No announcement yet.

Auto Driving CTF

  • Filter
  • Time
  • Show
Clear All
new posts

  • Auto Driving CTF

    Click image for larger version

Name:	AutoDriving-sm.png
Views:	576
Size:	117.9 KB
ID:	241381


    Last year, we organized the AutoDriving CTF as an official contest of DEF CON 29 ( and did reasonably well: more than 100 teams participated and 93 teams had valid scores. Last year, due to the pandemic, the contest was online only with on-site demonstrations. All the challenges were deployed in 3D simulators. This year, we propose a hybrid event with in-person challenges on-site. We also plan to introduce some new challenges with real vehicles involved, in addition to those based on autonomous driving simulators. We hope to continue the engagement with the hacking community to raise the awareness of real-world security challenges in autonomous driving.

    The AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.

    We design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.

    The goals of the AutoDriving CTF are the followings:

    - Demonstrate security risks of poorly designed autonomous driving systems through hands-on challenges, increase the awareness of such risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
    - Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
    - Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.

    The contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year's contest will follow the style of last year and includes the following types of challenges:
    - “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,
    - “forensics”: such as investigating a security incident related to autonomous driving,
    - “detection”: such as detecting spoofed sensor inputs and fake obstacles,
    - “crashme on road!”: such as creating dangerous traffic patterns to expose logical errors in autonomous driving systems.

    Most of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL.
    The following link containssome challenge videos from AutoDriving CTF at DEF CON 29

    # What's new in 2022
    This year, we will unlock new security-critical driving scenarios such as stop-controlled and signalized intersections. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot. For example, players will be required to generate adversarial masks which will be overlayed on the surface of a stop sign to prevent the self-driving vehicle from stopping. The self-driving vehicle is equipped with a tracking component so merely hiding the stop sign in several frames will not work.

    A video demonstrating an attacked scenario is available at

    In addition to the simulation challenges, we will add challenges with real vehicles in the loop. In this setup, the vehicle under attack will be placed on a rack and the driving environment will be displayed on a monitor in front of the windshield camera. We will have the real vehicle running in a lab and players and players will interact with the vehicle by remotely manipulating the virtual surrounding environments (such as the projected road signs in front of the vehicle). The attack results will be judged based on systems logs (for open-source systems, such as openpilot) or dashboard visualizations (for closed-source vehicles).

    The following URL shows some specifications about the real vehicles

    In order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges.

    # For players
    - What do players need to do to participate AutoDriving CTF?
    Most of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.

    - What do we expect players to learn through the CTF event?
    Players can (1) gain a deep understanding of real-world autonomous driving systems' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.

    # Additional information
    Below are some materials from our first AutoDriving CTF at DEF CON 29 in 2021, which includes some challenge videos (Warning: the videos files could be large in google drive), a summary of the event and some links reporting the events.