SEMI-QUANTITATIVE SECURITY RISK ASSESSMENT OF ROBOTIC SYSTEMS


(Received: 2018-08-28, Revised: 2018-11-05 , Accepted: 2018-11-15)
Robots are becoming increasingly integrated in our daily lives, providing services in civilian, industrial and military applications. Many of those applications require robots to be remotely operated and controlled through communication channels. This makes the robotic system susceptible to a class of attacks targeting the connection between the controlling client and the robot, which can render the robot unavailable. The objective of our research is to identify, estimate and prioritize the risks associated with attacks targeting the availability of the robotic system. To achieve our objective, we perform an impact oriented semi-quantitative risk assessment of the loss of availability on the well-known PeopleBot™ mobile robot platform. We experimented with several well-known attacks that can target and affect the availability of the robot. To examine the cyber-physical impacts of the attacks on the robotic system, we setup a ten-goal test area and constructed a 2D map. The robot was programmed to tour the test area while being targeted by cyber-attacks. The physical impacts of the attacks are demonstrated in this paper. The results indicate that attacks can potentially lead to loss of availability which may result in serious cyber-physical consequences.

[1] I. Priyadarshini, "Cyber Security Risks in Robotics," Detecting and Mitigating Robotic Cyber Security Risks, IGI Global, pp. 333–348, 2017.

[2] J. L. Jones, N. E. Mack, D. M. Nugent and P. E. Sandin, Autonomous Floor-cleaning Robot, 2009.

[3] B. Hannaford et al., "Raven-II: An Open Platform for Surgical Robotics Research," IEEE Transactions on Biomedical Engineering, vol. 60, no. 4, pp. 954–959, 2013.

[4] H. Alemzadeh, D. Chen, X. Li, T. Kesavadas, Z. T. Kalbarczyk and R. K. Iyer, "Targeted Attacks on Teleoperated Surgical Robots: Dynamic Model-based Detection and Mitigation," Proc. of the 46th Annual IEEE/IFIP Inter. Conf. on Dependable Systems and Networks (DSN), pp. 395–406, 2016.

[5] C. Cerrudo and L. Apa, "Hacking Robots before Skynet1," IOActive Website, 2017.

[6] A. Khalid, P. Kirisci, Z. H. Khan, Z. Ghrairi, K.-D. Thoben and J. Pannek, "Security Framework for Industrial Collaborative Robotic Cyber-physical Systems," Computers in Industry, vol. 97, pp. 132–145, 2018.

[7] A. Y. Javaid, W. Sun, V. K. Devabhaktuni and M. Alam, "Cyber Security Threat Analysis and Modeling of an Unmanned Aerial Vehicle System,", Proc. of the IEEE Conference on Technologies for Homeland Security (HST), pp. 585–590, 2012.

[8] A. J. Kornecki and Z. Janusz, "Threat Modeling for Aviation Computer Security," CrossTalk, vol. 21, 2015.

[9] A. Sanfeliu Cortés, "URUS: Ubiquitous Networking Robotics for Urban Settings," Cognitive Systems Industry Day (CSID), 2008.

[10] T. Jason, S. C. Chan, G. Ngai, J. C. Cheung and V. T. Ng, "Dynamic Collaborative Robotic Platform-A Brief Introduction," Proc. of the 13th International Conference on Computer Supported Cooperative Work in Design (CSCWD 2009), pp. 125–130, 2009.

[11] Y.-H. Wei, Q. Leng, S. Han, A. K. Mok, W. Zhang and M. Tomizuka, "RT-WiFi: Real-time High-speed Communication Protocol for Wireless Cyber-physical Control Applications," Proc. of the 34th IEEE on Real-Time Systems Symposium (RTSS), pp. 140–149, 2013.

[12] D. Quarta, M. Pogliani, M. Polino, F. Maggi, A. M. Zanchettin and S. Zanero, "An Experimental Security Analysis of an Industrial Robot Controller," IEEE Symposium on Security and Privacy (SP), pp. 268–286, 2017.

[13] "PeopleBot,"[Online], Available: http://www.mobilerobots.com/ResearchRobots/PeopleBot.aspx.

[14] K. Ahmad Yousef, A. AlMajali, R. Hasan, W. Dweik and B. Mohd, "Security Risk Assessment of the PeopleBot Mobile Robot Research Platform," Proc. of the International Conference on Electrical and Computing Technologies and Applications (ICECTA), pp. 1–5, 2017.

[15] R. Blank and P. Gallagher, "NIST Special Publication 800-30 Revision 1 Guide for Conducting Risk Assessments," National Institute of Standards and Technology, 2012.

[16] J. Holliman, M. Zhivich, R. Khazan, A. Swiston and B. Telfer, "Building Low-power Trustworthy Systems: Cyber-security Considerations for Real-time Physiological Status Monitoring," Proc. of the IEEE Military Communications Conference (MILCOM 2016), pp. 1083–1089, 2016.

[17] I. Kateeb and M. Almadallah, "Risk Management Framework in Cloud Computing Security in Business and Organizations," IAJC/ISAM Joint International Conference, 2014.

[18] E. Moradian and M. Kalinina, "Decision Support for Assessment of IT-Security Risks," Proceedings of the International Conference on Security and Management (SAM), p. 1, 2013.

[19] T. Bonaci, J. Herron, T. Yusuf, J. Yan, T. Kohno and H. J. Chizeck, "To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots," arXiv preprint arXiv:1504.04339, 2015.

[20] G. Vasconcelos, G. Carrijo, R. Miani, J. Souza and V. Guizilini, "The Impact of DoS Attacks on the AR.Drone 2.0," 2016 XIII Latin American Robotics Symposium and IV Brazilian Robotics Symposium (LARS/SBR), pp. 127–132, 2016.

[21] N. Bezzo, J. Weimer, M. Pajic, O. Sokolsky, G. J. Pappas and I. Lee, "Attack Resilient State Estimation for Autonomous Robotic Systems," Proc. of the IEEE/RSJ Inter. Conf. on Intelligent Robots and Systems, pp. 3692–3698, 2014.

[22] L. T. Batson, D. R. Wimmer Jr et al., Unmanned Tactical Autonomous Control and Collaboration Threat and Vulnerability Assessment, PhD Thesis, Monterey, California: Naval Postgraduate School, 2015.

[23] A. Jones and J. Straub, "Using deep learning to detect network intrusions and malware in autonomous robots," SPIE Defense+ Security, pp. 1018505–1018505, 2017.

[24] F. Maggi, D. Quarta, M. Pogliani, M. Polino, A. M. Zanchettin and S. Zanero, "Rogue Robots: Testing the Limits of an Industrial Robot’s Security," Technical Report, Trend Micro, Politecnico di Milano, 2017.

[25] F. J. R. Lera, C. F. Llamas, Á. M. Guerrero and V. M. Olivera, "Cybersecurity of Robotics and Autonomous Systems: Privacy and Safety," Robotics-Legal, Ethical and Socioeconomic Impacts, InTech, 2017.

[26] T. Vuong et al., Cyber-physical Intrusion Detection for Robotic Vehicles, PhD Thesis, University of Greenwich, 2017.

[27] G. Loukas, T. Vuong, R. Heartfield, G. Sakellari, Y. Yoon and D. Gan, "Cloud-based Cyber-Physical Intrusion Detection for Vehicles Using Deep Learning," IEEE Access, vol. 6, pp. 3491–3508, 2018.

[28] Q. Chen, R. K. Abercrombie and F. T. Sheldon, "Risk Assessment for Industrial Control Systems Quantifying Availability Using Mean Failure Cost (MFC)," Journal of Artificial Intelligence and Soft Computing Research, vol. 5, no. 3, pp. 205–220, 2015.

[29] D. Dominic, S. Chhawri, R. M. Eustice, D. Ma and A. Weimerskirch, "Risk Assessment for Cooperative Automated Driving," Proceedings of the 2nd ACM Workshop on Cyber-Physical Systems Security and Privacy, pp. 47–58, 2016.

[30] K. M. Ahmad Yousef, A. AlMajali, S. A. Ghalyon, W. Dweik and B. J. Mohd, "Analyzing Cyber-Physical Threats on Robotic Platforms," Sensors, vol. 18, no. 5, p. 1643, 2018.

[31] H. Hüttenrauch, K. S. Eklundh, A. Green and E. A. Topp, "Investigating Spatial Relationships in Human-robot Interaction," Proc. of the IEEE/RSJ International Conference on Intelligent Robots and Systems, pp. 5052–5059, 2006.

[32] A. Chella et al., "A BCI Teleoperated Museum Robotic Guide," Proc. of the International Conference on Complex, Intelligent and Software Intensive Systems (CISIS’09), pp. 783–788, 2009.

[33] H. Kwon, K. M. A. Yousef and A. C. Kak, "Building 3D Visual Maps of Interior Space with a New Hierarchical Sensor Fusion Architecture," Robotics and Autonomous Systems, vol. 61, no. 8, pp. 749–767, 2013.

[34] K. M. Ahmad Yousef, J. Park and A. C. Kak, "Place Recognition and Self-localization in Interior Hallways by Indoor Mobile Robots: A Signature-based Cascaded Filtering Framework," Proc. of the IEEE/RSJ Inter. Conf. on Intelligent Robots and Systems (IROS 2014), pp. 4989–4996, 2014.

[35] I.-H. Kuo, E. Broadbent and B. MacDonald, "Designing a Robotic Assistant for Healthcare Applications," Proc. of the 7th Conference of Health Informatics, New Zealand, Rotorua, 2008.

[36] G. D. Morais, L. C. Neves, A. A. Masiero and M. C. F. de Castro, "Application of Myo Armband System to Control a Robot Interface, " Biosignals, pp. 227–231, 2016.

[37] K. M. Ahmad Yousef, B. J. Mohd, K. Al-Widyan and T. Hayajneh, "Extrinsic Calibration of Camera and 2D Laser Sensors without Overlap," Sensors, vol. 17, no. 10, p. 2346, 2017.

[38] "Deauthentication Attack,"[Online], Available: https://www.aircrack-ng.org/doku.php?id= deauthentication.

[39] "Kali Linux,"[Online], Available: https://www.kali.org/.

[40] M. J. Handley and E. Rescorla, "Internet Denial-of-service Considerations," 2006.

[41] V. Dey, V. Pudi, A. Chattopadhyay and Y. Elovici, "Security Vulnerabilities of Unmanned Aerial Vehicles and Countermeasures: An Experimental Study," Proc. of the 17th Inter. Conf. on Embedded Systems (VLSID) and the 31st Inter. Conf. on VLSI Design, pp. 398–403, 2018.

[42] A. G. Ozkil, Z. Fan, S. Dawids, H. Aanes, J. K. Kristensen and K. H. Christensen, "Service Robots for Hospitals: A Case Study of Transportation Tasks in a Hospital," Proc. of the IEEE International Conference on Automation and Logistics (ICAL’09), pp. 289–294, 2009.

[43] "Creating A Laser Map for ARNL,"[Online], Available: http://robots.mobilerobots.com/wiki/Creating _A_Laser_Map_for_ARNL.

[44] "This is Real Life: Robotics Company Cyberdyne Introducing ‘Service’ Robots with Artificial Intelligence,"[Online], Available: http://nationalpost.com/news/world/this-is-real-life-robotics-company-cyberdyne-introducing-service-robots-with-artificial-intelligence.

[45] "Rise of the Airport Robots,"[Online], Available: https://www.aerosociety.com/news/rise-of-the-airport-robots/.

[46] D. J. Bernstein, "SYN cookies,"[Online], Available: http://cr.yp.to/syncookies.html.