Abstract
To enable high-level driving automation [1], the Autonomous Driving (AD) system in an Autonomous Vehicle (AV) needs to perform centimeter-level localization of its own global positions on the map [2]. Such localization function is highly security and safety critical in the AV context, since positioning errors can directly cause an AV to drive off road or onto a wrong way. For outdoor localization, GPS is the de facto location source, and thus a direct threat is GPS spoofing, a long-existing but still unsolved security problem with practicality proven on many end systems. Fortunately, AV systems today predominantly use Multi-Sensor Fusion (MSF) algorithms [3] that are generally believed to have potential to practically defeat GPS spoofing [4]. However, no prior work has studied whether today’s MSF algorithms are indeed sufficiently secure under GPS spoofing, especially in AV settings. In this work, we perform the first study to fill this critical gap. We consider the attack goal as using GPS spoofing to cause large lateral deviations in the MSF output, i.e., deviating to left or right. This can cause the AV to drive off road or onto a wrong way.