4 research outputs found
Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)
Robots are typically not created with security as a main concern. Contrasting
to typical IT systems, cyberphysical systems rely on security to handle safety
aspects. In light of the former, classic scoring methods such as the Common
Vulnerability Scoring System (CVSS) are not able to accurately capture the
severity of robot vulnerabilities. The present research work focuses upon
creating an open and free to access Robot Vulnerability Scoring System (RVSS)
that considers major relevant issues in robotics including a) robot safety
aspects, b) assessment of downstream implications of a given vulnerability, c)
library and third-party scoring assessments and d) environmental variables,
such as time since vulnerability disclosure or exposure on the web. Finally, an
experimental evaluation of RVSS with contrast to CVSS is provided and discussed
with focus on the robotics security landscape
Robotics CTF (RCTF), a playground for robot hacking
Robots state of insecurity is onstage. There is an emerging concern about
major robot vulnerabilities and their adverse consequences. However, there is
still a considerable gap between robotics and cybersecurity domains. For the
purpose of filling that gap, the present technical report presents the Robotics
CTF (RCTF), an online playground to challenge robot security from any browser.
We describe the architecture of the RCTF and provide 9 scenarios where hackers
can challenge the security of different robotic setups. Our work empowers
security researchers to a) reproduce virtual robotic scenarios locally and b)
change the networking setup to mimic real robot targets. We advocate for hacker
powered security in robotics and contribute by open sourcing our scenarios
Aztarna, a footprinting tool for robots
Industry 4.0 is changing the commonly held assumption that robots are to be
deployed in closed and isolated networks. When analyzed from a security point
of view, the global picture is disheartening: robotics industry has not
seriously allocated effort to follow good security practices in the robots
produced. Instead, most manufacturers keep forwarding the problem to the
end-users of these machines. As learned in previous technological revolutions,
such as at the dawn of PCs or smartphones, action needs to be taken in time to
avoid disastrous consequences. In an attempt to provide the robotics and
security communities with the right tools to perform assessments, in this paper
we present aztarna, a footprinting tool for robotics. We discuss how such tool
can facilitate the process of identifying vestiges of different robots, while
maintaining an extensible structure aimed for future fingerprinting extensions.
With this contribution, we aim to raise awareness and interest of the robotics
community, robot manufacturers and robot end-users on the need of starting
global actions to embrace security. We open source the tool and disclose
preliminary results that demonstrate the current insecurity landscape in
industry. We argue that the robotic ecosystem is in need of generating a robot
security community, conscious about good practices and empowered by the right
tools
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
Robotics is becoming more and more ubiquitous, but the pressure to bring
systems to market occasionally goes at the cost of neglecting security
mechanisms during the development, deployment or while in production. As a
result, contemporary robotic systems are vulnerable to diverse attack patterns,
and an a posteriori hardening is at least challenging, if not impossible at
all. This book aims to stipulate the inclusion of security in robotics from the
earliest design phases onward and with a special focus on the cost-benefit
tradeoff that can otherwise be an inhibitor for the fast development of
affordable systems. We advocate quantitative methods of security management and
design, covering vulnerability scoring systems tailored to robotic systems, and
accounting for the highly distributed nature of robots as an interplay of
potentially very many components. A powerful quantitative approach to
model-based security is offered by game theory, providing a rich spectrum of
techniques to optimize security against various kinds of attacks. Such a
multi-perspective view on security is necessary to address the heterogeneity
and complexity of robotic systems. This book is intended as an accessible
starter for the theoretician and practitioner working in the field