An Investigation of Denial of Service Attacks on Autonomous Driving Software and Hardware in Operation

TL;DR

This study examines the effects of DoS attacks, specifically ICMP floods, on autonomous driving systems and their components, revealing resilience in software but significant vulnerabilities in GNSS hardware.

Contribution

It provides experimental evidence of DoS attack impacts on AD systems and highlights hardware vulnerabilities, informing cybersecurity improvements for autonomous vehicles.

Findings

AD software shows moderate resilience to DoS attacks

GNSS-RTK device experiences drastic sample rate drops during attacks

Significant hardware vulnerabilities identified in AD localization modules

Abstract

This research investigates the impact of Denial of Service (DoS) attacks, specifically Internet Control Message Protocol (ICMP) flood attacks, on Autonomous Driving (AD) systems, focusing on their control modules. Two experimental setups were created: the first involved an ICMP flood attack on a Raspberry Pi running an AD software stack, and the second examined the effects of single and double ICMP flood attacks on a Global Navigation Satellite System Real-Time Kinematic (GNSS-RTK) device for high-accuracy localization of an autonomous vehicle that is available on the market. The results indicate a moderate impact of DoS attacks on the AD stack, where the increase in median computation time was marginal, suggesting a degree of resilience to these types of attacks. In contrast, the GNSS device demonstrated significant vulnerability: during DoS attacks, the sample rate dropped drastically to approximately 50% and 5% of the nominal rate for single and double attacker configurations, respectively. Additionally, the longest observed time increments were in the range of seconds during the attacks. These results underscore the vulnerability of AD systems to DoS attacks and the critical need for robust cybersecurity measures. This work provides valuable insights into the design requirements of AD software stacks and highlights that external hardware and modules can be significant attack surfaces.