Robot Cybersecurity, a Review
Abstract
In this article we review the status of robot cybersecurity considering three sources of data: 1) recent literature, 2) questionnaires performed in top robotics forums and 3) recent research results in robot cybersecurity. Building upon a decade of experience in robotics, this article reviews the current status of cybersecurity in robotics and argues about the current challenges to secure robotic systems. Ultimately, based on the empirical results collected over a period of three years performing security assessments in robots, the present text advocates for a complementary offensive approach methodology to protect robots in a feasible and timely manner.
Keywords
Citation Metrics
Full Text:
PDFReferences
Alhazmi, O., Malaiya, Y., & Ray, I. (2007). Measuring, analyzing, and predicting security vulnerabilities in software systems. Computers & Security, 26(3), 219 - 228. https://doi.org/10.1016/j.cose.2006.10.002
Alzola-Kirschgens, L., Ugarte, I. Z., Uriarte, E. G., Rosas, A. M., & Vilches, V. M. (2018). Robot hazards: from safety to security. arXiv preprint arXiv:1806.06681.
Bagnara, R. (2017). Misra c, for security’s sake! arXiv preprint arXiv:1705.03517.
Balsa-Comerón, J., Guerrero-Higueras, Á. M., Rodríguez-Lera, F. J., Fernández-Llamas, C., & Matellán-Olivera, V. (2017). Cybersecurity in autonomous systems: hardening ROS using encrypted communications and semantic rules. In Iberian robotics conference (pp. 67–78).
Bilge, L., & Dumitras ̧, T. (2012). Before we knew it: An empirical study of zero-day attacks in the real world. In Proceedings of the 2012 ACM conference on computer and communications security (pp. 833– 844). New York, NY, USA: ACM. Retrieved from http://doi.acm.org/10.1145/2382196.2382284
Bozic, J., & Wotawa, F. (2017). Planning the attack! or how to use ai in security testing? In Iwaise: First international workshop on artificial intelligence in security (Vol. 50).
Breiling, B., Dieber, B., & Schartner, P. (2017, April). Secure communication for the robot operating system. In the 2017 annual IEEE international systems conference (SYSCON) (p. 1-6). https://doi.org/10.1109/SYSCON.2017.7934755
Caiazza, G. (2017). Security enhancements of robot operating systems (B.S. thesis). Università Ca’Foscari Venezia.
Caiazza, G., White, R., & Cortesi, A. (2019). Enhancing security in ROS. In Advanced Computing and Systems for Security (pp. 3–15). Springer.
Dieber, B., & Breiling, B. (2019). Security considerations in modular mobile manipulation. In 2019 third IEEE international conference on robotic computing (IRC) (pp. 70–77).
Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S., & Schartner, P. (2017, December). Security for the robot operating system. Robot. Auton. Syst., 98(C), 192–203. https://doi.org/10.1016/j.robot.2017.09.017
Dieber, B., Kacianka, S., Rass, S., & Schartner, P. (2016a). Application-level security for ROS-based applications. In Intelligent robots and systems (IROS), 2016 IEEE/RSJ international conference on (pp. 4477–4482).
Dieber, B., Kacianka, S., Rass, S., & Schartner, P. (2016b, Oct). Application-level security for ROS-based
applications. In 2016 IEEE/RSJ international conference on intelligent robots and systems (IROS) (p. 4477-4482) https://doi.org/10.1109/IROS.2016.7759659
Dieber, B., Schlotzhauer, A., & Brandstötter, M. (2017). Safety & security–erfolgsfaktoren von sensitiven robotertechnologien. e & i Elektrotechnik und Informationstechnik, 134(6), 299–303.
Dieber, B., White, R., Taurer, S., Breiling, B., Caiazza, G., Christensen, H., & Cortesi, A. (2020). Penetration testing ROS. In Robot operating system (ROS) (pp. 183–225). Springer.
Finifter, M., Akhawe, D., & Wagner, D. (2013). An empirical study of vulnerability rewards programs. In Presented as part of the 22nd USENIX security symposium (USENIX security 13) (pp. 273–288). Washington, D.C.: USENIX. Retrieved from VIEW ITEM
Goertzel, K. M., & Feldman, L. (2009). Software survivability: where safety and security converge. In Aiaa infotech@ aerospace conference and AIAA unmanned... unlimited conference (p. 1922).
Guerrero-Higueras, Á. M., DeCastro-García, N., Rodríguez-Lera, F. J., & Matellán, V. (2017). Empirical analysis of cyber-attacks to an indoor real-time localization system for autonomous robots. Computers & Security, 70, 422–435.
Ivers, J. (2017, Mar). Security vs. quality: What’s the difference? Retrieved from VIEW ITEM
Lacava, G., Marotta, A., Martinelli, F., Saracino, A., La Marra, A., Gil-Uriarte, E., & Vilches, V. M. (2020). Current research issues on cyber security in robotics.
Lera, F. J. R., Balsa, J., Casado, F., Fernández, C., Rico, F. M., & Matellán, V. (2016). Cybersecurity in autonomous systems: Evaluating the performance of hardening ROS. Málaga, Spain, 47.
Lera, F. J. R., Llamas, C. F., Guerrero, Á. M., & Olivera, V. M. (2017). Cybersecurity of robotics and autonomous systems: Privacy and safety. In Robotics-legal, ethical and socioeconomic impacts. InTech.
Lera, F. J. R., Matellán, V., Balsa, J., & Casado, F. (2016). Ciberseguridad en robots autónomos: Análisis y evaluación multiplataforma del bastionado ros. Actas Jornadas Sarteco, 571–578.
Ma, L., Mandujano, S., Song, G., & Meunier, P. (2001). Sharing vulnerability information using a taxonomically- correct, web-based cooperative database. Center for Education and Research in Information Assurance and Security, Purdue University, 3.
Mayoral-Vilches, V., Abad-Fernández, I., Pinzger, M., Rass, S., Dieber, B., Cunha, A., others (2020). Alurity, a toolbox for robot cybersecurity. arXiv preprint arXiv:2010.07759.
Mayoral-Vilches, V., Carbajo, U. A., & Gil-Uriarte, E. (2020). Industrial robot ransomware: Akerbeltz. In 2020 fourth IEEE international conference on robotic computing (IRC) (pp. 432–435).
Mayoral-Vilches, V., García-Maestro, N., Towers, M., & Gil-Uriarte, E. (2020). Devsecops in robotics. arXiv preprint arXiv:2003.10402.
Mayoral Vilches, V., Gil-Uriarte, E., Zamalloa Ugarte, I., Olalde Mendia, G., Izquierdo Pisón, R., Al- zola Kirschgens, L., Cerrudo, C. (2018). Towards an open standard for assessing the severity of robot security vulnerabilities, the robot vulnerability scoring system (RVSS). arXiv preprint arXiv:1807.10357.
Mayoral-Vilches, V., Kirschgens, L. A., Calvo, A. B., Cordero, A. H., Pisón, R. I., Vilches, D. M., . . . others (2018). Introducing the robot security framework (RSF), a standardized methodology to perform security assessments in robotics. arXiv preprint arXiv:1806.04042.
Mayoral-Vilches, V., Kirschgens, L. A., Gil-Uriarte, E., Hernández, A., & Dieber, B. (2018). Volatile memory forensics for the robot operating system. arXiv preprint arXiv:1812.09492.
Mayoral-Vilches, V., Mendia, G. O., Baskaran, X. P., Cordero, A. H., Juan, L. U. S., Gil-Uriarte, E., Kirschgens, L. A. (2018). aztarna, a footprinting tool for robots. arXiv preprint arXiv:1812.09490.
Mayoral-Vilches, V., Pinzger, M., Rass, S., Dieber, B., & Gil-Uriarte, E. (2020). Can ROS be used securely in industry? red teaming ROS-industrial. arXiv preprint arXiv:2009.08211.
Mayoral-Vilches, V., San Juan, L. U., Carbajo, U. A., Campo, R., de Cámara, X. S., Urzelai, O., Gil-Uriarte, E. (2019). Industrial robot ransomware: Akerbeltz. arXiv preprint arXiv:1912.07714.
Mayoral-Vilches, V., Usategui San Juan, L., Dieber, B., Ayucar Carbajo, U., & Gil-Uriarte, E. (2019). Introducing the robot vulnerability database (rvd). arXiv e-prints, arXiv–1912.
McClean, J., Stull, C., Farrar, C., & Mascareñas, D. (2013). A preliminary cyber-physical security assessment of the robot operating system (ROS). In Unmanned systems technology xv (Vol. 8741, p. 874110).
McQueen, M. A., McQueen, T. A., Boyer, W. F., & Chaffin, M. R. (2009, Jan). Empirical estimates and observations of 0day vulnerabilities. In 2009 42nd Hawaii international conference on system sciences (p. 1-12). https://ieeexplore.ieee.org/document/4755605
Meier, L., Honegger, D., & Pollefeys, M. (2015). Px4: A node-based multithreaded open-source robotics framework for deeply embedded platforms. In 2015 IEEE international conference on robotics and automation (ICRA) (pp. 6235–6240).
Mendia, G. O., Juan, L. U. S., Bascaran, X. P., Calvo, A. B., Cordero, A. H., Ugarte, I. Z., others (2018). Robotics CTF (RCTF), a playground for robot hacking. arXiv preprint arXiv:1810.02690.
MISRA. (2016a). Misra c:2012 addendum 2 — coverage of misra c:2012 against ISO/IEC ts 17961:2013 “c secure”. (Tech. Rep.). HORIBA MIRA Limited, Nuneaton, Warwickshire, UK, April.
MISRA. (2016b). Misra c:2012 amendment 1: “additional security guidelines for misra c: 2012,” (Tech. Rep.). HORIBA MIRA Limited, Nuneaton, Warwickshire, UK, April.
Pfleeger, C. P., & Pfleeger, S. L. (2002). Security in computing (3rd ed.). Prentice-Hall Professional Technical Reference.
Pichler, M., Dieber, B., & Pinzger, M. (2019). Can I depend on you? mapping the dependency and quality landscape of ROS packages. In 2019 third IEEE international conference on robotic computing (IRC) (pp. 78–85).
Quigley, M., Conley, K., Gerkey, B., Faust, J., Foote, T., Leibs, J., Ng, A. Y. (2009). Ros: an open-source robot operating system. In Icra workshop on open source software (Vol. 3, p. 5).
Robinson, A. (2014). The history of robotics in manufacturing. VIEW ITEM (Accessed: 2018-06-05)
Rodríguez-Lera, F. J., Matellán-Olivera, V., Balsa-Comerón, J., Guerrero-Higueras, Á. M., & Fernández-Llamas, C. (2018). Message encryption in robot operating system: Collateral effects of hardening mobile robots. Frontiers in ICT, 5, 2.
Shin, Y., Meneely, A., Williams, L., & Osborne, J. A. (2011, Nov). Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Transactions on Software Engineering, 37(6), 772-787. https://doi.org/10.1109/TSE.2010.81
Stoneburner, G. (2006, Aug). Toward a unified security-safety model. Computer, 39(8), 96-97. https://doi.org/10.1109/MC.2006.283
Swinscow-Hall, D. (2017). The interaction between safety and security. VIEW ITEM (Accessed: 2018-05-31)
Taurer, S., Dieber, B., & Schartner, P. (2018). Secure data recording and bio-inspired functional integrity for intelligent robots. In 2018 IEEE/RSJ international conference on intelligent robots and systems (IROS) (pp. 8723–8728).
Vamosi, R. (2017, Mar). Does software quality equal software security?: Synopsys. Retrieved from VIEW ITEM
Ward, D. D. (2006). Misra standards for automotive software.
White, R., Caiazza, G., Christensen, H., & Cortesi, A. (2019). Sros1: Using and developing secure ros1 systems.
In Robot operating system (ROS) (pp. 373–405). Springer.
White, R., Caiazza, G., Cortesi, A., Im Cho, Y., & Christensen, H. I. (2019). Black block recorder: Immutable black box logging for robots via blockchain. IEEE Robotics and Automation Letters, 4(4), 3812–3819.
White, R., Caiazza, G., Jiang, C., Ou, X., Yang, Z., Cortesi, A., & Christensen, H. (2019). Network reconnaissance and vulnerability excavation of secure DDS systems. In 2019 IEEE European symposium on security and privacy workshops (EUROS&PW) (pp. 57–66).
White, R., Christensen, D., Henrik, I., Quigley, D., et al. (2016). Sros: Securing ros over the wire, in the graph, and through the kernel. arXiv preprint arXiv:1611.07060.
White, R., Christensen, H. I., Caiazza, G., & Cortesi, A. (2018). Procedurally provisioned access control for robotic systems. In 2018 IEEE/RSJ international conference on intelligent robots and systems (IROS) (pp.1–9).
Young, B. (2018). The first ’killer robot’ was around back in 1979. Retrieved from VIEW ITEM
Zheng, C., Zhang, Y., Sun, Y., & Liu, Q. (2011). IVDA: International vulnerability database alliance. In 2011 second worldwide cybersecurity summit (WCS) (pp. 1–6).
Zhu, Q., Rass, S., Dieber, B., & Mayoral-Vilches, V. (2021). Cybersecurity in robotics: Challenges, quantitative modeling, and practice. arXiv preprint arXiv:2103.05789.