CSCS '20: Computer Science in Cars Symposium

Full Citation in the ACM Digital Library

SESSION: Session 1: AI, Evaluation, Testing

MonoComb: A Sparse-to-Dense Combination Approach for Monocular Scene Flow

Contrary to the ongoing trend in automotive applications towards usage of more diverse and more sensors, this work tries to solve the complex scene flow problem under a monocular camera setup, i.e. using a single sensor. Towards this end, we exploit the latest achievements in single image depth estimation, optical flow, and sparse-to-dense interpolation and propose a monocular combination approach (MonoComb) to compute dense scene flow. MonoComb uses optical flow to relate reconstructed 3D positions over time and interpolates occluded areas. This way, existing monocular methods are outperformed in dynamic foreground regions which leads to the second best result among the competitors on the challenging KITTI 2015 scene flow benchmark.

Frenet Coordinate Based Driving Maneuver Prediction at Roundabouts Using LSTM Networks

Driving maneuver prediction is a key requirement for automated vehicles to assess situations and effectively navigate in urban environments. In this paper, we present three models to predict whether a vehicle leaves a roundabout at a specific exit. We develop a Feedforward neural network (FNN), as well as two Long short-term memory (LSTM) networks for this task. We propose several concepts that generalize the models to roundabouts with different radii, layouts, and numbers of exits. For this purpose, we also introduce Frenet coordinates with circles as reference paths.

We evaluate our models based on the binary cross-entropy loss and the distance to the exit at which a reliable prediction is obtained in a leave-one-out cross-validation fashion, where one exit is always entirely used as the test set. Training and evaluation is performed on a data set of nearly 4,000 trajectories that we captured using a drone. Our best model achieves a reliable prediction on average 9.34m before an exit for class ”Leaving” and 8.13m before an exit for class ”Staying”.

A Self-Supervised Feature Map Augmentation (FMA) Loss and Combined Augmentations Finetuning to Efficiently Improve the Robustness of CNNs

Deep neural networks are often not robust to semantically-irrelevant changes in the input. In this work we address the issue of robustness of state-of-the-art deep convolutional neural networks (CNNs) against commonly occurring distortions in the input such as photometric changes, or the addition of blur and noise. These changes in the input are often accounted for during training in the form of data augmentation. We have two major contributions: First, we propose a new regularization loss called feature-map augmentation (FMA) loss which can be used during finetuning to make a model robust to several distortions in the input. Second, we propose a new combined augmentations (CA) finetuning strategy, that results in a single model that is robust to several augmentation types at the same time in a data-efficient manner. We use the CA strategy to improve an existing state-of-the-art method called stability training (ST). Using CA, on an image classification task with distorted images, we achieve an accuracy improvement of on average 8.94% with FMA and 8.86% with ST absolute on CIFAR-10 and 8.04% with FMA and 8.27% with ST absolute on ImageNet, compared to 1.98% and 2.12%, respectively, with the well known data augmentation method, while keeping the clean baseline performance.

DNN Analysis through Synthetic Data Variation

This contribution discusses the use of variational data synthesis as a tool to analyze and understand limitations of performance of DNNs (deep neural networks) in perception tasks. To date, no universally accepted methodologies for validating ML (Machine Learning) -based perception exist. Instead of aiming for the randomized acquisition of huge amounts of validation data, either from real world capture or from simulation, we propose a guided concept to analyze perception performance using systematic parameter variations.

The concept is based on parameterized, generative content used for data synthesis in our validation engine. The latter is composed of the actual data synthesis module, automated execution and evaluation of the perception function under test and a control module, which allows specification of parameter variation towards a validation goal. Further we investigate the use of physical parameters, like object occlusion rates and pixel area for the identification of critical cases for perception. We present experiments for semantic segmentation of pedestrians in an urban environment using two different DNN algorithms.

A Distributed Model-Free Ride-Sharing Algorithm with Pricing using Deep Reinforcement Learning

Modern-day ride-sharing platforms leave out drivers and customers in the decision-making process of the rides in terms of vehicle-customer matching as well as pricing. We propose a model-free Distributed Pricing-based Ride-sharing with pooling (DPRS) framework with reinforcement utility functions for both customers and drivers. The framework allows (1) drivers to choose their convenient ride based on the expected reward for this ride as well as the destination locations for future rides influenced by the supply-demand computed by the Deep Q-network, (2) customers to accept or reject rides based on their preferred pricing window, timing preferences, type of the vehicle, and convenient number of people to car pool with, (3) customer to be added to the ride queue if she/he rejects the price initiated by the driver, and (4) Influencing vehicle-passenger matching and dispatching based on prices through reinforcement learning (RL). Through our simulation of multi-agent ride-sharing with pooling platform, we show that performance of the platform significantly improved in terms of accept rate, profits of both the customers and drivers, and reduction of travel distance as well as idle time in between rides for drivers with similar profits, when compared to the state of the art ride-sharing settings that don’t consider pricing strategies or potential hotspot locations.

SESSION: Session 2: Security

Privacy by Design: Survey on Capacitive Proximity Sensing as System of Choice for Driver Vehicle Interfaces

Physiological properties are recorded everywhere with cameras. They are also used to identify people in public spaces. Vehicle manufacturers also use camera systems in cars. For example, those cameras are used in cars to identify people, measure attention and recognize gestures. Especially the recording of facial images can cause privacy concerns following the GDPR. It is therefore questionable whether the recording of facial car user images corresponds to the paradigm privacy-by-design required by the GDPR.

Nonetheless, the car user may not have privacy concerns towards the usage of cameras in vehicles. If customers have privacy concerns, vehicle manufacturers should switch to other systems. One of those systems could be capacitive proximity sensing. But capacitive proximity sensing could cause privacy concerns, too.

To assess the privacy concerns of car users, a study is conducted. More than 250 participants are recruited. They are asked to rate their privacy concerns when a camera is used in driver assistance systems. Furthermore, they are asked the same questions concerning capacitive proximity sensing. Additionally, they can choose their preferred system, capacitive proximity sensing or camera.

The exploratory study emerged due to three hypotheses of a previous paper. These hypotheses, concerning the user’s perception of privacy towards cameras, are tested for the sample. Using the test results, the hypotheses are refined. Based on the analysis of the sample, people have concerns towards cameras in vehicles and prefer capacitive proximity sensing as system of choice.

Transport Layer Scanning for Attack Surface Detection in Vehicular Networks

In the beginning of every security analysis or penetration test of a system, information about the target has to be gathered. On IT-Systems a port scan is usually performed as a first step of an investigation. Since the communication protocols differ in automotive systems, generic port scanning tools can’t be used for a security analysis of CANs.

More complex protocols have a higher likelihood of implementation errors and bugs. On CAN networks, such payloads are transferred through International Standard Transport Protocol (ISO-TP) communication. We designed a new methodology to identify ISO-TP endpoints in automotive networks. Every of these endpoints can provide exploitable application layer protocols and therefor has to be considered during penetration testing and security analysis.

We contribute a new scan approach for the automated evaluation of possible attack surfaces in automotive CAN networks which has a higher coverage and multiple advantages than state of the art approaches.

A Hybrid Model for Safety and Security Assessment of Autonomous Vehicles

The competition to invent affordable, fully functional, safe and secure vehicles is driven by multiple challenges. One of the main challenge is the safety and security verification of the developed autonomous system structures. While there are many implemented strategies to ensure the safe and secure driving mission, there are only a few methods that can assess the resulting complex system structure realistically and within a reasonable time-span under consideration of the safety and security impacts. On the one hand, there are analytical approaches, e.g. Markov methods, which are often suffering from restrictive assumptions leading to worst-case assessments. As a result costly additional safety and security elements must be included to achieve the desired level of safety and security. On the other hand, numerical methods, such as Monte-Carlo simulation, can consider complex system structures and strategies but are very time-consuming, because every change of the system must be assessed by a new simulation. Consequential, the development times are increasing exponentially with every system structure update. Therefore, new approaches must be invented to support a time-efficient and realistic assessment of autonomous system structures, which includes the consideration of the intertwined dependencies and effects of safety and security. In this paper a hybrid model is presented, that combines the analytical and numerical approach to achieve a realistic assessment, while keeping the time effort reasonable. The hybrid model especially acknowledges and models the relation between safety and security, which does have a significant influence for fully autonomous vehicles.

Grey-box Analysis and Fuzzing of Automotive Electronic Components via Control-Flow Graph Extraction

Electronic Control Units are embedded systems which control the functionality of a modern vehicle. The growing number of Electronic Control Units in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security.

To this end, we present EffCAN, a tool for ECU firmware fuzzing via Controller Area Network. EffCAN operates on the Control Flow Graph, which we extract from the firmware. The Control Flow Graph is a platform independent representation, which allows us to abstract from the often obscure underlying architecture. The Control Flow Graph is annotated with information about static data comparisons that affect the control flow of the firmware. This information is used to create initial seeds for the fuzzer. It is also used to adapt the input messages in order to cover hard to reach execution paths. We have evaluated EffCAN on three Electronic Control Units, from different manufacturers. The fuzzer was able to crash two of the units. To our knowledge, this is the first approach that uses static analysis to guide the fuzzing of automotive Electronic Control Units.

Autonomous Vehicles: Data Protection and Ethical Considerations

Autonomous vehicles (AVs) are increasingly becoming part of the emerging Intelligent Transportation Systems (ITS) and they are positioned to advance smart mobility. To enable this, new on-board sensors collect and transmit growing types and quantities of data. This raises new and unique privacy considerations around what happens with this data. As the automotive industry becomes more data-driven, getting consumer privacy rights will become increasingly important for establishing trust and customer acceptance of this technology. At the same time, the algorithmic decision making in AVs raises several new ethical issues that can create new safety risks and discriminatory outcomes. In this paper we analyze what are the new privacy and data protection challenges that emerge in AVs and investigate the ethical and liability concerns surrounding algorithmic decision-making, highlighting research gaps and the need to mitigate these issues by acting swiftly.

Security Analysis of Automotive Protocols

The technology of modern vehicles is currently undergoing a major transformation with increased communication and the introduction of new protocols. It is essential that these protocols are secure and do not allow attacks on the vehicle. In this paper, we discuss how formal models can be used to verify the security of protocols used in modern vehicles and propose new group membership authentication properties for shared key scenarios used in some automotive protocols. Our focus is on tool-based analysis for which we provide an overview of suitable tools, analyze the current status of (automotive) protocol analysis and, as an example, analyze AUTOSAR’s Secure Onboard Communication (SecOC) with the Tamarin tool. Our results show that tool-based formal analysis is a relatively quick and easy way to assess the security of protocols and can help to increase the security of modern vehicles.

HIP-20: Integration of Vehicle-HSM-Generated Credentials into Plug-and-Charge Infrastructure

Plug-and-Charge (PnC) standards such as ISO 15118-20 enable the charging of Electric Vehicles (EVs) with (nearly) no user intervention by storing authentication credentials directly in the vehicle. However, these credentials are generated in backend systems of vehicle manufacturers and charging service providers (called Mobility Operators (MOs)) making them vulnerable to attacks on corporate networks. In previous work, we proposed HIP, an ISO 15118 extension where credentials are generated in a Hardware Security Module (HSM) within the EV and the private parts of the credentials never leave the Hardware Security Module (HSM). In this paper, we propose HIP-20, which improves HIP by enabling easy integration into existing backend infrastructures and processes. HIP-20 enables support of existing Certificate Authoritiess (CAs) and established processes such as using Certificate Signing Requests (CSRs), enables credential provisioning via channels outside of ISO 15118, and makes necessary adaptations required due to changes in the new edition ISO 15118-20. Our evaluation shows that HIP-20 significantly increases security and interoperability with existing processes and infrastructures.