A low-cost replica-based distance-spoofing attack on Mmwave FMCW radar

Abstract

This paper presents a low-cost distance-spoofing attack on a mmWave Frequency Modulated Continuous Wave (FMCW) radar. It uses only a replica radar chipset and a single compact microcontroller board both in mass production. No expensive and bulky test instrument is required, and hence a low-cost and lightweight attack setup is developed. Even with the limited hardware resource in this setup, the replica radar can be precisely synchronized with the target radar for distance-spoofing capability. A half-chirp modulation scheme enables timing compensation between crystal oscillators on the replica and the target radar boards. A two-step delay insertion scheme precisely controls relative delay difference between two radars at ns-order, and as a result the attacker can manipulate distance measured at target radar with only around ±10m ranging error. This demonstrates potential feasibility of low-cost malicious attack on the commercial FMCW radar as a physical security threat. A countermeasure employing random-chirp modulation is proposed and its security level is evaluated under the proposed attack for secure and safe radar ranging.