UC Irvine

Autonomous vehicles (AVs) have become close to our life. Many modules are included in AVs such as localization, perception, and planning. Among them, the localization that estimates the current location of AV is one of the most important modules. To make an AV more secure, localization results should be robust. To achieve robustness, localization uses multi-sensor fusion (MSF). MSF uses the Kalman filter to make a result robust. Also, outlier detection is added to MSF to improve results. It filters out the abnormal data from sensors. For sensors, GPS, IMU, and LiDAR are used in MSF. Among sensors, GPS is vulnerable to the spoofing attack. GPS spoofing attacks send fake signals to GPS receivers to deceive them. As a result, it is an on-going problem as to whether MSF can retain robustness when GPS is attacked. We propose an effective GPS spoofing attack method that can affect MSF result. To achieve this, we divide our attack into two steps, profiling and attack application. Also, we introduced two attack parameters, initial spoofing distance and scaling factor. We can calculate optimal and common attack parameters from profiling. We apply the common attack parameter to AVs and define success with a different threshold. To evaluate our attack, we use the data set provided by Baidu. It is a sensor-trace data set for testing MSF. By using the data set, we achieve an 100% success rate in 150 seconds and more than 66% success rate in 2 minutes. Also, we introduce possible solutions to our attack.