Cyber-physical system security: Position spoofing in a class project on autonomous vehicles

Abstract

We present an experiment to gauge student awareness of security threats to cyber-physical systems. Students in a third-year engineering course were tasked with designing, building, and testing small, robotic vehicles that could perform basic goal seeking. Unbeknownst to the students, the indoor positioning system for the project was deliberately configured to report incorrect positional information, similar to the effect of GPS spoofing. When asked to conjecture reasons for the spurious behaviour of their robots, none of the students considered the possibility that the feedback system was sending spoofed data, despite being given case studies in cyber-physical system security earlier in the term. The results suggest that students need more direct education in threats and design considerations for security of cyber-physical systems.