Cybersecurity in Robotics Tutorial | IROS 2021

Cybersecurity Tutorial - Demonstrating vulnerabilities and methods to protect robots

This tutorial will spot diverse cybersecurity vulnerabilities and attack patterns for robotic systems and demonstrate new quantitative methods of cybersecurity management and design. In particular, a model-based security approach with game theory will be present to address security issues related to the heterogeneity and complexity of robotic systems.

objective

Tutorial Objective

Robots are widely used in industrial production environments and increasingly in logistics, healthcare, and home appliances. Most of the traditional robot systems are being operated by a PLC and/or a specific robot controller. But even while being isolated from industrial networks (air gapped), these machines are not free from harm. Both human safety and product quality are at stake. But more increasingly flexible, autonomous and versatile robots have entered into the industrial domain. Collaborative robots are being released from their cages and put in close cooperation with humans. That positive trend also sees a significant decline in cost for robotics. Partially thanks to the availability of standard technologies, such as Internet / IoT, OPC UA, ROS, ROS 2, cloud, Azure Sphere, and the interconnectivity of the robotic systems. But most of the robotic systems lack a fundamental cybersecurity posture.

The variety of architectures, including controller operated robots, PLC operated robots, ROS operated robots, and IoT or cloud operated robots, enables the versatility and diversity of potential vulnerabilities to robotic systems. There are different approaches possible in trying to improve the robots’ cybersecurity. These have to be systematic from an industrial perspective, depending on the risk they impose on the factory and the situation. Isolation is a start, hardening access control, putting cryptographic measures in place, and improving the application security are basic measures. The robot manufacturers can ensure security-by-design for the robot controllers, the robots, and the applications instructing and controlling them. This tutorial aims to present materials on this emerging area of research and provide a multi-disciplinary perspective on cybersecurity. This tutorial will serve as a comprehensive introduction of this emerging topic for theoreticians and practitioners working in the field. This tutorial will also provide educational materials that will foster a sub-community in robotics and allow more contributors to become part of the community.

schedule

Session Scedule

(Since IROS will be held virtually this year, this tutorial will be online)

The live session will take place at 14:30 (CEST), September 27 (Monday), 2021, in Hall 14 of the IROS 2021 platform.

All attendiees are welcomed to registered to IROS first: IROS registration.

Time	Module	Speaker
14:30 - 14:35	Opening Remarks
14:35 - 15:20	1-ROS and Contemporary Cybersecurity Challenges	Benjamin Breiling
15:20 - 15:40	2.1-Quantitative Modeling and Design	Stefan Rass
15:40 - 16:00	Break
16:00 - 17:00	3-Security Practice and Design	Víctor Mayoral-Vilches
17:00 - 17:30	2.2-Quantitative Modeling and Design	Stefan Rass, Quanyan Zhu
17:30 - 18:00	Discussions and Conclusions

Module 1 presents the security challenges in robotic systems. We will introduce ROS vulnerabilities, known vulnerabilities in industrial robot systems, and the challenge of securing robots. We will also show ROS demos and penetration testing tools to demonstrate how to exploit the vulnerabilities.

Module 2 presents the security overview, common security practices and design tools for robotic systems. We will introduce materials related to penetration testing, DevSecOps, and vulnerabilities and scoring systems. (Moduel 2 will be divided into two sub-sessions.)

Module 3 focuses on the quantitative methods of modeling and design strategic defenses. This module introduces common threat models and game-theoretic frameworks that can be used for risk assessment and strategic defense design.

tutorial

Tutorial

Prerequisite knowledge

This tutorial is self-contained. Basic knowledge about distributed systems and network security is helpful but not necessary. A basic understanding of robotic systems is sufficient.

Outline

Contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This tutorial aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We aim to introduce new quantitative methods of security management and design, extending known vulnerability scoring systems to the distinguished setting of robotic systems, and accounting for the highly distributed nature of robots as an interplay of potentially very many components. A powerful quantitative approach to model-based security is offered by game theory, providing a rich spectrum of techniques to optimize security against various kinds of attacks. Such a multi-perspective view on security is necessary to address the heterogeneity and complexity of robotic systems.

Previous Tutorial History

The organizers of this tutorial have previous experiences with the following workshops and tutorials:

Workshop on Security and Privacy in Robotics, 2020 International Conference on Robotics and Automation (ICRA), May 31 – June 4, 2020, Paris, France.
CS4R Cyber Security for Robots workshop - Cybersecurity challenges in robotics, European Robotics Forum 2020, March 3rd, 2020 - 15:30 CET, Tech update session - Room 3, FYCMA - Palacio de Ferias y Congresos de Málaga, Av. de José Ortega y Gasset, 201, 29006 Málaga, Spain
CS4R Cyber Security for Robots workshop - Cybersecurity for robotics solutions, European Robotics Forum 2020, March 3rd, 2020 - 15:30 CET, Tech update session - Room 3, FYCMA - Palacio de Ferias y Congresos de Málaga, Av. de José Ortega y Gasset, 201, 29006 Málaga, Spain
ROS2 Security Workshop, 2019 ROSCon, Wednesday, 30th October 2019 (14:00-17:00), Macau, China
Doing Real-Time with ROS 2 Workshop: Capabilities and Challenges, 2019 ROSCon, Wednesday, 30th October 2019 (14:00-17:00), Macau, China
Tutorial on Game Theory Meets Network Security, 25th ACM Conference on Computer and Communications Security (CCS), Oct. 15-19, 2018, Toronto, Canada.
Tutorial on Securing Robotics with SROS2, 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems, Oct. 1-5, 2018, Madrid, Spain.

Expected attendance

We would like to accommodate as many developer and industry attendees as possible.

All attendiees are welcomed to registered to IROS first: IROS registration.

organizers

Quanyan Zhu

Associate Professor

Department of Electrical and Computer Engineering, Tandon School of Engineering, New York University

5 MetroTech Center, Brooklyn, NY, 11201

E-mail: quanyan.zhu@nyu.edu

Phone: +1 646-997-3371

Stefan Rass

Full Professor

Johannes Kepler University Linz, Secure and Correct Systems Lab

Altenbergerstraße 69, 4040 Linz, Austria

E-mail: stefan.rass80@gmail.com

Benjamin Breiling

Research Group for Robot Systems Technologies, Joanneum Research, Institute for Robotics and Mechatronics

Lakeside B13b, 9020 Klagenfurt, Austria

E-mail: bernhard.dieber@joanneum.at

Phone: +43 316 876-2027

Víctor Mayoral-Vilches

Alias Robotics

Robotics and security researcher
Venta de la Estrella 6, Pab. 130, Vitoria, 01006 Spain
Email: victor@aliasrobotics.com

Xilinx

Systems architect, robotics
Email: victorma@xilinx.com

Klagenfurt Universität

Researcher at System Security Group, Klagenfurt Universität
65-67 A-9020, Klagenfurt, Austria
Email: v1mayoralv@edu.aau.at

reference

We encourage attendiees to refer to the following references for more details in cybersecurity and robotics:

Zhu, Q., Rass, S., Dieber, B. and Mayoral-Vilches, V., 2021. Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice. Foundations and Trends® in Robotics: Vol. 9: No. 1, pp 1-129.
Vilches, V. M., 2021. Robot Cybersecurity, a review. Journal of Cyber Forensics and Advanced Threat Investigations (CFATI).
Mayoral-Vilches, V., Abad-Fernández, I., Pinzger, M., Rass, S. and Dieber, B., 2021, alurity, a toolbox for robot cybersecurity. arXiv preprint arXiv:2010.07759.
Mayoral-Vilches, V., Glera-Picón, A., Ayúcar-Carbajo, U., Rass, S., Pinzger, M., Maggi, F. and Gil-Uriarte, E., 2021. Hacking planned obsolescense in robotics, towards security-oriented robot teardown. Electronic Communications of the EASST, 80.
Rass, S., Schauer, S., König, S. and Zhu, Q., 2020. Cyber-Security in Critical Infrastructures: A Game-Theoretic Approach. Springer International Publishing.
Mayoral-Vilches, V., Pinzger, M., Rass, S., Dieber, B. and Gil-Uriarte, E., 2020. Can ROS be used securely in industry? Red teaming ROS-Industrial. arXiv preprint arXiv:2009.08211.
Dieber, B., White, R., Taurer, S., Breiling, B., Caiazza, G., Christensen, H. and Cortesi, A., 2020. Penetration testing ROS. In Robot Operating System (ROS) (pp. 183-225). Springer, Cham.
Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S. and Schartner, P., 2017. Security for the robot operating system. Robotics and Autonomous Systems, 98, pp.192-203.
Ray, I., Zhu, Q. and Haney, M., 2019. Industrial control systems security and resiliency. Springer.
Breiling, B., Dieber, B. and Schartner, P., 2017, April. Secure communication for the robot operating system. In 2017 annual IEEE international systems conference (SysCon) (pp. 1-6). IEEE.

This site is open source.