [191] proposed an effi- 1) Denial of Service (DoS) Attack: A DoS attack aims to
cient anonymous authentication scheme with conditional exhaust the resources of a VANET by sending a large
privacy preserving (EAAP) to deal with key or certifi- number of useless requests. In this case, normal requests
cate replication attacks on a VANET. Oulhaci et al. [159] from valid users cannot get served. This type of attack
proposed a distributed vehicle authentication architecture can be launched by malicious nodes inside or outside
based on public keys. the network. When the network is filled with artificial
3) GNSS Spoofing Attack: In a VANET, accurate and reli- malicious information, legitimate network nodes [e.g.,
able location information is crucial to the operation of onboard units (OBUs) and RSUs] are unable to work nor-
the whole network. An interference system designed mally due to the scarcity of resources [197]. An enhanced
by hackers generates false navigation signals, which version of the DoS attack is the distributed DoS (DDoS)
mislead the GNSS navigation of a vehicle. As the attack. An attacker can control a large number of victim
planning of autonomous vehicles is highly dependent nodes to perform many DoS attacks on a VANET. These
on the sensor data, this attack is quite serious for an victim nodes are called zombie nodes. There are two
autonomous vehicle [192]. Curran and Broumendan [160] scenarios for the DDoS attack on a VANET [168]: a)
proposed a method, which uses uncalibrated low-cost DDoS in V2V communication: Zombie nodes send mes-
IMUs to detect GNSS spoofing attacks. However, a sage requests to a victim vehicle from different locations
subsequent study [193] showed that ultrasonic pulses and time slots. For different types of nodes, the attacker
can stimulate certain microelectro mechanical systems can change the time slots and the content of the mes-
(MEMS) sensors. This may cause IMUs to generate false sage requests. The attacker aims to overload the victim
measurements. Wang et al. [161] proposed a method vehicle and bring down the network. As a result, the
based on edge computing to reconstruct unavailable victim cannot access network resources and b) DDoS in
and untrustworthy GPS signals. The implementation of V2I communication: attacks are launched from vehicles
this method does not require the vehicles to carry any in different locations and the target is the RSUs. When
additional equipment (e.g., antenna and receiver). the RSUs are overloaded, they are unable to respond
4) Timing Attack: The timing attack is to delay the trans- to valid requests from normal nodes. Perrig et al. [164]
mission of messages with high real-time requirements. proposed a timed efficient stream loss-tolerant authenti-
As most messages with high real-time requirements are cation (TESLA) model. However, TESLA is vulnerable
critical to the operation of a vehicle and the whole to memory-based DoS attacks. To address this problem,
VANET, a malicious node in the network, which intro- Studer et al. [165] proposed an effective authentica-
duces abnormal latency to certain messages, is of great tion model for broadcast messages using symmetric
harm [194]. Chuang and Lee [162] proposed a decen- cryptography and a delayed key. This model is called
tralized lightweight authentication framework called TESLA++, which is considered to be an improved
the trust-extended authentication mechanism (TEAM). version of TESLA. The advantage of TESLA++ is

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7585

the prevention of memory-based and computation-based operation of the network [204]. This type of attacker
DoS attacks. Liu et al. [166] designed a puzzle-based co- is usually a malicious insider rather than an outsider.
authentication (PCA) scheme. Jie et al. [167] proposed a Such an attack can be mitigated by using anti-malware
mechanism to detect and filter malicious messages in a or firewalls [176].
VANET by introducing port hopping [198] and a singular 7) Jamming Attack: In a jamming attack, a moving vehi-
linear space [199]. cle is used as a node. The nodes communicate with
2) Spamming Attack: Spamming attack is a type of DoS each other by transmitting RF signals. However, due to
attack. In this type of attack, a large amount of spam the low reliability of mobile computing and the high
is sent over the network to consume bandwidth, thereby scalability of the system in a wireless environment,
increasing transmission delay on VANET [200]. Due attackers can launch high-power interference signals
to the lack of centralized management of the transmis- to the communication channel, causing the node to
sion medium, spamming control becomes considerably reduce or even lose the ability to receive data pack-
difficult. Malla and Sahu [169] proposed a redundancy ets [205]. Mokdad et al. [177] proposed a new algorithm,
elimination mechanism consisting of a rate decreasing called DJAVAN, to detect interference attacks in VANET.
algorithm and a state transition mechanism. Karagiannis and Argyriou [178] proposed an unsu-
3) Flooding Attack: Flooding attack is also a type of DoS pervised learning method to detect jamming attacks
attack. The attacker broadcasts fake messages to the on vehicle communication. Benslimane and Nguyen-
VANET through malicious nodes, which can consume a Minh [206] proposed an analytical jamming model,
lot of resources and reduce the throughput of the network. which is able to determine thresholds more accurately
In this case, the network stops service for a certain time in threshold-based detection methods.
period [201]. Faghihniya et al. [170] proposed a method, 8) Broadcast Tampering Attack: In this type of attack, by
called the bus ad hoc on-demand distance vector (B- injecting false security information into the network or
AODV) protocol, for detecting the route request (RREQ) tampering with the broadcast security messages, attack-
flooding attack. ers force the legitimate vehicles to make choices that are
4) Wormhole Attack: In VANET, a wormhole attack involves not good for themselves, which might cause traffic acci-
an attack in which the malicious nodes use the private dents or increase the traffic flow on a certain road [207].
channel already established in the network to transmit Wasef et al. [180] first described that PKI is a viable mech-
information that has been stolen from the network to anism to protect VANET. He and Zhu [179] proposed a
another location in the network instead of transmitting lightweight and efficient broadcast authentication scheme,
it via a normal network connection. A malicious node which mainly adopted a one-way hash chain and group
can make any possible attack, such as packet dropping, key update technology.
data tampering, traffic analysis, etc., on the data passing 3) Data Integrity Attacks and Countermeasures:
through the wormhole tunnel [202]. Safi et al. [171] used 1) Masquerading Attack: In this type of attack, attackers use
a packet leash and an authentication method called HEAP. forged identities to gain informal access to the network.
Ali et al. [172] used the public key cryptosystem RSA In this way, they can alter or discard data packets trans-
and symmetric key encryption technology to broadcast mitted in VANET. An example of this type of attack is a
messages securely. malicious node disguising itself as an emergency vehicle
5) Blackhole Attack: The blackhole attack is a conventional to force other vehicles to slow down or stop [202], [208].
attack against the availability of VANET. After receiv- Malhi and Batra [181] proposed a framework that uses
ing the routing request packet, the malicious nodes in genetic algorithms to detect and prevent masquerading
the network will claim to be the nearest nodes with attacks in VANET.
low latency to the destination node, and thus, many 2) Replay Attack: In this type of attack, malicious vehicles
nodes will choose them as the next-hop node for data repeatedly send messages from a certain time period in
packet forwarding. In the stage of data transmission, the past to other vehicles, causing them to be cheated and
the malicious nodes usually directly discard the data thereby, achieving the purpose of traffic jams. For exam-
packet without forwarding it. As a result, packet loss ple, a malicious vehicle saves messages about a traffic
will occur in VANET [203]. Daeinabi and Rahbar [173] accident from a certain time period in the past and uses it
proposed an algorithm for detecting malicious vehicles to deceive other vehicles after the message expires [209].
that drop packets and isolate them from the normal vehi- Li and Song [182] evaluated the trustworthiness of traf-
cles. Baiad et al. [174] proposed a cross-layer cooperative fic data and vehicle nodes and proposed an anti-resistant
blackhole attack detection scheme that consists of three trust (ART) management scheme. Alazzawi et al. [183]
main layers of defense. Abdulkader et al. [175] proposed proposed a scheme to deal with the replay attack in
a routing protocol called lifetime improving ad hoc on- VANET. The scheme consists of six stages. Compared
demand distance vector (LI-AODV) to deal with the to the previous ID-based schemes [210], [211], the overall
blackhole attack in VANET. communication overhead of this scheme is lower.
6) Malware Attack: In a malware attack, when OBUs and 3) Illusion Attack: In an illusion attack, an attacker manages
RSUs need patches or software updates, it is possible to fake sensor readings on their vehicle to create fake
that malware, such as computer viruses, can disturb the traffic messages and broadcasts them to the neighboring

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7586 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

TABLE II
P OPULAR S IMULATORS FOR N ETWORKING AND C OMMUNICATION IN AUTONOMOUS D RIVING

nodes to cause traffic jams [212]. Lo and Tsai [184] used a environment consume manpower and other material resources,
plausibility network checking module and a rule database excessive experiments may be a waste of time for imma-
to verify the credibility of the message, mainly by check- ture autonomous driving technologies. Generally speaking,
ing whether the timestamp, speed, and other element two kinds of simulators are involved: 1) network simulator
fields of the given message conform to the correspond- and 2) traffic simulator. Network simulators are used to test
ing predefined ruleset of the rule database. Zacharias and the performance of network protocols and applications, while
Fröschle [185] proposed a framework called the misbe- traffic simulators are used to generate vehicle trajectories.
havior detection system (MDS) to detect an illusion attack Table II summarizes popular simulators for the research of
in VANET. V2X communication.
4) Message Alteration Attack: In this type of attack, the
attacker alters the data packets in the network by adding, D. Drawbacks of Existing Countermeasures
deleting, or discarding the data, resulting in the data
integrity being broken [213]. Zhu et al. [186] divided Most existing countermeasures against V2X attacks require
the network into multiple domains, in which an RSU is certain authentication schemes. As V2X related devices have
responsible for allocating group private keys to localize limited computing resources and storage capacity, designing a
the management of vehicles. secure and efficient authentication solution is quite challenging.
4) Confidentiality Attacks and Countermeasures: Two key factors are as follows.
1) Traffic Analysis Attack: In this type of attack, the attacker 1) Lightweight: Most existing authentication protocols are
analyzes the traffic messages in V2X communication, based on elliptic curve or bilinear pairings. The protocols have
extracts and collects as much information as possible high computational and communication overhead. For a large
that is beneficial to them (e.g., location of the vehicle V2X communication network, lightweight solutions should be
and driving path of the vehicle), and induces bad behavior developed.
in other vehicles, which violates the data confidentiality 2) Mutual Authentication: Most existing authentication pro-
in VANET [214]. Cencioni and Di Pietro [187] proposed tocols only conduct unilateral authentication. For instance, the
a communication protocol called the V2I privacy enforce- receiver of a message can confirm the identity of the sender,
ment protocol (VIPER) to deal with traffic analysis attacks while the sender cannot confirm whether the receiver is a
in VANET. In order to prevent the attacker from learning legitimate user. Mutual authentication can guarantee a secure
the identity of the message sender from the message field, communication.
VIPER uses universal reencryption [215] to encrypt each
message. E. Blockchain-Based Security Measures for Vehicular
2) Eavesdropping Attack: Due to the broadcast nature of Networks
wireless communication of VANET, the communication For the countermeasures elaborated in Section VI-B, there
among vehicles might be eavesdropped by illegal users. is another challenging factor, decentralization. Most existing
Eavesdropping attack is a common attack against confi- authentication protocols need trusted third-party organizations
dentiality that is usually launched at the network layer. to complete key distribution and authentication functionalities.
In this type of attack, the attacker obtains confidential The security of these authentication protocols heavily relies on
data, such as the location data used to track a vehicle, third-party organizations. However, a centralized third-party
for their own purposes [216]. Dai et al. [188] proposed organization is likely to be compromised. The concept of
a security framework based on indirect reciprocity. The decentralization should be introduced.
framework assigns a scalar reputation to each vehicle Since V2X communication is conducted in VANET, V2X
node in VANET and this is used for estimating how communication security can be tackled from another perspec-
dangerous each node is to the VANET. tive, a vehicular network. As a powerful mathematical package,
which is born with decentralization, blockchain has attracted
C. V2X Communication Simulators much research attention [225]–[227].
The research of V2X communication security requires Yang et al. [228] proposed a decentralized blockchain-based
powerful experimental support. Since experiments in a real trust management system for vehicular networks. Messages

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7587

TABLE III
F EATURES AND ATTACK D EFENSE OF B LOCKCHAIN -BASED M EASURES VII. D ISCUSSION AND S OLUTION
A. Real-World Cases
Six representative cases of the four security dimensions
elaborated previously are described as follows.
1) Sensor Security: In May 2016, a Tesla Model S with
autopilot enabled in it crashed into a towed truck while turn-
ing left on a highway in Florida, USA, causing the driver’s
death [236]. The self-driving car was equipped with the
Mobileye EyeQ3 vision system mounted in the middle of the
windshield, a millimeter-wave radar under the front bumper,
and 12 ultrasonic sensors around the body. The camera view
on the Tesla car was blocked when the white truck turned,
and at the same time, coupled with the interference of strong
ambient light, the camera could not recognize the vehicles on
the ground. The installation position of the millimeter-wave
radar was too low, and the height of the chassis of the truck
was higher than the detection distance of the millimeter-wave
radar, which led to the failure of radar perception. In the case of
an ultrasonic radar, since its measurement distance is generally
short, it is impossible to detect longitudinal obstacles when
driving at high speed. In general, this accident shows that the
combination of the Mobileye vision system with the percep-
tion of the millimeter-wave radar is insufficient for solving the
received by a vehicle can be validated with neighboring vehicles situation in the accident.
by a Bayesian inference model. A block is constructed based In June 2020, a Tesla car with autopilot enabled in it collided
on the validation results by RSUs. with a white truck [237]. Eight cameras and 12 millimeter-wave
Zhang et al. [229] developed an AI-enabled trust management radars were installed around the car’s body. The cameras were
system, which is similar to the proposal in [228]. The AI package used for object recognition, whereas the radars were mainly
used in the system is a deep learning algorithm. used for measuring and following the speed of the vehicle on
Zheng et al. [230] proposed a blockchain-based secure com- its front and its recognition rate for complex types of static
putation offloading model for edge cloud offloading. To achieve objects was not high. In the sensor fusion process, only when
consensus in vehicular networks, the authors developed a dis- the camera recognizes the vehicle in its front, can it be called
tributed hierarchical software-defined VANET (SDV) security the speed measurement information of the radar. This is because
architecture. the camera recognizes obstacles based on the illumination and
Li et al. [231] developed a fair and anonymous scheme the physical colors of the surroundings. In this accident, the
for advertising in vehicular networks. The fairness is achieved color of the vehicle in front of the car and the surrounding
using the Merkel hash tree and smart contracts. The anonymity environment was similar. In addition, interference of strong
is ensured with zero-knowledge proof techniques. ambient light led to an erroneous judgment of the camera. It
Kudva et al. [232] proposed a method called Proof of Driving is believed that there were no obstacles in front of the car.
(PoD). It is used to randomize the selection of honest miners for Another reason could be the limitation of the training data
generating the blocks efficiently for blockchain-based VANET used in the camera vision algorithm. The deep learning model
applications. might not have been able to classify the top of the truck box,
Ma et al. [233] developed a decentralized key management which led to the failure of its perception.
mechanism based on blockchain for VANET. The registration, 2) Operating System Security: In March 2018, in Arizona,
update, and revocation of vehicle’s public key are automatically USA, an unmanned Uber vehicle collided with a cyclist during
conducted. a road test, causing the world’s first unmanned driving acci-
Chen et al. [234] proposed a traceable and authenticated dent in which a pedestrian died [238]. The unmanned vehicle
key negotiation scheme based on blockchain. The scheme was equipped with seven cameras, a 64-line LiDAR instru-
can be used for data sharing and electric transactions among ment, and multiple millimeter-wave radars. When the sensors
vehicles. detect pedestrians, the information is delivered to the central
Kaur et al. [235] developed a blockchain-based authentication processing unit of the vehicle for processing in order to con-
mechanism for vehicular fog infrastructure. A cross-datacenter trol the next move of the vehicle. According to the NTSB
authentication and key-exchange scheme based on blockchain report, Uber found that the data collected by the camera,
and elliptic curve cryptography (ECC) was elaborated. LiDAR, and radar on the unmanned vehicle were normal, and
For the above recent advances of blockchain-based security the LiDAR had detected the cyclist crossing the road 5.6 s
measures for vehicular networks, Table III shows their features before the accident. However, the classification of objects in
and attacks, which could be defensed. the autonomous driving system was erroneous, and this led

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7588 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

Fig. 6. Multilayered defense architecture.

to the failure of the software to correctly predict the victim’s B. Conceptual Vehicle Information Security Framework
category and movement trajectory. The automated emergency In order to ensure the safe operation of autonomous vehicles
braking system is generally required to turn on 1.3 s before while driving, a real-time monitoring system for autonomous
the collision, but Uber disabled this function to prevent erratic vehicles should be designed for monitoring the environmen-
driving [239]. tal status, the status of the vehicle itself, the status of the
3) Control System Security: In June 2015, two security autonomous driving hardware and software, and the status of
experts, Charlie and Chris, used system vulnerabilities to the driver. From the judgment of various state changes, the
remotely control a Chrysler Jeep car multimedia system to corresponding prompts, warnings, and triggers of the takeover
obtain permission for remotely sending commands to the CAN strategy should be carried out in order to ensure that the process
bus [240]. Without the user’s knowledge, the driving speed of automatic driving is always controllable, safe, and reliable.
of the car was reduced and ignition is turned off. Either the After a problem has been identified, it is necessary to provide
car engine suddenly braked or the brakes failed, causing 1.4 an online diagnostic system to help users quickly determine the
million vehicles to be returned to the factory for repair. This inci- problem of the automatic driving system and provide feasible
dent has exposed many security issues of the vehicle network, solutions to help users restore the system to a usable and safe
such as the use of the same cellular network for communicat- state as soon as possible.
ing with the device, lack of code signing, and no automatic In the present work, we have constructed a vehicle
update function, and these undoubtedly provide opportunities information security solution based on the multilayer depth
for hackers to attack vehicles. In addition, hackers can also defense system. The main aim of the system is to “defend
use features such as the data flow entering the vehicle from against external intrusions, prevent leakage of core applications
the infrastructure to launch new attack channels against the and private data, and prevent threats of vehicle control.” As
vehicle. shown in Fig. 6, the vehicle information security framework
4) V2X Communication Security: In November 2016, based on the multilayer depth defense system is mainly divided
researchers from the Norwegian security service company into six layers: 1) an external communication layer; 2) an access
Promon obtained the username and password of a Tesla APP gateway layer; 3) a network defense layer; 4) an in-car applica-
account when they hacked into the user’s mobile phone [241]. tion layer; 5) a system defense layer; and 6) a control defense
By logging into the Tesla IoVs service platform, they could layer.
locate, track, unlock, and start the vehicle at any time, eventually 1) External Communication Layer: The complete PKI
leading to the vehicle being stolen. In January 2018, a hacker system issues certificates for the devices participating in the
attacked the data server of the car-sharing service provider automatic driving system and provides the required key and
GoGet, using the company’s server to access the company’s certificate management services. Secure communication is pro-
fleet and download user information, resulting in the leakage vided among the devices of the autonomous driving system and
of a large amount of private data of car owners [242]. between the cloud and the car terminal to ensure confidentiality,
The main reason for the above two incidents is that the integrity, authenticity, and tamper-proof communication data.
external network that the vehicle communicates with does not The security upgrade kit ensures the safety and reliability of
have a complete mechanism for encryption, authentication, and the OTA communication.
access control to prevent identity impersonation and information 2) Access Gateway Layer: The dedicated vehicle secu-
theft. Therefore, in the future design of the V2X communica- rity gateway isolates and controls access between the vehicle
tion network, in addition to reducing the network delay, it is network and the Internet and vehicle subnetworks, and identifies
necessary to strengthen the end-to-end encryption transmission, instructions, detects and prevents abnormal network behavior
authentication, access control and abnormal traffic monitoring, and operation instructions of untrusted vehicles in order to
and other security measures. ensure vehicle network security.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7589

3) In-Car Application Layer: Based on the chip hardware sensor data and fool the high-level algorithms. Both actual sen-
security, from operating system guidance to running applica- sor failure and attacks demand the autonomous driving system to
tions, a credibility measurement is performed throughout the operate in an error/intrusion-tolerant manner. We consider that
entire process to prevent the operating system, core applica- sensors and sensor data can be covered in the “access gateway
tions, and data from being tampered with. The privacy system layer.” This layer directly cooperates with the “external commu-
provides protection for the core intellectual property (IP) and nication layer.” There are some information, which cannot be
important business value data. included in a PKI system of the external communication layer,
4) Network Defense Layer: The deep packet inspection such as sunlight, rain, snow, fog, and shadows. Sensor data
(DPI) [243], [244] system is deployed on the IoVs platform to related to these phenomena can be cross-validated by multiple
collect and analyze traffic and message content at key points types of sensors with different data sources as described in
in the vehicle network to detect abnormal network communi- Section III-F. In this case, both actual sensor failure and attacks
cation traffic and other behaviors and make audit records for may get compensated. Then, an autonomous driving system is
subsequent security analysis. expected to run in an error/intrusion-tolerant manner.
5) System Defense Layer: By using security assessment, For operating system security, we hold that the major secu-
penetration testing, deployment of anti-distributed denial-of- rity drawback for the dominating operation system ROS2 in
service, WEB application firewall, and security log analysis autonomous driving is it lacks protection for secure communi-
tools on the cloud platform, the safe operation of the cloud plat- cation. We consider that the operating system security can be
form is ensured. For mobile applications, the use of the memory covered in the external communication layer. In this layer, the
obfuscation technology, patented virtual machine encryption security of the operating system is first ensured from exter-
technology, high strong protection shell technology, etc., to nal communication and information, which flows in and out
ensure that the application will not be used by hackers for ROS2. Then, the OTA communication is secured by a correct
vehicle attacks. use of the security upgrade kit. Moreover, the operating system
6) Control Security Layer: By encrypting CAN bus com- security can be covered in the “in-car application layer.” In this
munication, it is ensured that the messages transmitted by the layer, the chip hardware security ensures that from operating
CAN bus of autonomous vehicles are not hijacked by malicious system guidance to running applications, a credibility measure-
users. By monitoring the vehicle-mounted ECU, the monitor- ment is performed throughout the entire process to prevent the
ing module can determine whether a certain ECU is invaded operating system, core applications, and data from being tam-
by a malicious user, i.e., illegally obtaining the right to use pered with. The in-car application layer also possesses black
the CAN bus. Functional safety ensures that the functions of box, security computer, and other devices. These components
the various components of the vehicle control system can be interact with each other based on the technologies (e.g., RT
operated and run smoothly. security and SSL) provided by the module “system defense”
The vehicle extracts information from the cloud and the in Fig. 6. The above interactions are expected to achieve a
external environment using the external communication layer secure operating environment for both the operating system and
and transmits this information to the access gateway layer. This applications.
layer uses a dedicated vehicle security gateway that is divided For control system security, we hold that the major draw-
into two isolation areas, which isolate the vehicle network backs of existing protection methods for the control system are
from the Internet and vehicle subnetworks, and part of the the significant computational cost and unsatisfactory real-time
information is transmitted to the black box and the security performance. We consider that control system security can
computer in the application layer of the car. For example, be covered in the “control security layer.” In this layer, the
the data of various sensors are recorded, stored, and analyzed measures we adopted are effective choices, which are com-
when the system requires the driver to control the car. Other monly accepted. These measures themselves do not show any
equipment inside include the control of the accelerator and improvement on computational cost or real-time performance.
brake. The network defense layer uses the network isolation Nonetheless, the burdens on encryption and monitoring can
method to deploy the DPI system in the IoVs for analyzing be alleviated by partition encryption and RT security in the
abnormal network behavior and for using the dynamic defense module system defense and the three features in the module
system to monitor and block network attacks in time. Finally, the “network defense” illustrated in Fig. 6.
system defense layer uses RT management, secure sockets layer For V2X communication security, we hold that the major
(SSL) certificates, partition encryption, and other operations to drawback of existing countermeasures for the V2X commu-
perform safety guidance of the vehicle. After passing through nication is the requirement of authentication. As is known to
the system security layer, the vehicle needs to pass the executed all, communication protocols based on authentication schemes
instructions to control the security layer. The control security often possess high computational overhead, as well as extra
layer transmits control instructions to the actual components of communication overhead. Thus, lightweight solutions are
the vehicle by encrypting CAN, ECU monitoring, and ensuring needed. Besides high overhead, unilateral authentication is
the functional safety of the control system. another flaw in most existing authentication schemes used
For sensor security, we hold that actual sensor failure often for V2X communication in autonomous driving. Though dis-
shows its existence (e.g., obvious abnormal readings and sud- tributed solutions (e.g., blockchain-based security measures
den/dramatic changes of sensor data). On the contrary, the attacks described in Section VI-E) address the centralized problem,
against sensors are much sneakier. They tend to manipulate the mutual authentication is still missing. Based on our investigation

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7590 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

and literature review, current authentication/encryption schemes [10] P. K Manadhata, K. M. Tan, R. A. Maxion, and J. M. Wing, “An
are unable to possess completeness and robustness with a approach to measuring a system’s attack surface,” School Comput. Sci.,
Carnegie Mellon Univ., Pittsburgh, PA, USA, Rep. CMU-CS-07-146,
lightweight design. We consider that the V2X communication Aug. 2007.
security can be covered in the external communication layer. [11] P. K. Manadhatam, “Game theoretic approaches to attack surface
In this layer, it is expected that the PKI system together with shifting,” in Moving Target Defense II. New York, NY, USA: Springer,
2013, pp. 1–13.
other supportive technologies is able to secure the V2X com- [12] P. Manadhata, J. Wing, M. Flynn, and M. McQueen, “Measuring the
munication to some extent. Moreover, it can be covered in attack surfaces of two FTP daemons,” in Proc. 2nd ACM Workshop
the “network defense layer.” In this layer, traffic analysis con- Qual. Protection, 2006, pp. 3–10.
[13] C. Theisen, N. Munaiah, M. Al-Zyoud, J. C. Carver, A. Meneely,
ducted in the vehicular network is expected to detect abnormal and L. Williams, “Attack surface definitions: A systematic literature
communication and other behaviors, which might indicate a review,” Inf. Softw. Technol., vol. 104, pp. 94–103, Dec. 2018.
security issue. [14] S. Rizvi, R. J. Orr, A. Cox, P. Ashokkumar, and M. R. Rizvi,
“Identifying the attack surface for IoT network,” Internet Things,
vol. 9, Mar. 2020, Art. no. 100162.
VIII. C ONCLUSION [15] C. Theisen, K. Herzig, B. Murphy, and L. Williams, “Risk-based
attack surface approximation: How much data is enough?” in Proc.
Security is the primary requirement for autonomous driving. IEEE/ACM 39th Int. Conf. Softw. Eng. Pract. Track (ICSE-SEIP),
In this work, a retrospective and prospective study has been con- 2017, pp. 273–282.
[16] N. Munaiah and A. Meneely, “Beyond the attack surface: Assessing
ducted in terms of four aspects: 1) sensor security; 2) operating security risk with random walks on call graphs,” in Proc. ACM
system security; 3) control system security; and 4) V2X com- Workshop Softw. Protection, 2016, pp. 3–14.
munication security. A detailed discussion of each attack path [17] C. Theisen, K. Herzig, P. Morrison, B. Murphy, and L. Williams,
“Approximating attack surfaces with stack traces,” in Proc. IEEE/ACM
and the existing defense measures against these attack paths has 37th Int. Conf. Softw. Eng., vol. 2, 2015, pp. 199–208.
been presented. The security problems of autonomous vehicles, [18] C. Maple, M. Bradbury, A. T. Le, and K. Ghirardello, “A connected and
caused by hackers intruding and tampering with data, belong autonomous vehicle reference architecture for attack surface analysis,”
Appl. Sci., vol. 9, no. 23, p. 5101, 2019.
to the category of information security, and thus, a conceptual
[19] M. Salfer and C. Eckert, “Attack surface and vulnerability assessment
framework has been proposed in this work to build an effi- of automotive electronic control units,” in Proc. 12th Int. Joint Conf.
cient vehicle information security. However, if an autonomous e-Bus. Telecommun. (ICETE), vol. 4, 2015, pp. 317–326.
vehicle is to be mass produced, academia and industry still [20] S. Checkoway et al., “Comprehensive experimental analyses of auto-
motive attack surfaces,” in Proc. 20th USENIX Security Symp. (USENIX
need to conduct additional research on the attack surface of Security 11), vol. 4, 2011, pp. 447–462.
autonomous driving modules. We hope that this article will [21] Intel Transportation Solutions Division. “Research Summary of the
attract attention in the computer and automobile circles. Intel Automotive Security Research Workshops.” 2016. [Online].
Available: https://www.intel.com/content/dam/www/public/us/en/
documents/product-briefs/automotive-security-research-workshops-
summary.pdf (Accessed: Jul. 5, 2021).
ACKNOWLEDGMENT
[22] A. Chattopadhyay, K.-Y. Lam, and Y. Tavva, “Autonomous vehicle:
The authors would like to thank the anonymous reviewers Security by design,” IEEE Trans. Intell. Transp. Syst., vol. 22, no. 11,
whose comments and suggestions greatly helped them improve pp. 7015–7029, Nov. 2021.
[23] D. Dominic, S. Chhawri, R. M. Eustice, D. Ma, and A. Weimerskirch,
the quality and presentation of this article. Cong Gao wants “Risk assessment for cooperative automated driving,” in Proc. 2nd
to thank his beloved mother, Miling Shen and family for their ACM Workshop Cyber Phys. Syst. Security Privacy, 2016, pp. 47–58.
endless support and encouragement. [24] C. McCarthy, K. Harnett, and A. Carter, “Characterization of poten-
tial security threats in modern automobiles: A composite modeling
approach,” Nat. Highway Traffic Safety Administration United States,
Washington, DC, USA, Rep. DOT HS 812 074, Oct. 2014.
R EFERENCES
[25] O. Henniger, L. Apvrille, A. Fuchs, Y. Roudier, A. Ruddle, and
[1] P. Koopman and M. Wagner, “Autonomous vehicle safety: An inter- B. Weyl, “Security requirements for automotive on-board networks,”
disciplinary challenge,” IEEE Intell. Transp. Syst. Mag., vol. 9, no. 1, in Proc. 9th Int. Conf. Intell. Transp. Syst. Telecommun. (ITST), 2009,
pp. 90–96, Jan. 2017. pp. 641–646.
[2] K. Ren, Q. Wang, C. Wang, Z. Qin, and X. Lin, “The security of [26] J. Petit and S. E. Shladover, “Potential cyberattacks on automated
autonomous driving: Threats, defenses, and future directions,” Proc. vehicles,” IEEE Trans. Intell. Transp. Syst., vol. 16, no. 2, pp. 546–556,
IEEE, vol. 108, no. 2, pp. 357–372, Feb. 2020. Apr. 2015.
[3] Q. Luo, Y. Cao, J. Liu, and A. Benslimane, “Localization and navigation [27] K. Xiao, W. Shi, Z. Gao, C. Yao, and X. Qiu, “DAER: A resource
in autonomous driving: Threats and countermeasures,” IEEE Wireless preallocation algorithm of edge computing server by using blockchain
Commun., vol. 26, no. 4, pp. 38–45, Aug. 2019. in intelligent driving,” IEEE Internet Things J., vol. 7, no. 10,
[4] S. Liu, L. Li, J. Tang, S. Wu, and J.-L. Gaudiot, Creating Autonomous pp. 9291–9302, Oct. 2020.
Vehicle Systems (Synthesis Lectures on Computer Science), vol. 6. [28] Y. Gu, L.-T. Hsu, and S. Kamijo, “Passive sensor integration for
Williston, VT, USA: Morgan & Claypool, 2017, p. 186. vehicle self-localization in urban traffic environment,” Sensors, vol. 15,
[5] “Apollo.” Baidu Inc. [Online]. Available: no. 12, pp. 30199–30220, 2015.
https://github.com/ApolloAuto/apollo (Accessed: Jul. 5, 2021). [29] G. Kar et al., “Detection of on-road vehicles emanating GPS
[6] M. Quigley et al., “ROS: An open-source robot operating system,” in interference,” in Proc. ACM SIGSAC Conf. Comput. Commun. Security,
Proc. IEEE Int. Conf. Robot. Autom. (ICRA) Workshop Open Source 2014, pp. 621–632.
Softw., 2009, pp. 1–6. [30] G. Bresson, Z. Alsayed, L. Yu, and S. Glaser, “Simultaneous localization
[7] M. Howard. “Fending Off Future Attacks by Reducing Attack and mapping: A survey of current trends in autonomous driving,”
Surface.” Feb. 2003. [Online]. Available: https://docs.microsoft.com/en- IEEE Trans. Intell. Veh., vol. 2, no. 3, pp. 194–220, Sep. 2017.
us/previous-versions/ms972812(v=msdn.10) (Accessed: Jul. 5, 2021). [31] Q. Zhu, L. Chen, Q. Li, M. Li, A. Nüchter, and J. Wang, “3D LiDAR
[8] P. K. Manadhata and J. M. Wing, “An attack surface metric,” IEEE point cloud based intersection recognition for autonomous driving,”
Trans. Softw. Eng., vol. 37, no. 3, pp. 371–386, May/Jun. 2011. in Proc. IEEE Intell. Veh. Symp., 2012, pp. 456–461.
[9] P. Manadhata and J. M. Wing, “Measuring a system’s attack surface,” [32] A. Singandhupe and H. La, “A review of SLAM techniques and
School Comput. Sci., Carnegie Mellon Univ., Pittsburgh, PA, USA, security in autonomous driving,” in Proc. 3rd IEEE Int. Conf. Robot.
Rep. CMU-CS-04-102„ Jan. 2004. Comput. (IRC), 2019, pp. 602–607.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7591

[33] W. Xu, C. Yan, W. Jia, X. Ji, and J. Liu, “Analyzing and enhancing [57] T. Li, H. Zhang, Z. Gao, Q. Chen, and X. Niu, “High-accuracy
the security of ultrasonic sensors for autonomous vehicles,” IEEE positioning in urban environments using single-frequency multi-
Internet Things J., vol. 5, no. 6, pp. 5015–5029, Dec. 2018. GNSS RTK/MEMS-IMU integration,” Remote Sens., vol. 10, no. 2,
[34] M. Campbell, M. Egerstedt, J. P. How, and R. M. Murray, “Autonomous pp. 205–216, 2018.
driving in urban environments: Approaches, lessons and challenges,” [58] R. T. Ioannides, T. Pany, and G. Gibbons, “Known vulnerabilities
Philosoph. Trans. Roy. Soc. A, Math. Phys. Eng. Sci., vol. 368, of global navigation satellite systems, status, and potential mitigation
no. 1928, pp. 4649–4672, 2010. techniques,” Proc. IEEE, vol. 104, no. 6, pp. 1174–1194, Jun. 2016.
[35] M. Ilievski et al., “Design space of behaviour planning for autonomous [59] V. L. L. Thing and J. Wu, “Autonomous vehicle security: A taxonomy
driving,” 2019, arXiv:1908.07931. of attacks and defences,” in Proc. IEEE Int. Conf. Internet Things
[36] H. Cheng, Autonomous Intelligent Vehicles: Theory, Algorithms, and (iThings) IEEE Green Comput. Commun. (GreenCom) IEEE Cyber
Implementation. London, U.K.: Springer, 2011. Phys. Social Comput. (CPSCom) IEEE Smart Data (SmartData), 2016,
[37] C. Katrakazas, M. Quddus, W.-H. Chen, and L. Deka, “Real-time pp. 164–170.
motion planning methods for autonomous on-road driving: State-of- [60] J. Magiera and R. Katulski, “Detection and mitigation of GPS spoofing
the-art and future research directions,” Transp. Res. C, Emerg. Technol., based on antenna array processing,” J. Appl. Res. Technol., vol. 13,
vol. 60, pp. 416–442, Nov. 2015. no. 1, pp. 45–57, 2015.
[38] M. Zhang, N. Li, A. Girard, and I. Kolmanovsky, “A finite state machine [61] S. Han, L. Chen, W. Meng, and C. Li, “Improve the security of
based automated driving controller and its stochastic optimization,” GNSS receivers through spoofing mitigation,” IEEE Access, vol. 5,
in Proc. Dyn. Syst. Control Conf., 2017, pp. 1–10. pp. 21057–21069, 2017.
[39] S.-H. Bae, S.-H. Joo, J.-W. Pyo, J.-S. Yoon, K. Lee, and T.-Y. Kuc, [62] S. Dasgupta, M. Rahman, M. Islam, and M. Chowdhury, “Prediction-
“Finite state machine based vehicle system for autonomous driving based GNSS spoofing attack detection for autonomous vehicles,” 2020,
in urban environments,” in Proc. 20th Int. Conf. Control Autom. Syst. arXiv:2010.11722.
(ICCAS), 2020, pp. 1181–1186. [63] H. Schafer, E. Santana, A. Haden, and R. Biasini, “A commute in
[40] J. Liu and J. Liu, “Intelligent and connected vehicles: Current situation, data: The comma2k19 dataset,” 2018, arXiv:1812.05752.
future directions, and challenges,” IEEE Commun. Stand. Mag., vol. 2, [64] R. Mit, Y. Zangvil, and D. Katalan, “Analyzing Tesla’s level 2
no. 3, pp. 59–65, Sep. 2018. autonomous driving system under different GNSS spoofing scenarios
[41] R. Marino, S. Scalzi, and M. Netto, “Nested PID steering control for and implementing connected services for authentication and reliability
lane keeping in autonomous vehicles,” Control Eng. Pract., vol. 19, of GNSS data,” in Proc. 33rd Int. Tech. Meeting Satellite Division
no. 12, pp. 1459–1467, 2011. Inst. Navigation (ION GNSS+), 2020, pp. 621–646.
[42] W. Farag and Z. Saleh, “Tuning of PID track followers for autonomous [65] S. Dasgupta, T. Ghosh, and M. Rahman, “A reinforcement learning
driving,” in Proc. Int. Conf. Innovation Intell. Informat. Comput. approach for GNSS spoofing attack detection of autonomous vehicles,”
Technol. (3ICT), 2018, pp. 1–7. 2021, arXiv:2108.08628.
[43] Q. Zhang et al., “OpenVDAP: An open vehicular data analytics [66] V. Ramanishka, Y.-T. Chen, T. Misu, and K. Saenko, “Toward driving
platform for CAVs,” in Proc. IEEE 38th Int. Conf. Distrib. Comput. scene understanding: A dataset for learning driver behavior and causal
Syst. (ICDCS), 2018, pp. 1310–1320. reasoning,” in Proc. IEEE Conf. Comput. Vis. Pattern Recognit., 2018,
[44] L. Liu et al., “Computing systems for autonomous driving: State pp. 7699–7707.
of the art and challenges,” IEEE Internet Things J., vol. 8, no. 8,
[67] A. Broumandan and G. Lachapelle, “Spoofing detection using
pp. 6469–6486, Apr. 2021.
GNSS/INS/Odometer coupling for vehicular navigation,” Sensors,
[45] Z. El-Rewini, K. Sadatsharan, N. Sugunaraj, D. F. Selvaraj,
vol. 18, no. 5, p. 1305, 2018.
S. J. Plathottam, and P. Ranganathan, “Cybersecurity attacks in vehic-
[68] J. Song et al., “Credible navigation algorithm for GNSS attack detection
ular sensors,” IEEE Sensors J., vol. 20, no. 22, pp. 13752–13767,
using auxiliary sensor system,” Appl. Sci., vol. 11, no. 14, p. 6321,
Nov. 2020.
2021.
[46] M. Hirz and B. Walzel, “Sensor and object recognition technologies
[69] S. H. Jeong et al., “Low cost design of parallel parking assist system
for self-driving cars,” Comput.-Aided Design Appl., vol. 15, no. 4,
based on an ultrasonic sensor,” Int. J. Autom. Technol., vol. 11, no. 3,
pp. 501–508, 2018.
pp. 409–416, 2010.
[47] J. Petit, B. Stottelaar, M. Feiri, and F. Kargl, “Remote attacks on
automated vehicles sensors: Experiments on camera and LiDAR,” in [70] C. Yan, W. Xu, and J. Liu, “Can you trust autonomous vehicles:
Proc. Black Hat Europe, vol. 11, 2015, p. 995. Contactless attacks against sensors of self-driving vehicles,” in Proc.
[48] J. Lu, H. Sibai, E. Fabry, and D. Forsyth, “Standard detectors Def Con, vol. 24, 2016, p. 109.
aren’t (currently) fooled by physical adversarial stop signs,” 2017, [71] B. S. Lim, S. L. Keoh, and V. L. L. Thing, “Autonomous vehicle
arXiv:1710.03337. ultrasonic sensor vulnerability and impact assessment,” in Proc. IEEE
[49] J. Zhang et al., “Detecting and identifying optical signal attacks on 4th World Forum Internet Things (WF-IoT), 2018, pp. 231–236.
autonomous driving systems,” IEEE Internet Things J., vol. 8, no. 2, [72] J. Lou, Q. Yan, Q. Hui, and H. Zeng, “SoundFence: Securing
pp. 1140–1153, Jan. 2021. ultrasonic sensors in vehicles using physical-layer defense,” 2021,
[50] Y. Cao et al., “Invisible for both camera and LiDAR: Security of arXiv:2105.07574.
multi-sensor fusion based perception in autonomous driving under [73] K. Ramasubramanian and K. Ramaiah, “Moving from legacy 24 GHz
physical-world attacks,” in Proc. IEEE Symp. Security Privacy (SP), to state-of-the-art 77-GHz radar,” ATZelektronik Worldwide, vol. 13,
2021, pp. 176–194. no. 3, pp. 46–49, 2018.
[51] C. DiPalma, N. Wang, T. Sato, and Q. A. Chen, “Demo: Security [74] P. Kapoor, A. Vora, and K.-D. Kang, “Detecting and mitigating
of camera-based perception for autonomous driving under adversarial spoofing attack against an automotive radar,” in Proc. IEEE 88th Veh.
attack,” in Proc. IEEE Security Privacy Workshops (SPW), 2021, Technol. Conf. (VTC-Fall), 2018, pp. 1–6.
p. 243. [75] C. Zhou, Q. Liu, and X. Chen, “Parameter estimation and suppression
[52] G. Rong et al., “LGSVL simulator: A high fidelity simulator for for DRFM-based interrupted sampling repeater jammer,” IET Radar
autonomous driving,” in Proc. IEEE 23rd Int. Conf. Intell. Transp. Sonar Navigation, vol. 12, no. 1, pp. 56–63, 2018.
Syst. (ITSC), 2020, pp. 1–6. [76] Z. Guan, Y. Chen, P. Lei, D. Li, and Y. Zhao, “Application of
[53] C. Kyrkou et al., “Towards artificial-intelligence-based cybersecurity hash function on FMCW based millimeter-wave radar against DRFM
for robustifying automated driving systems against camera sensor jamming,” IEEE Access, vol. 7, pp. 92285–92295, 2019.
attacks,” in Proc. IEEE Comput. Soc. Annu. Symp. VLSI (ISVLSI), [77] Z. Sun, S. Balakrishnan, L. Su, A. Bhuyan, P. Wang, and C. Qiao,
2020, pp. 476–481. “Who is in control? Practical physical layer attack and defense for
[54] C. Vitale et al., “The CARAMEL project: A secure architecture mmWave based sensing in autonomous vehicles,” IEEE Trans. Inf.
for connected and autonomous vehicles,” in Proc. Eur. Conf. Netw. Forensics Security, vol. 16, pp. 3199–3214, 2021.
Commun. (EuCNC), 2020, pp. 133–138. [78] H. Shin, D. Kim, Y. Kwon, and Y. Kim, “Illusion and dazzle:
[55] A. Dosovitskiy, G. Ros, F. Codevilla, A. Lopez, and V. Koltun, Adversarial optical channel exploits against LiDARs for automotive
“CARLA: An open urban driving simulator,” in Proc. Conf. Robot applications,” in Proc. Int. Conf. Cryptogr. Hardw. Embedded Syst.,
Learn. (PMLR), 2017, pp. 1–16. 2017, pp. 445–467.
[56] M. M. Atia et al., “A low-cost lane-determination system using [79] Y. Cao et al., “Adversarial sensor attack on LiDAR-based perception in
GNSS/IMU fusion and HMM-based multistage map matching,” IEEE autonomous driving,” in Proc. ACM SIGSAC Conf. Comput. Commun.
Trans. Intell. Transp. Syst., vol. 18, no. 11, pp. 3027–3037, Nov. 2017. Security, 2019, pp. 2267–2281.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7592 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

[80] J. Sun, Y. Cao, Q. A. Chen, and Z. M. Mao, “Towards robust [103] K. Xu, X. Xiao, J. Miao, and Q. Luo, “Data driven prediction
LiDAR-based perception in autonomous driving: General black-box architecture for autonomous driving and its application on Apollo
adversarial sensor attack and countermeasures,” in Proc. 29th USENIX platform,” in Proc. IEEE Intell. Veh. Symp. (IV), 2020, pp. 175–181.
Security Symp. (USENIX Security), 2020, pp. 877–894. [104] G. Pardo-Castellote, “OMG data-distribution service: Architectural
[81] R. Changalvala and H. Malik, “LiDAR data integrity verification for overview,” in Proc. 23rd Int. Conf. Distrib. Comput. Syst. Workshops,
autonomous vehicle using 3D data hiding,” in Proc. IEEE Symp. 2003, pp. 200–206.
Series Comput. Intell. (SSCI), 2019, pp. 1219–1225. [105] C. Eryigit and S. Uyar, “Integrating agents into data-centric naval
[82] A. Geiger, P. Lenz, and R. Urtasun, “Are we ready for autonomous combat management systems,” in Proc. 23rd Int. Symp. Comput. Inf.
driving? The KITTI vision benchmark suite,” in Proc. IEEE Conf. Sci., 2008, pp. 1–4.
Comput. Vis. Pattern Recognit., 2012, pp. 3354–3361. [106] J. Kim, J. M. Smereka, C. Cheung, S. Nepal, and M. Grobler, “Security
[83] K. Yang, T. Tsai, H. Yu, M. Panoff, T.-Y. Ho, and Y. Jin, “Robust and performance considerations in ROS2: A balancing act,” 2018,
roadside physical adversarial attack against deep learning in LiDAR arXiv:1809.09566.
perception modules,” in Proc. ACM Asia Conf. Comput. Commun. [107] “DDS Security.” Object Management Group. Jul. 2018. [Online].
Security, 2021, pp. 349–362. Available: https://www.omg.org/spec/DDS-SECURITY/1.1 (Accessed
[84] C. You, Z. Hau, and S. Demetriou, “Temporal consistency checks to Jul. 5, 2021).
detect LiDAR spoofing attacks on autonomous vehicle perception,” [108] Autoware Foundation. “Autoware.” [Online]. Available:
2021, arXiv:2106.07833. https://github.com/Autoware-AI/autoware.ai/ (Accessed Jul. 5,
[85] G. Sabaliauskaite, L. S. Liew, and J. Cui, “Integrating autonomous 2021).
vehicle safety and security analysis using STPA method and the [109] M. Reke et al., “A self-driving car architecture in ROS2,” in Proc.
six-step model,” Int. J. Adv. Security, vol. 11, nos. 1–2, pp. 160–169, Int. SAUPEC/RobMech/PRASA Conf., 2020, pp. 1–6.
2018. [110] V. DiLuoffo, W. R. Michalson, and B. Sunar, “Robot operating system 2:
[86] M. Realpe, B. X. Vintimilla, and L. Vlacic, “A fault tolerant perception The need for a holistic security approach to robotic architectures,”
system for autonomous vehicles,” in Proc. 35th Chin. Control Conf. Int. J. Adv. Robot. Syst., vol. 15, no. 3, pp. 1–15, 2018.
(CCC), 2016, pp. 6531–6536. [111] Real-Time Innovations. “Software system integration with connext
[87] N. Pous, D. Gingras, and D. Gruyer, “Intelligent vehicle embedded DDS professional.” [Online]. Available: https://www.rti.com/products/
sensors fault detection and isolation using analytical redundancy and connext-dds-professional (Accessed: Jul. 5, 2021).
nonlinear transformations,” J. Control Sci. Eng., vol. 2017, pp. 1–10, [112] eProsima. “eProsima fast DDS.” [Online]. Available: https://www.
2017. eprosima.com/index.php/products-all/eprosima-fast-dds (Accessed Jul.
[88] Y.-S. Byun, B.-H. Kim, and R.-G. Jeong, “Sensor fault detection and 5, 2021).
signal restoration in intelligent vehicles,” Sensors, vol. 19, no. 15, [113] ADLINK Technology Inc. “Data distribution service.” [Online].
p. 3306, 2019. Available: https://www.adlinktech.com/en/data-distribution-service.
[89] M. T. H. Anik, R. Saini, J.-L. Danger, S. Guilley, and N. Karimi, aspx (Accessed Jul. 5, 2021).
“Failure and attack detection by digital sensors,” in Proc. IEEE Eur.
[114] R. Morita and K. Matsubara, “Dynamic binding a proper DDS
Test Symp. (ETS), 2020, pp. 1–2.
implementation for optimizing inter-node communication in ROS2,”
[90] A. Czarlinska and D. Kundur, “Attack vs. failure detection in event- in Proc. IEEE 24th Int. Conf. Embedded Real Time Comput. Syst.
driven wireless visual sensor networks,” in Proc. 9th Workshop Appl. (RTCSA), 2018, pp. 246–247.
Multimedia Security, 2007, pp. 215–220.
[115] Y. Maruyama, S. Kato, and T. Azumi, “Exploring the performance of
[91] H. Utz, S. Sablatnog, S. Enderle, and G. Kraetzschmar, “Miro-
ROS2,” in Proc. 13th Int. Conf. Embedded Softw., 2016, pp. 1–10.
middleware for mobile robot applications,” IEEE Trans. Robot. Autom.,
[116] R. Herberth, S. Körper, T. Stiesch, F. Gauterin, and O. Bringmann,
vol. 18, no. 4, pp. 493–497, Aug. 2002.
“Automated scheduling for optimal parallelization to reduce the duration
[92] J.-C. Baillie, “URBI: Towards a universal robotic low-level program-
of vehicle software updates,” IEEE Trans. Veh. Technol., vol. 68, no. 3,
ming language,” in Proc. IEEE/RSJ Int. Conf. Intell. Robots Syst.,
pp. 2921–2933, Mar. 2019.
2005, pp. 820–825.
[117] J. Lawrence, “ROS2 prevalance and security,” Rochester Inst. Technol.,
[93] D. Calisi, A. Censi, L. Iocchi, and D. Nardi, “OpenRDK: A modular
Rochester, NY, USA, Rep. CSEC 793, May 2020.
framework for robotic software development,” in Proc. IEEE/RSJ Int.
Conf. Intell. Robots Syst., 2008, pp. 1872–1877. [118] S. Corrigan, “Introduction to the controller area network (CAN),”
[94] A. Yousuf, C. C. Lehman, M. A. Mustafa, and M. M. Hayder, Texas Instrum., Dallas, TX, USA, Appl. Rep. SLOA101, Aug. 2002.
“Introducing kinematics with robot operating system (ROS),” in Proc. [119] J. Ning, J. Wang, J. Liu, and N. Kato, “Attacker identification and
Amer. Soc. Eng. Educ. Annu. Conf. Expo., 2015, pp. 26–1024. intrusion detection for in-vehicle networks,” IEEE Commun. Lett.,
[95] J. B˛edkowski, M. Pełka, K. Majek, T. Fitri, and J. Naruniec, “Open vol. 23, no. 11, pp. 1927–1930, Nov. 2019.
source robotic 3D mapping framework with ROS—Robot operating [120] B. Wang, S. Panigrahi, M. Narsude, and A. Mohanty, “Driver identifi-
system, PCL—Point cloud library and cloud compare,” in Proc. Int. cation using vehicle telematics data,” SAE Techn. Paper, Warrendale,
Conf. Elect. Eng. Informat. (ICEEI), 2015, pp. 1–18. PA, USA, Rep. 2017-01-1372, Jan. 2017.
[96] Z. An, L. Hao, Y. Liu, and L. Dai, “Development of mobile robot [121] C. Young, J. Zambreno, H. Olufowobi, and G. Bloom, “Survey of
SLAM based on ROS,” Int. J. Mech. Eng. Robot. Res., vol. 5, no. 1, automotive controller area network intrusion detection systems,” IEEE
pp. 47–51, 2016. Des. Test, vol. 36, no. 6, pp. 48–55, Dec. 2019.
[97] S.-Y. Jeong et al., “A study on ROS vulnerabilities and countermeasure,” [122] C. Miller and C. Valasek, “Remote exploitation of an unaltered
in Proc. Companion ACM/IEEE Int. Conf. Human Robot Interact., passenger vehicle,” in Proc. Black Hat USA, vol. 91, 2015, pp. 1–9.
2017, pp. 147–148. [123] A. Greenberg. “The Jeep hackers are back to prove
[98] J. McClean, C. Stull, C. Farrar, and D. Mascarenas, “A preliminary car hacking can get much worse.” Aug. 2016. [Online].
cyber-physical security assessment of the robot operating system Available: https://www.wired.com/2016/08/jeep-hackers-return-high-
(ROS),” in Proc. SPIE Unmanned Syst. Technol. XV, vol. 8741, 2013, speed-steering-acceleration-hacks/ (Accessed: Jul. 5, 2021).
Art. no. 874110. [124] K. Koscher et al., “Experimental security analysis of a modern
[99] R. White, H. I. Christensen, and M. Quigley, “SROS: Securing automobile,” in Proc. IEEE Symp. Security Privacy, 2010, pp. 447–462.
ROS over the wire, in the graph, and through the kernel,” 2016, [125] S. Abbott-McCune and L. A. Shay, “Intrusion prevention system of
arXiv:1611.07060. automotive network CAN bus,” in Proc. IEEE Int. Carnahan Conf.
[100] Q. Zhang, H. Zhong, J. Cui, L. Ren, and W. Shi, “AC4AV: A flexible Security Technol. (ICCST), 2016, pp. 1–8.
and dynamic access control framework for connected and autonomous [126] M. A. Hannan, A. Hussain, and S. A. Samad, “System interface for
vehicles,” IEEE Internet Things J., vol. 8, no. 3, pp. 1946–1958, an integrated intelligent safety system (ISS) for vehicle applications,”
Feb. 2020. Sensors, vol. 10, no. 2, pp. 1141–1153, 2010.
[101] T. Kessler et al., “Bridging the gap between open source software [127] S. Liu, L. Liu, J. Tang, B. Yu, Y. Wang, and W. Shi, “Edge computing
and vehicle hardware for autonomous driving,” in Proc. IEEE Intell. for autonomous driving: Opportunities and challenges,” Proc. IEEE,
Veh. Symp. (IV), 2019, pp. 1612–1619. vol. 107, no. 8, pp. 1697–1716, Aug. 2019.
[102] D. Heß et al., “Contributions of the EU projects UnCoVerCPS and [128] A. Groll and C. Ruland, “Secure and authentic communication on
enable-S3 to highly automated driving in conflict situations,” in Proc. existing in-vehicle networks,” in Proc. IEEE Intell. Veh. Symp., 2009,
Annu. Conf. Amer. Assoc. Electrodiagnostic Technol., 2019, pp. 1–25. pp. 1093–1097.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7593

[129] L. Yu, J. Deng, R. R. Brooks, and S. B. Yun, “Automobile ECU design [153] H. Hasrouny, A. E. Samhat, C. Bassil, and A. Laouiti, “VANET
to avoid data tampering,” in Proc. 10th Annu. Cyber Inf. Security security challenges and solutions: A survey,” Veh. Commun., vol. 7,
Res. Conf. (CISR), 2015, pp. 1–4. pp. 7–20, Jan. 2017.
[130] P.-S. Murvay and B. Groza, “Source identification using signal char- [154] S. Park, B. Aslam, D. Turgut, and C. C. Zou, “Defense against sybil
acteristics in controller area networks,” IEEE Signal Process. Lett., attack in the initial deployment stage of vehicular ad hoc network
vol. 21, no. 4, pp. 395–399, Apr. 2014. based on roadside unit support,” Security Commun. Netw., vol. 6,
[131] Q. Wang and S. Sawhney, “VeCure: A practical security framework no. 4, pp. 523–538, 2013.
to protect the CAN bus of vehicles,” in Proc. Int. Conf. Internet [155] J. Li, H. Lu, and M. Guizani, “ACPN: A novel authentication
Things (IoT), 2014, pp. 13–18. framework with conditional privacy-preservation and non-repudiation
[132] S. Woo, H. J. Jo, and D. H. Lee, “A practical wireless attack on for VANETs,” IEEE Trans. Parallel Distrib. Syst., vol. 26, no. 4,
the connected car and security protocol for in-vehicle CAN,” IEEE pp. 938–948, Apr. 2015.
Trans. Intell. Transp. Syst., vol. 16, no. 2, pp. 993–1006, Apr. 2015. [156] Y. Yao et al., “Multi-channel based sybil attack detection in vehicular
[133] H. M. Song, H. R. Kim, and H. K. Kim, “Intrusion detection system ad hoc networks using RSSI,” IEEE Trans. Mobile Comput., vol. 18,
based on the analysis of time intervals of CAN messages for in-vehicle no. 2, pp. 362–375, Feb. 2019.
network,” in Proc. Int. Conf. Inf. Netw. (ICOIN), 2016, pp. 63–68. [157] X. Feng, C.-Y. Li, D.-X. Chen, and J. Tang, “A method for defensing
[134] A. Taylor, N. Japkowicz, and S. Leblanc, “Frequency-based anomaly against multi-source sybil attacks in VANET,” Peer-to-Peer Netw.
detection for the automotive CAN bus,” in Proc. World Congr. Ind. Appl., vol. 10, no. 2, pp. 305–314, 2017.
Control Syst. Security (WCICSS), 2015, pp. 45–49. [158] S.-H. Seo, J. Won, S. Sultana, and E. Bertino, “Effective key manage-
[135] K.-T. Cho and K. G. Shin, “Fingerprinting electronic control units for ment in dynamic wireless sensor networks,” IEEE Trans. Inf. Forensics
vehicle intrusion detection,” in Proc. 25th USENIX Security Symp. Security, vol. 10, no. 2, pp. 371–383, Feb. 2015.
(USENIX Security), 2016, pp. 911–927. [159] T. Oulhaci, M. Omar, F. Harzine, and I. Harfi, “Secure and distributed
[136] M. Marchetti and D. Stabili, “Anomaly detection of CAN bus messages certification system architecture for safety message authentication in
through analysis of ID sequences,” in Proc. IEEE Intell. Veh. Symp. VANET,” Telecommun. Syst., vol. 64, no. 4, pp. 679–694, 2017.
(IV), 2017, pp. 1577–1583. [160] J. T. Curran and A. Broumendan, “On the use of low-cost IMUs
[137] A. Taylor, S. Leblanc, and N. Japkowicz, “Anomaly detection in auto- for GNSS spoofing detection in vehicular applications,” in Proc. Int.
mobile control network data with long short-term memory networks,” in Tech. Symp. Navig. Timing (ITSNT), 2017, pp. 1–8.
Proc. IEEE Int. Conf. Data Sci. Adv. Anal. (DSAA), 2016, pp. 130–139. [161] Q. Wang, Z. Lu, M. Gao, and G. Qu, “Edge computing based GPS
[138] M.-J. Kang and J.-W. Kang, “Intrusion detection system using deep spoofing detection methods,” in Proc. IEEE 23rd Int. Conf. Digit.
neural network for in-vehicle network security,” PloS ONE, vol. 11, Signal Process. (DSP), 2018, pp. 1–5.
no. 6, 2016, Art. no. e0155781.
[162] M.-C. Chuang and J.-F. Lee, “TEAM: Trust-extended authentication
[139] M. Markovitz and A. Wool, “Field classification, modeling and anomaly mechanism for vehicular ad hoc networks,” IEEE Syst. J., vol. 8,
detection in unknown CAN bus networks,” Veh. Commun., vol. 9, no. 3, pp. 749–758, Sep. 2014.
pp. 43–52, Jul. 2017.
[163] A. Arsalan and R. A. Rehman, “Prevention of timing attack in
[140] Bosch Global, “CAN with flexible data-rate specification version 1.0,” software defined named data network with VANETs,” in Proc. Int.
Robert Bosch GmbH, Gerlingen, Germany, Rep. 1.0, Apr. 2012. Conf. Frontiers Inf. Technol. (FIT), 2018, pp. 247–252.
[141] Bosch Global. [Online]. Available: https://www.bosch.com (Accessed:
[164] A. Perrig, R. Canetti, J. D. Tygar, and D. Song, “The Tesla broadcast
Jul. 5, 2021).
authentication protocol,” RSA CryptoBytes, vol. 5, no. 2, pp. 2–13,
[142] F. Hartwich, “CAN with flexible data-rate,” in Proc. 13th Int. CAN 2002.
Conf. (ICC), 2012, pp. 1–9.
[165] A. Studer, F. Bai, B. Bellur, and A. Perrig, “Flexible, extensible, and
[143] Bosch Global, “CAN specification version 2.0,” Robert Bosch GmbH, efficient VANET authentication,” J. Commun. Netw., vol. 11, no. 6,
Gerlingen, Germany, Rep. 2.0, Sep. 1991. pp. 574–588, 2009.
[144] S. Woo, H. J. Jo, I. S. Kim, and D. H. Lee, “A practical security
[166] P. Liu, B. Liu, Y. Sun, B. Zhao, and I. You, “Mitigating DoS
architecture for in-vehicle CAN-FD,” IEEE Trans. Intell. Transp. Syst.,
attacks against pseudonymous authentication through puzzle-based co-
vol. 17, no. 8, pp. 2248–2261, Aug. 2016.
authentication in 5G-VANET,” IEEE Access, vol. 6, pp. 20795–20806,
[145] G. Xie, L. T. Yang, W. Wu, K. Zeng, X. Xiao, and R. Li, “Security 2018.
enhancement for real-time parallel in-vehicle applications by CAN
[167] Y. Jie, M. Li, C. Guo, and L. Chen, “Dynamic defense strategy
FD message authentication,” IEEE Trans. Intell. Transp. Syst., vol. 22,
against DoS attacks over vehicular ad hoc networks based on port
no. 8, pp. 5038–5049, Aug. 2021.
hopping,” IEEE Access, vol. 6, pp. 51374–51383, 2018.
[146] G. Xie, R. Li, and S. Hu, “Security-aware obfuscated priority assignment
for CAN FD messages in real-time parallel automotive applications,” [168] Y. Gao, H. Wu, B. Song, Y. Jin, X. Luo, and X. Zeng, “A dis-
IEEE Trans. Comput.-Aided Design Integr. Circuits Syst., vol. 39, tributed network intrusion detection system for distributed denial of
no. 12, pp. 4413–4425, Dec. 2020. service attacks in vehicular ad hoc network,” IEEE Access, vol. 7,
pp. 154560–154571, 2019.
[147] G. Xie, L. T. Yang, Y. Liu, H. Luo, X. Peng, and R. Li, “Security
enhancement for real-time independent in-vehicle CAN-FD messages [169] A. M. Malla and R. K. Sahu, “Security attacks with an effective
in vehicular networks,” IEEE Trans. Veh. Technol., vol. 70, no. 6, solution for DoS attacks in VANET,” Int. J. Comput. Appl., vol. 66,
pp. 5244–5253, Jun. 2021. no. 22, pp. 45–49, 2013.
[148] T. Yu and X. Wang, “Topology verification enabled intrusion detection [170] M. J. Faghihniya, S. M. Hosseini, and M. Tahmasebi, “Security upgrade
for in-vehicle CAN-FD networks,” IEEE Commun. Lett., vol. 24, no. 1, against RREQ flooding attack by using balance index on vehicular ad
pp. 227–230, Jan. 2020. hoc network,” Wireless Netw., vol. 23, no. 6, pp. 1863–1874, 2017.
[149] Y. Xie, G. Zeng, R. Kurachi, H. Takada, and G. Xie, “Security/timing- [171] S. M. Safi, A. Movaghar, and M. Mohammadizadeh, “A novel approach
aware design space exploration of CAN FD for automotive for avoiding wormhole attacks in VANET,” in Proc. 2nd Int. Workshop
cyber-physical systems,” IEEE Trans. Ind. Informat., vol. 15, no. 2, Comput. Sci. Eng., vol. 2, 2009, pp. 160–165.
pp. 1094–1104, Feb. 2019. [172] S. Ali, P. Nand, and S. Tiwari, “Secure message broadcasting in VANET
[150] S. Fürst and M. Bechter, “AUTOSAR for connected and autonomous over wormhole attack by using cryptographic technique,” in Proc. Int.
vehicles: The AUTOSAR adaptive platform,” in Proc. 46th Annu. Conf. Comput. Commun. Autom. (ICCCA), 2017, pp. 520–523.
IEEE/IFIP Int. Conf. Depend. Syst. Netw. Workshop (DSN-W), 2016, [173] A. Daeinabi and A. G. Rahbar, “Detection of malicious vehicles (DMV)
pp. 215–217. through monitoring in vehicular ad-hoc networks,” Multimedia Tools
[151] Y. Xiao, S. Shi, N. Zhang, W. Lou, and Y. T. Hou, “Session Appl., vol. 66, no. 2, pp. 325–338, 2013.
key distribution made practical for CAN and CAN-FD message [174] R. Baiad, O. Alhussein, H. Otrok, and S. Muhaidat, “Novel cross
authentication,” in Proc. 20th Annu. Comput. Security Appl. Conf., layer detection schemes to detect blackhole attack against QoS-OLSR
2020, pp. 681–693. protocol in VANET,” Veh. Commun., vol. 5, pp. 9–17, Jul. 2016.
[152] M. Agrawal, T. Huang, J. Zhou, and D. Chang, “CAN-FD-sec: [175] Z. A. Abdulkader, A. Abdullah, M. T. Abdullah, and Z. A. Zukarnain,
Improving security of CAN-FD protocol,” in Security and Safety “LI-AODV: Lifetime improving AODV routing for detecting and
Interplay of Intelligent Software Systems. Cham, Switzerland: Springer, removing black-hole attack from VANET,” J. Theor. Appl. Inf. Technol.,
2018, pp. 77–93. vol. 95, no. 1, pp. 1–15, 2017.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
7594 IEEE INTERNET OF THINGS JOURNAL, VOL. 9, NO. 10, MAY 15, 2022

[176] J. Cui, L. S. Liew, G. Sabaliauskaite, and F. Zhou, “A review on [200] I. A. Sumra, H. Bin Hasbullah, and J.-L. Bin AbManan, “Attacks
safety failures, security attacks, and available countermeasures for on security goals (confidentiality, integrity, availability) in VANET:
autonomous vehicles,” Ad Hoc Netw., vol. 90, pp. 101823–101836, A survey,” in Proc. Vehicular Ad Hoc Netw. Smart Cities, 2015,
Jul. 2019. pp. 51–61.
[177] L. Mokdad, J. Ben-Othman, and A. T. Nguyen, “DJAVAN: Detecting [201] F. Sakiz and S. Sen, “A survey of attacks and detection mechanisms
jamming attacks in vehicle ad hoc networks,” Perform. Eval., vol. on intelligent transportation systems: VANETs and IoV,” Ad Hoc
87, pp. 47–59, May 2015. Netw., vol. 61, pp. 33–50, Jun. 2017.
[178] D. Karagiannis and A. Argyriou, “Jamming attack detection in a pair [202] M. N. Mejri, J. Ben-Othman, and M. Hamdi, “Survey on VANET secu-
of RF communicating vehicles using unsupervised machine learning,” rity challenges and possible cryptographic solutions,” Veh. Commun.,
Veh. Commun., vol. 13, pp. 56–63, Jul. 2018. vol. 1, no. 2, pp. 53–66, 2014.
[179] L. He and W. T. Zhu, “Mitigating DoS attacks against signature-based [203] V. Bibhu, K. Roshan, K. B. Singh, and D. K. Singh, “Performance
authentication in VANETs,” in Proc. IEEE Int. Conf. Comput. Sci. analysis of black hole attack in VANET,” Int. J. Comput. Netw. Inf.
Autom. Eng. (CSAE), vol. 3, 2012, pp. 261–265. Security, vol. 4, no. 11, pp. 47–54, 2012.
[180] A. Wasef, R. Lu, X. Lin, and X. Shen, “Complementing public key [204] D. Shukla, A. Vaibhav, S. Das, and P. Johri, “Security and attack
infrastructure to secure vehicular ad hoc networks,” IEEE Wireless analysis for vehicular ad hoc network—A survey,” in Proc. Int. Conf.
Commun., vol. 17, no. 5, pp. 22–28, Oct. 2010. Comput. Commun. Autom. (ICCCA), 2016, pp. 625–630.
[181] A. K. Malhi and S. Batra, “Genetic-based framework for prevention of [205] R. Rawat and D. Sharma, “Impact of jamming attack in vehicular
masquerade and DDoS attacks in vehicular ad-hoc networks,” Security ad hoc networks,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 4,
Commun. Netw., vol. 9, no. 15, pp. 2612–2626, 2016. no. 4, pp. 457–461, 2015.
[206] A. Benslimane and H. Nguyen-Minh, “Jamming attack model and
[182] W. Li and H. Song, “ART: An attack-resistant trust management
detection method for beacons under multichannel operation in vehicular
scheme for securing vehicular ad hoc networks,” IEEE Trans. Intell.
networks,” IEEE Trans. Veh. Technol., vol. 66, no. 7, pp. 6475–6488,
Transp. Syst., vol. 17, no. 4, pp. 960–969, Apr. 2016.
Jul. 2017.
[183] M. A. Alazzawi, H. Lu, A. A. Yassin, and K. Chen, “Efficient [207] I. A. Sumra, H. Bin Hasbullah, I. Ahmad, and D. M. Alghazzawi,
conditional anonymity with message integrity and authentication in a “Classification of attacks in vehicular ad hoc network (VANET),”
vehicular ad-hoc network,” IEEE Access, vol. 7, pp. 71424–71435, Information, vol. 16, no. 5, pp. 2995–3004, 2013.
2019. [208] J. De Fuentes, A. I. González-Tablas, and A. Ribagorda, “Overview of
[184] N.-W. Lo and H.-C. Tsai, “Illusion attack on VANET applications—A security issues in vehicular ad-hoc networks,” in Handbook of Research
message plausibility problem,” in Proc. IEEE Globecom Workshops, on Mobility and Computing: Evolving Technologies and Ubiquitous
2007, pp. 1–8. Impacts. Hershey, PA, USA: IGI Global, 2011, pp. 894–911.
[185] J. Zacharias and S. Fröschle, “Misbehavior detection system in VANETs [209] I. Ali, A. Hassan, and F. Li, “Authentication and privacy schemes
using local traffic density,” in Proc. IEEE Veh. Netw. Conf. (VNC), for vehicular ad hoc networks (VANETs): A survey,” Veh. Commun.,
2018, pp. 1–4. vol. 16, pp. 45–61, Apr. 2019.
[186] X. Zhu, S. Jiang, L. Wang, and H. Li, “Efficient privacy-preserving [210] Z. Jianhong, X. Min, and L. Liying, “On the security of a secure batch
authentication for vehicular ad hoc networks,” IEEE Trans. Veh. verification with group testing for VANET,” Int. J. Netw. Security,
Technol., vol. 63, no. 2, pp. 907–919, Feb. 2014. vol. 16, no. 5, pp. 351–358, 2014.
[187] P. Cencioni and R. Di Pietro, “VIPER: A vehicle-to-infrastructure [211] D. He, S. Zeadally, B. Xu, and X. Huang, “An efficient identity-based
communication privacy enforcement protocol,” in Proc. IEEE Int. conditional privacy-preserving authentication scheme for vehicular ad
Conf. Mobile Adhoc Sensor Syst., 2007, pp. 1–6. hoc networks,” IEEE Trans. Inf. Forensics Security, vol. 10, no. 12,
[188] C. Dai, X. Xiao, Y. Ding, L. Xiao, Y. Tang, and S. Zhou, “Learning pp. 2681–2691, Dec. 2015.
based security for VANET with blockchain,” in Proc. IEEE Int. Conf. [212] M. S. Al-Kahtani, “Survey on security attacks in vehicular ad hoc
Commun. Syst. (ICCS), 2018, pp. 210–215. networks (VANETs),” in Proc. 6th Int. Conf. Signal Process. Commun.
[189] G. Guette and B. Ducourthial, “On the sybil attack detection in Syst., 2012, pp. 1–9.
VANET,” in Proc. IEEE Int. Conf. Mobile Ad Hoc Sensor Syst., 2007, [213] M. Y. Gadkari and N. B. Sambre, “VANET: Routing protocols, security
pp. 1–6. issues and simulation tools,” IOSR J. Comput. Eng., vol. 3, no. 3,
[190] T. Dimitriou, E. A. Alrashed, M. H. Karaata, and A. Hamdan, “Imposter pp. 28–38, 2012.
detection for replication attacks in mobile sensor networks,” Comput. [214] M. S. Sheikh and J. Liang, “A comprehensive survey on VANET
Netw., vol. 108, pp. 210–222, Oct. 2016. security services in traffic management system,” Wireless Commun.
[191] M. Azees, P. Vijayakumar, and L. J. Deboarh, “EAAP: Efficient Mobile Comput., vol. 2019, pp. 1–23, 2019.
anonymous authentication with conditional privacy-preserving scheme [215] P. Golle, M. Jakobsson, A. Juels, and P. Syverson, “Universal re-
for vehicular ad hoc networks,” IEEE Trans. Intell. Transport. Syst., encryption for mixnets,” in Proc. Cryptograph. Track RSA Conf., 2004,
vol. 18, no. 9, pp. 2467–2476, Sep. 2017. pp. 163–178.
[192] L. Bariah, D. Shehada, E. Salahat, and C. Y. Yeun, “Recent advances [216] B. Mokhtar and M. Azab, “Survey on security issues in vehicular ad
in VANET security: A survey,” in Proc. IEEE 82nd Veh. Technol. hoc networks,” Alexandria Eng. J., vol. 54, no. 4, pp. 1115–1126,
Conf. (VTC-Fall), 2015, pp. 1–7. 2015.
[217] “Network simulator version 2.” [Online]. Available: http://www.isi.edu/
[193] T. Trippel, O. Weisse, W. Xu, P. Honeyman, and K. Fu, “WALNUT:
nsnam/ (Accessed: Jul. 5, 2021).
Waging doubt on the integrity of MEMS accelerometers with
[218] “Network simulator version 3.” [Online]. Available: https://
acoustic injection attacks,” in Proc. IEEE Eur. Symp. Security Privacy
www.nsnam.org (Accessed: Jul. 5, 2021).
(EuroS&P), 2017, pp. 3–18.
[219] “OMNeT++.” [Online]. Available: https://www.omnetpp.org
[194] A. Rawat, S. Sharma, and R. Sushil, “VANET: Security attacks and its (Accessed: Jul. 5, 2021).
possible solutions,” J. Inf. Oper. Manag., vol. 3, no. 1, pp. 301–304, [220] “Glomosim.” [Online]. Available: https://networksimulationtools.com/
2012. glomosim/. (Accessed: Jul. 5, 2021).
[195] D. Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, [221] Eclipse Foundation. “Simulation of urban mobility (SUMO).” [Online].
S. Azodolmolky, and S. Uhlig, “Software-defined networking: A Available: https://www.eclipse.org/sumo/ (Accessed: Jul. 5, 2021).
comprehensive survey,” Proc. IEEE, vol. 103, no. 1, pp. 14–76, [222] J. Härri, F. Filali, C. Bonnet, and M. Fiore, “VanetMobiSim: Generating
Jan. 2015. realistic mobility patterns for VANETs,” in Proc. 3rd Int. Workshop
[196] L. Zhang et al., “Named data networking,” ACM SIGCOMM Comput. Veh. Ad Hoc Netw., 2006, pp. 96–97.
Commun. Rev., vol. 44, no. 3, pp. 66–73, 2014. [223] M. Piorkowski, M. Raya, A. L. Lugo, P. Papadimitratos,
[197] S. Zeadally, R. Hunt, Y.-S. Chen, A. Irwin, and A. Hassan, “Vehicular ad M. Grossglauser, and J.-P. Hubaux, “TraNS: Realistic joint traffic
hoc networks (VANETs): Status, results, and challenges,” Telecommun. and network simulator for VANETs,” ACM SIGMOBILE Mobile
Syst., vol. 50, no. 4, pp. 217–241, 2012. Comput. Commun. Rev., vol. 12, no. 1, pp. 31–33, 2008.
[198] H. C. J. Lee and V. L. L. Thing, “Port hopping for resilient [224] Matrix Laboratory (MATLAB), MathWorks Inc., Natick, MA, USA.
networks,” in Proc. IEEE 60th Veh. Technol. Conf. (VTC), vol. https://www.mathworks.com/products/matlab/ (Accessed: Jul. 5, 2021).
5, 2004, pp. 3291–3295. [225] M. B. Mollah et al., “Blockchain for the Internet of Vehicles towards
[199] K. Wang, J. Guo, and F. Li, “Singular linear space and its applications,” intelligent transportation systems: A survey,” IEEE Internet Things
Finite Fields Their Appl., vol. 17, no. 5, pp. 395–406, 2011. J., vol. 8, no. 6, pp. 4157–4185, Mar. 2021.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.
GAO et al.: AUTONOMOUS DRIVING SECURITY: STATE OF ART AND CHALLENGES 7595

[226] R. Gupta, S. Tanwar, N. Kumar, and S. Tyagi, “Blockchain-based Geng Wang received the B.S. degree in software
security attack resilience schemes for autonomous vehicles in Industry engineering from Shanxi University, Taiyuan, China,
4.0: A systematic review,” Comput. Elect. Eng., vol. 86, Sep. 2020, in 2018. He is currently pursuing the M.S. degree
Art. no. 106717. in software engineering with Xi’an University of
[227] X. Wang, C. Xu, Z. Zhou, S. Yang, and L. Sun, “A survey of Posts and Telecommunications, Xi’an, China.
blockchain-based cybersecurity for vehicular networks,” in Proc. Int. His current research interests include autonomous
Wireless Commun. Mobile Comput. (IWCMC), 2020, pp. 740–745. driving and anomaly detection of sensor data.
[228] Z. Yang, K. Yang, L. Lei, K. Zheng, and V. C. M. Leung, “Blockchain-
based decentralized trust management in vehicular networks,” IEEE
Internet Things J., vol. 6, no. 2, pp. 1495–1505, Apr. 2019.
[229] C. Zhang, W. Li, Y. Luo, and Y. Hu, “AIT: An AI-enabled trust man-
agement system for vehicular networks using blockchain technology,”
IEEE Internet Things J., vol. 8, no. 5, pp. 3157–3169, Mar. 2021.
[230] X. Zheng, M. Li, Y. Chen, J. Guo, M. Alam, and W. Hu, “Blockchain-
based secure computation offloading in vehicular networks,” IEEE
Trans. Intell. Transp. Syst., vol. 22, no. 7, pp. 4073–4087, Jul. 2021.
[231] M. Li, J. Weng, A. Yang, J.-N. Liu, and X. Lin, “Toward blockchain-
based fair and anonymous Ad dissemination in vehicular networks,”
IEEE Trans. Veh. Technol., vol. 68, no. 11, pp. 11248–11259,
Nov. 2019.
[232] S. Kudva, S. Badsha, S. Sengupta, I. Khalil, and A. Zomaya, “Towards
secure and practical consensus for blockchain based VANET,” Inf. Weisong Shi (Fellow, IEEE) received the Ph.D.
Sci., vol. 545, pp. 170–187, Feb. 2021. degree in computer architecture from Chinese
[233] Z. Ma, J. Zhang, Y. Guo, Y. Liu, X. Liu, and W. He, “An efficient decen- Academy of Sciences, Beijing, China, in 2000.
tralized key management mechanism for VANET with blockchain,” He is a Charles H. Gershenson Distinguished
IEEE Trans. Veh. Technol., vol. 69, no. 6, pp. 5836–5849, Jun. 2020. Faculty Fellow and a Full Professor of Computer
[234] Y. Chen, X. Hao, W. Ren, and Y. Ren, “Traceable and authenticated Science with Wayne State University, Detroit,
key negotiations via blockchain for vehicular communications,” Mobile MI, USA. His current research interests include
Inf. Syst., vol. 2019, Dec. 2019, Art. no. 5627497. edge computing, computer systems for autonomous
[235] K. Kaur, S. Garg, G. Kaddoum, F. Gagnon, and S. H. Ahmed, driving, mobile, and connected health.
“Blockchain-based lightweight authentication mechanism for vehicular
fog infrastructure,” in Proc. IEEE Int. Conf. Commun. workshops (ICC
Workshops), 2019, pp. 1–6.
[236] “Tesla model s driver killed in Williston Florida.” 2016. [Online].
Available: https://www.thecarcrashdetective.com/joshua-brown-tesla-
model-s-driver-killed-williston-fl/ (Accessed: Jul. 5, 2021).
[237] L. Manson. “Tesla autopilot makes model 3 crash into overturned truck.”
Jun. 2020. [Online]. Available: https://www.somagnews.com/tesla-
autopilot-makes-model-3-crash-overturned-truck/ (Accessed: Jul. 5,
2021).
[238] N. A. Stanton, P. M Salmon, G. H. Walker, and M. Stanton, “Models
and methods for collision analysis: A comparison study based on the
Uber collision with a pedestrian,” Safety Sci., vol. 120, pp. 117–128,
Dec. 2019.
Zhongmin Wang received the Ph.D. degree in
[239] National Transpotation Safety Board. “Preliminary report highway:
mechanical engineering and automation from Beijing
hwy18mh010.” 2018. [Online]. Available: https://www.ntsb.gov/
Institute of Technology, Beijing, China, in 2000.
investigations/AccidentReports/Reports/HWY18MH010-prelim.pdf
He is currently a Professor with the School of
(Accessed: Jul. 5, 2021).
Computer Science and Technology, Xi’an University
[240] A. Greenberg. “Hackers remotely kill a jeep on the highway—With
of Posts and Telecommunications, Xi’an, China. His
me in it.” Jul. 2015. [Online]. Available: https://www.wired.com/2015/
current research interests include embedded intelli-
07/hackers-remotely-kill-jeep-highway/ (Accessed: Jul. 5, 2021).
gent perception, big data processing and application,
[241] D. Z. Morris. “Tesla-stealing hack is about much more than Tesla.”
and affective computing.
Nov. 2016. [Online]. Available: https://fortune.com/2016/11/26/tesla-
stealing-hack/ (Accessed: Jul. 5, 2021).
[242] D. Sadler. “Cyber pro charged with GoGet hacking.” Feb.
2018. [Online]. Available: https://ia.acs.org.au/article/2018/cyber-pro-
charged-with-goget-hacking.html (Accessed: Jul. 5, 2021).
[243] J. Sherry, C. Lan, R. Ada Popa, and S. Ratnasamy, “Blindbox: Deep
packet inspection over encrypted traffic,” in Proc. ACM Conf. Special
Interest Group Data Commun. (SIGCOMM), 2015, pp. 213–226.
[244] L. Deri and F. Fusco, “Using deep packet inspection in cyber traffic
analysis,” in Proc. IEEE Int. Conf. Cyber Security Resilience (CSR),
2021, pp. 89–94.

Cong Gao received the Ph.D. degree in computer Yanping Chen received the Ph.D. degree in com-
architecture from Xidian University, Xi’an, China, puter architecture from Xi’an Jiaotong University,
in 2015. Xi’an, China, in 2007.
He is currently an Assistant Professor with the She is currently a Professor with the School of
School of Computer Science and Technology, Xi’an Computer Science and Technology, Xi’an University
University of Posts and Telecommunications, Xi’an. of Posts and Telecommunications, Xi’an. Her cur-
His current research interests include data sens- rent research interests include service mining, service
ing and fusion, autonomous driving, and network computing, and network management.
security.

Authorized licensed use limited to: Xi'an Univ of Posts & Telecom. Downloaded on May 07,2022 at 02:32:38 UTC from IEEE Xplore. Restrictions apply.

You might also like