Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)

Robots are typically not created with security as a main concern. Contrasting to typical IT systems, cyberphysical systems rely on security to handle safety aspects. In light of the former, classic scoring methods such as the Common Vulnerability Scoring System (CVSS) are not able to accurately capture the severity of robot vulnerabilities. The present research work focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables, such as time since vulnerability disclosure or exposure on the web. Finally, an experimental evaluation of RVSS with contrast to CVSS is provided and discussed with focus on the robotics security landscape

Robotics CTF (RCTF), a playground for robot hacking

Robots state of insecurity is onstage. There is an emerging concern about major robot vulnerabilities and their adverse consequences. However, there is still a considerable gap between robotics and cybersecurity domains. For the purpose of filling that gap, the present technical report presents the Robotics CTF (RCTF), an online playground to challenge robot security from any browser. We describe the architecture of the RCTF and provide 9 scenarios where hackers can challenge the security of different robotic setups. Our work empowers security researchers to a) reproduce virtual robotic scenarios locally and b) change the networking setup to mimic real robot targets. We advocate for hacker powered security in robotics and contribute by open sourcing our scenarios

Aztarna, a footprinting tool for robots

Industry 4.0 is changing the commonly held assumption that robots are to be deployed in closed and isolated networks. When analyzed from a security point of view, the global picture is disheartening: robotics industry has not seriously allocated effort to follow good security practices in the robots produced. Instead, most manufacturers keep forwarding the problem to the end-users of these machines. As learned in previous technological revolutions, such as at the dawn of PCs or smartphones, action needs to be taken in time to avoid disastrous consequences. In an attempt to provide the robotics and security communities with the right tools to perform assessments, in this paper we present aztarna, a footprinting tool for robotics. We discuss how such tool can facilitate the process of identifying vestiges of different robots, while maintaining an extensible structure aimed for future fingerprinting extensions. With this contribution, we aim to raise awareness and interest of the robotics community, robot manufacturers and robot end-users on the need of starting global actions to embrace security. We open source the tool and disclose preliminary results that demonstrate the current insecurity landscape in industry. We argue that the robotic ecosystem is in need of generating a robot security community, conscious about good practices and empowered by the right tools

Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice

Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly distributed nature of robots as an interplay of potentially very many components. A powerful quantitative approach to model-based security is offered by game theory, providing a rich spectrum of techniques to optimize security against various kinds of attacks. Such a multi-perspective view on security is necessary to address the heterogeneity and complexity of robotic systems. This book is intended as an accessible starter for the theoretician and practitioner working in the field