Penetration Testing of Autonomous Vehicle Sensor Arrays (completed)

Starting Date: Summer 2021
Prerequisites: Python, C++, Undergraduate Student
Will results be assigned to University: No

Project Description

The adoption of autonomous vehicles is a matter of when and how, rather than if it will happen. Domestic (private) and commercial (freight) autonomous vehicles are a proven concept, with most remaining questions regarding adoption hanging on the reliability and security of said vehicles. It is well-known that side-channel attacks exploiting peripheral systems, such as entertainment systems and parking sensors, can compromise critical systems due to the insecurity of CANBUS, the common communication interface for smart-vehicle ECUs.

Less-well documented is the issue of pattern/interference injection attacks against the sensors of autonomous vehicles. LiDAR, Cameras, Odometers, and even Radar all play a part in informing autonomous vehicles of their surroundings. As the observation, processing and actioning of environmental data is critical for safe and accurate automation of vehicles, emphasis is put on throughput and speed rather than security of such devices.

The aim of this project, is to develop a penetration testing methodology, that will allow manufacturers and end users to identify methods of exploiting the sensor-suite of autonomous vehicles. You will, based on an initial analysis of sensors on the PixKit AV prototyping platform, select one or more sensors and identify interference/signal injection attacks which allow false readings to be processed by the drive computer, resulting in course deviation, stoppage or dangerous behaviour (all simulated using the PixKit drive computer decoupled from its drive system for safety reasons). You will then identify how such attacks may be identified, and appropriate remediation measures, developing an open-source utility to allow for rapid identification of said vulnerabilities for your selected sensors.

Required Skills

The ideal candidate will have well-developed Python and C++ skills, and a familiarity with simulation software such as Matlab and Simulink. They should also have a keen interest in autonomous vehicle systems development, including a working understanding of hardware systems and hardware-firmware-software interactions (especially when processing sensor input). A rigorous reporting style with an attention to detail will be required to produce the deliverables required of this project.


  • An open-source PCI-CAN compliant penetration testing utility for one or more classes of sensor (LiDAR, IMU, RADAR, FLIP Camera).
  • A recorded demonstration of exploits identified in the course of the project, using the PixKit AV platform.
  • A full reports on all lab/experiment activities.
  • A robust methodology and best practice guide for using the penetration testing software.

ISG-SCC Track Record

ISG-SCC has successfully run the UROP for the last two years. The success of the previous two years has produced a patent application (under review by patent office) and commercial demo (MVP) under development, and five research papers. Corresponding undergraduate students are named as first authors on the papers and co-inventor on the patent application. Research papers by undergraduate students have won one ‘best student paper award’, featured in a news article on Medium and being pivotal for a World Economic Forum’s project for anti-corruption project. The ethos of ISG-SCC is that undergraduate students have the talent and imagination to sort out unique and innovative solutions. They just need guidance from established researchers, and this is what ISG-SCC will provide during the UROP.