Mohammad Husain

Viet K. Nguyen, Nathan Lee, Mohammad Husain

Deep learning-based perception pipelines in autonomous ground vehicles are vulnerable to both adversarial manipulation and network-layer disruption. We present a systematic, on-hardware experimental evaluation of five attack classes: FGSM, PGD, man-in-the-middle (MitM), denial-of-service (DoS), and phantom attacks on low-cost autonomous vehicle platforms (JetRacer and Yahboom). Using a standardized 13-second experimental protocol and comprehensive automated logging, we systematically characterize three dimensions of attack behavior:(i) control deviation, (ii) computational cost, and (iii) runtime responsiveness. Our analysis reveals that distinct attack classes produce consistent and separable "fingerprints" across these dimensions: perception attacks (MitM output manipulation and phantom projection) generate high steering deviation signatures with nominal computational overhead, PGD produces combined steering perturbation and computational load signatures across multiple dimensions, and DoS exhibits frame rate and latency degradation signatures with minimal control-plane perturbation. We demonstrate that our fingerprinting framework generalizes across both digital attacks (adversarial perturbations, network manipulation) and environmental attacks (projected false features), providing a foundation for attack-aware monitoring systems and targeted, signature-based defense mechanisms.

Max Wolotsky, Mohammad Husain, Elisha Choe

Current alphanumeric and biometric authentication systems cannot withstand situations where a user is coerced into releasing their authentication materials under hostile circumstances. Existing approaches of coercion resistant authentication systems (CRAS) propose authentication factors such as implicit learning tasks, which are non-transferable, but still have the drawback that an attacker can force the victim (causing stress) to perform the task in order to gain unauthorized access. Alternatively, there could be cases where the user could claim that they were coerced into giving up the authentication materials, whereas in reality they acted as an insider attacker. Therefore, being able to detect stress during authentication also helps to achieve non-repudiation in such cases. To address these concerns, we need CRAS that have both the non-transferable property as well as a mechanism to detect stress related to coercion. In this paper, we study the feasibility of using Chill (intensely pleasurable) music as a stimulus to elicit unique neuro-physiological responses that can be used as an authenticating factor for CRAS. Chill music and stress are both stimuli for a neuro-chemical called Dopamine. However, they release the Dopamine at different parts of the brain, resulting in different neuro-physiological responses, which gives us both the non-transferable and stress-detection properties necessary for CRAS. We have experimentally validated our proposed Chill music based CRAS using human subjects and measuring their neuro-physiological responses on our prototype system. Based on the 100 samples collected from the subjects, we were able to successfully authenticate the subjects with an accuracy of over 90\%. Our work not only demonstrates the potential of Chill music as a unique stimulus for CRAS, but also paves the path of wider adoption of CRAS in general.