Cyberattack Scenario on Cooperative Driving

Cooperative driving maneuvers expand fully-automated driving with maneuver options, that are not available in current traffic. The reliance on a common plan allows for smaller safety distance, efficient overtaking maneuvers and optimized evasive maneuvers in an emergency situation. On the downside, car-to-car-communication (Car2Car communication) opens up new possibilities for targeted cyberattacks.

With the diverse set of partners in the initialization project “Connected Mobility” as part of the Profilregion Mobilitätssysteme Karlsruhe(“Profilregion: High Performance Center for Mobility Research”), those new hacking methods are analyzed from different perspectives. To demonstrate the problem, the group of researchers initially developed a hacking scenario example on the group formation process, which takes place at the beginning of each cooperative driving maneuver. Currently, the partners are working on applicable countermeasures to prevent such cyberattacks.

The partners

The partners of the cyberattack scenario are:

• Institute for Information Processing Technologies (Institut für Technik der Informationsverarbeitung – ITIV): Simulation and architecture of hardware-oriented Car2X communication
• The Competence Center for Applied Security Technology (Kompetenzzentrum für angewandte Sicherheitstechnologie – KASTEL): Analysis of misuse cases in software, especially by cyberattacks
• Department of Measurement and Control (Institut für Mess- und Regelungstechnik – MRT) and Research Center for Information Technology (Forschungszentrum Informatik – FZI): Implementation, analysis and test of maneuver planning and control algorithms
• Fraunhofer Institute of Optronics, System Technologies and Image Exploitation (IOSB): Algorithms for group and alliance formation for cooperative maneuvers, kooperative maneuver planning and automotive simulation

The initial situation

The particularity of the developed scenario is given by the new type of attack, which in this case does not require access to any automated vehicle or infrastructure, but instead just malware installed on the driver's smartphone (or some other carried-along broadcasting device). This thus leads to a potentially high diffusion of the attack-vector onto a wide mass of vulnerable traffic participants and situations. The analyzed scenario includes a fully-automated vehicle steered by an artificial intelligence (green vehicle) and an oncoming vehicle with a human driver (red vehicle).

The malware

The function of the malware is to utilize the Car2Car communication channel to other (automated) traffic participants, and falsely identify the victim’s car as a cooperative automated vehicle. To counteract the premature discovery as malicious software, the malware analyzes the driving situation using GPS, accelerometer information and map data, and initially declines any cooperation request properly. Only in the case of a potentially dangerous situation, the malware accepts and confirms the requested cooperative maneuver. The malware's objective is to provoke such maneuvers of fully-automated vehicles, that their artificial intelligence would not have classified and executed as safe maneuvers without the (assumed) cooperation of other vehicles. However, as the human driver has no knowledge of the planned cooperative maneuver, a high-risk situation with an inevitable accident is very probable to occur.

The emergency situation 

During a drive, the fully-automated vehicle is surprised by an obstacle on its own lane (red box) as depicted in Figure 1, and forced to immediately come to a decision. The artificial intelligence of the vehicle computes three maneuver options:

1. An evasive maneuver to the right, which would result in a minor collision with the road boundary pillar
2. A collision with the unknown obstacle, which would imply an unpredictable material damage
3. An evasive maneuver to the left onto the inner opposing lane, considering the (pretended) cooperation negotiated via Car2Car with the oncoming vehicle, which would be executable without material damage

Without the option of cooperation with opposing traffic, maneuver option a) would have been the best maneuver with the lowest maneuver costs. Due to the false pretenses of cooperation by the hacked smartphone, the artificial intelligence however selects option c), where the (supposedly) cooperating vehicle changes to its right lane to leave its inner lane for the fully-automated vehicle in order to evade the obstacle.

The impact of the malware

As the human driver has no knowledge about the cooperative maneuver and therefore does not change to the outer lane according to the mediated cooperative plan, a new risk situation in Figure 2 emerges. The formerly safest maneuver now results in a new emergency situation, which most definitely leads to a higher material damage due to its considerably deteriorated maneuver options.

The artificial intelligence has to decide between the following maneuvers, because the originally second-best maneuver a) is not available anymore

2. A collision with the unknown obstacle
3. A head-on collision with the oncoming vehicle, which would result in high damage
4. Leaving the road into the roadside ditch, which would imply high material damage

Due to the false pretenses of cooperation the malware was able to alter a potentially emergency situation - but yet solvable with modest material damage - into such a risk situation, which results in a high material damage with any certainty.

The Cyberattack Scenario and OCTANE 

The presented hacking scenario shows a possible target of cyberattacks on cooperative maneuvers together with its consequences. In the course of the initialization project Connected Mobility, this and other security-critical scenarios are analyzed together with the development of countermeasures using the knowledge of the diverse project partners. The scenarios and its counteractions are simulated in OCTANE.