Label Hijacking in Track Consensus-Based Distributed Multi-Target Tracking

Imagine a group of friends (sensors) trying to keep track of a busy party. They are all standing in different corners of a large room, and they can only see a small slice of the room in front of them. To know where everyone is, they constantly shout updates to each other: "I see a guy in a red shirt near the door!" or "There's a woman in a blue dress by the window!"

They use a special rulebook to agree on who is who. If two friends see someone close to each other, they assume it's the same person and give them a shared name tag (a "label"). This is how Distributed Multi-Target Tracking (DMTT) works in the real world, used by everything from air traffic control to self-driving cars.

The Problem: The "Name Tag" Mix-up

The paper explains that this system has a hidden weakness. Because the friends can't see the whole room, they sometimes disagree on who is who. To fix this, they recently started using a "Track Consensus" system. This system says: "If two tracks look close enough physically, we must agree they are the same person and give them the same name."

The researchers discovered that a hacker can exploit this rule to perform a "Label Hijacking" attack.

The Attack: The Great Identity Theft

Think of the attack like a masterful case of identity theft at a party, involving three characters:

The Victim: A real person the group is tracking (e.g., a VIP guest).
The Impostor: A bad guy (or a drone) the hacker controls.
The Spy: A corrupted sensor that the hacker has taken over.

Here is how the hacker pulls off the heist in three smooth moves:

Stage 1: The "Look-Alike" (Mimicry)

The hacker watches the VIP (the Victim) and the Impostor. The hacker uses the Spy sensor to send a fake report about a "ghost" person. This ghost person walks exactly like the VIP for a few seconds. Because they are so close, the group's rulebook says, "Oh, that's the VIP!" and gives the ghost the VIP's name tag.

Stage 2: The "Disappearing Act" (The Pull-Off)

Now, the VIP walks into a blind spot (a dark corner no one can see). The hacker stops sending updates about the VIP. But the "ghost" person (the fake track) is still out in the open.
Since the VIP is gone, the group has no one else to compare the ghost to. The ghost is now the only person with the VIP's name tag. The hacker can now make the ghost walk anywhere—maybe even toward the Impostor—while still wearing the VIP's name tag.

Stage 3: The "Handover" (Injection)

The Impostor (the bad guy) walks into the room. The hacker guides the ghost to walk right up next to the Impostor. Because they are close, the group's rulebook says, "These two are the same person!"
Since the ghost has been wearing the VIP's name tag for a while, the group decides the Impostor is now the VIP.
Result: The real VIP is now tracked as a stranger with a new name, and the bad guy (Impostor) is now being tracked as the VIP. The group thinks they are protecting the VIP, but they are actually following the bad guy.

The "Stealth" Version

The paper shows two ways to do this:

The "Hard Switch": The ghost suddenly vanishes and reappears next to the Impostor. It's like a magician popping out of a box. It works, but it looks suspicious because people don't teleport.
The "Stealth" Attack (The Paper's Main Contribution): The hacker uses a smart computer algorithm (called Model Predictive Control) to make the ghost move smoothly. The ghost glides from the VIP's path to the Impostor's path, making a perfect, smooth curve. It looks so natural that even if someone checks, "Does this movement make sense?" the answer is yes. It's like a spy smoothly blending into a crowd rather than jumping over a fence.

Why This Matters

The researchers found that current security systems check if the data is correct, but they don't check if the identity is being stolen. They rely too much on "Are these two people close enough to be the same?" without asking, "Is this person moving in a way that makes sense?"

The Takeaway:
In a world where self-driving cars and drones talk to each other to avoid crashes, a hacker doesn't need to break the car's engine. They just need to trick the group into thinking the bad guy is the good guy. This paper warns us that we need to build better "identity guards" into these systems so that even if a hacker tries to swap name tags, the system catches the switch.

Here is a detailed technical summary of the paper "Label Hijacking in Track Consensus-Based Distributed Multi-Target Tracking."

1. Problem Statement

Distributed Multi-Target Tracking (DMTT) in sensor networks with limited and non-overlapping Fields of View (FoV) often suffers from label inconsistency, where different nodes assign different identities to the same physical target. To resolve this, Track-Consensus DMTT (TC-DMTT) frameworks have been developed. These systems enforce kinematic and label agreement across nodes using metric-based track matching (typically utilizing the Optimal Sub-Pattern Assignment, or OSPA, metric).

However, the security of these consensus mechanisms under adversarial conditions remains largely unexplored. The paper identifies a critical vulnerability: Label Hijacking. An adversary can inject spoofed tracks into the network to corrupt target identities. Specifically, the paper focuses on an Identity Theft Attack (ITA) where an attacker manipulates the consensus process to steal the global label of a "victim" target and transfer it to a controlled "impostor" target. This breaks track continuity and allows the impostor to operate under the victim's identity, potentially evading detection or causing misidentification in downstream decision-making.

2. Methodology

Adversarial Model

The authors assume a scenario where an attacker compromises a sensor node (Node $b$ ) and its communication channel. The attacker can:

Intercept local track estimates from the compromised node and its neighbors.
Inject spoofed tracks ( $t^*$ ) that replace the legitimate estimates of the compromised node.
Exploit the fact that non-compromised nodes cannot verify if a reported track corresponds to a physical observation within the sender's FoV (due to lack of global topology knowledge).

Attack Strategy: TC-ITA (Track-Consensus Identity-Theft Attack)

The attack is modeled as a three-stage process analogous to Range Gate Pull-Off (RGPO) deception in radar systems:

Victim Mimicry: The attacker generates a spoofed track $t^*$ that closely mimics the victim's trajectory ( $t_v$ ). It satisfies the track-matching condition $\tilde{d}^{(c)}(t_v, t^*) < c$ (where $c$ is the OSPA cut-off distance), causing the network to associate $t^*$ with the victim's label $\ell_v$ .
Label Extraction (Pull-off): When the victim enters a "blind region" (unobserved by non-compromised nodes), the attacker ensures the spoofed track $t^*$ is the only candidate for label $\ell_v$ . The attacker then maneuvers $t^*$ away from the victim's true path. Once the victim re-emerges, the distance between $t_v$ and $t^*$ exceeds $c$ , forcing the system to treat the victim as a new object (assigning a new label) while $t^*$ retains the original label $\ell_v$ .
Label Injection: The attacker maneuvers the spoofed track $t^*$ to match an impostor target ( $t_i$ ) that is visible to the network. Once $t^*$ and $t_i$ satisfy the matching condition, the label $\ell_v$ is transferred to the impostor. The spoofed track can then be discarded, leaving the impostor tracked under the stolen identity.

Stealthy Attack Generation via Model Predictive Control (MPC)

To avoid detection by motion-consistency checks, the authors propose a stealthy realization of the attack using MPC. Instead of a "hard-switch" (abruptly stopping transmission and restarting), the attacker solves a constrained optimal control problem to generate a smooth trajectory for $t^*$ that:

Converges smoothly toward the impostor target.
Maintains a safe separation distance from the reappearing victim target.
Adheres to physical constraints (velocity $v_{max}$ and acceleration $a_{max}$ limits).

The objective function minimizes the distance to the impostor and velocity mismatch while penalizing proximity to the victim, subject to system dynamics and physical bounds.

3. Key Contributions

Vulnerability Identification: The paper reveals that the metric-based track-matching stage in TC-DMTT is a critical attack surface, allowing for identity-level corruption without needing to break the cryptographic or communication layers.
Concept of Label Hijacking: It formalizes the concept of "Label Hijacking" and draws a principled parallel between this data-layer attack and classical radar deception (RGPO).
TC-ITA Framework: It introduces the Track-Consensus Identity-Theft Attack (TC-ITA) and demonstrates that manipulating kinematic consensus alone is sufficient to induce identity theft.
Stealthy Attack Synthesis: It proposes an MPC-based strategy to generate kinematically plausible spoofed trajectories that evade motion-consistency checks, contrasting with simpler "hard-switch" attacks.

4. Results

The authors evaluated the attack in a simulated three-node distributed sensor network tracking two targets (victim and impostor).

Hard-Switch vs. Stealthy:
- The hard-switch attack successfully hijacked the label but produced a kinematically implausible trajectory (abrupt stop/start), which might be detectable by simple motion filters.
- The stealthy (MPC) attack successfully hijacked the label while generating a smooth, physically consistent trajectory that closely followed the impostor, making it indistinguishable from legitimate tracks.
Tracking Performance Degradation:
- Label Consistency: In both attack variants, the victim's label was successfully transferred to the impostor. The network continued to track the impostor under the victim's identity.
- Cardinality Estimation: The hard-switch attack caused transient underestimation of the target count during the switch. The stealthy attack caused overestimation because the spoofed track existed as a distinct entity for part of the timeline.
- Accuracy: Both attacks significantly degraded the tracking accuracy (measured by OSPA(2) metric) compared to the nominal (no attack) scenario.

5. Significance

This work highlights a fundamental flaw in current TC-DMTT frameworks: reliance solely on metric-based matching for label consensus creates an identity-level vulnerability.

Security Implications: Even if the underlying tracking algorithms are robust to noise and clutter, they are vulnerable to adversarial manipulation of the consensus layer.
Defense Needs: The findings suggest that future DMTT systems must incorporate identity-aware protection at the consensus layer. This could involve verifying kinematic consistency across the network, detecting anomalies in track-matching patterns, or implementing cryptographic authentication for track provenance that goes beyond simple data integrity.
Broader Impact: The analogy to radar deception provides a new theoretical framework for understanding and defending against cyber-physical attacks in multi-sensor fusion systems.