Adversarial attacks are a serious threat to connected and automated vehicle technology. Adaptive cruise control and automated driving systems (ADS) use artificial neural networks to detect and classify roadway users and objects, including traffic signs, to receive relevant traffic information to perform an automated driving action such as stopping at stop sign. Therefore, it is very important for such vehicles to receive accurate information from traffic signs. However, it has been recently discovered that neural networks can be seriously impaired by adversarial attacks, posing critical safety concerns and jeopardizing wider deployment of autonomous vehicles.1
Adversarial attacks can be executed in a variety of ways. The video below shows how an adversarial patch can throw off a system when it comes into view, making it unable to classify objects correctly. Individuals stood in front of a vehicle with the adversarial patch on their shirts, ultimately making the vehicle go blind.2
Another example is something as simple as placing electrical tape on a traffic sign. You'll see in the video below where a team at McAfee tests this theory using a Tesla Model S. They place the tape in a particular location on the traffic sign resulting in the vehicle being tricked into thinking the sign reads "85mph" instead of "35mph."3
It's scary to think that something so simple could be so sinister. As innovators, it is our responsibility to consider the threats that our technology could pose. With cyberattacks becoming more and more prevalent, we must design with security in the back of our minds.
Driven by a vision for safer and smarter transportation, Connected Wise has produced a unique technology aimed to support the infrastructure to vehicle (I2V) communication using secure smart traffic signs. This system prevents any third party from jeopardizing sign recognition.
How exactly is this done? Through visual hashing.
Connected Wise uses encrypted security patches to help ADS authenticate traffic sign information by matching the distinct pattern on these patches with the associated sign information retrieved from a geo-database.
The I2V identifiers on the security patches are generated from one-way SHA-512 cryptographic visual hashing algorithm, which prevents third parties from altering the information on the traffic sign. The camera system integrated in ADS will match the security patch with the associated I2V identifier in its local geo-database when the sign is recognized. If any adversary is present on the sign, the traffic sign classification in ADS will conflict with the matched database information.
With this technology we can fight back against adversarial attacks and keep our roads safe, making us one step closer to safer and smarter transportation.
Follow us on social media as we continue to release exciting news on our developing technology for safer and smarter transportation!
1Robust Physical-World Attacks on Deep Learning Models
2Why this Dot is dangerous for self-driving cars? | Hacking autonomous driving | TechXplainer
3McAfee Demonstrates Model Hacking in the Real World