The Cybersecurity of Robotic Systems

Tom Tuunainen

Controlling a robot from a tablet computer

The market of intelligent machines, which includes autonomous robots, is growing rapidly (Pfeiffer S. 2016). The IFR report shows that over 3 million industrial robots are already operating in factories around the world (IFR 2021). Robots play a crucial role in our society, and they provide vital help in many different fields, such as the medical, industrial, and agricultural sectors.

Robots have been deployed in the medical field to be used in telemedicine, virtual care, and remote treatment concepts. They are used to perform surgeries with high accuracy and even for cardiopulmonary resuscitation (Rosen J. & Hannaford B. 2006). The industry uses robots in hazardous locations to perform dangerous tasks, and they are irreplaceable in the industrial fields of manufacturing, construction, transportation, and quality control. Robots also play a vital role in agriculture, where they have been put to toil large farm areas that have previously required hordes of workers and much hard labor (Cheein F. A. A. & Carelli R. 2013).

Robots have become smart, and they are able to perform activities much faster, safer, and with higher efficiency than humans. Despite the huge advantages of robots, some major concerns still remain. There are several concerns related to the deployment of robots in critical areas, such as the medical sector. These concerns are mainly related to security, safety, accuracy, and trust.

The security concerns of robots are primarily related to the level of protection against different types of cyberattacks, while safety concerns are related to the reduction of the likelihood of accidents. Accuracy concerns have to do with the worry of how well the intended task is performed without any faults or mistakes, while trust related concerns have to do with the level of satisfaction and the capability to accurately perform and replace humans in different activities. (Michael C., James M. & Mehdi M. 2016).

New security concerns are constantly arising, and fresh attacks that specifically target robotic systems emerge quite frequently. Attacks on the hardware of robotic systems can vary from nuisances (e.g., phishing) to very dangerous attacks (e.g., hardware trojans). If these attacks are successful, they can lead to unauthorized access, which can lead to loss of critical data or exploitation of the entire network the robot is attached to.

The Operating System (OS) of robots is very prone to Denial of Service (DOS) and Distributed Denial of Service (DDOS) attacks, while the applications on the other hand are vulnerable to a multitude of viruses, worms, software trojans, malicious code injections, and buffer overflow attacks (Clark G. W., Doran M. V. & Andel T. R. 2017).

Robotic communications are not shielded from attacks either. Jamming attacks aim to disrupt the robot-to-robot and robot-to-human communication, with the aim of jamming any sort of communication and suspending further activities. De-authentication attacks aim to temporarily, periodically, or entirely disable the robotic devices from being able to connect back to their initial operator. The aim is to hijack the robot by gaining control. Eavesdropping attacks aim to passively monitor the transmitted robotic traffic over encrypted and un-encrypted communication channels. The purpose is to collect and extract sensitive information about the system as well as its operators.

Robotic systems and platforms are vulnerable to various types of attacks, risking the disclosure, destruction, alteration and modification of sensitive information. As a result, several methods have been presented by George W. Clark & al. (2017) in order to make the security of robotic systems better. These methods include isolation of the Internet Protocol (IP) core mechanisms, along with implementing solutions for payload detection and the implementation of Integrated Circuit (IC) fingerprinting (Waksman A. & al. 2010, Agrawal D. & al. 2007). Strong multi-factor authentication (MFA), along with identification and verification processes, are also highly recommended. All of these measures prevent many cases of unauthorized access, and if the software of the robotic systems is also constantly updated, protected, monitored, and tested, we have a much better chance of securing robotic systems (Clark G. W., Doran M. V. & Andel T. R. 2017).

Implementation of an intrusion detection system (IDS) to protect robots is also highly laudable. An IDS helps to increase the level of protection against known and unknown threats that surround the field of robotics. In fact, different intrusion detection approaches have been presented in the work done by Adriano Fagiolini & al. already in 2008 . Their intrusion detection system consists of a decentralized monitoring mechanism as well as an agreement mechanism. The test results they obtained prove that an IDS connected to a robotic system can detect intrusive behavior successfully with an error rate of only 15%.

Securing robotic systems as a whole is not an easy undertaking, but neither is it an impossible task. However, robotic systems suffer from several security vulnerabilities that can be exploited, which can have drastic consequences. These can range from economical losses all the way to the loss of human lives. As such, it is necessary to protect robots from possible attacks with all means necessary. Therefore, the process of securing robotic systems should be given very high priority. Many improvements can be made to increase the security of robotic systems, and as part of future work, the design of better digital forensic solutions could shed more light on the security topics and also improve the security substantially.

About the project:

CYNIC – Cyber security in Innovation and Business Communication is a cross border project financed by Interreg Nord, Lapin liitto and Region Norrbotten. The project is a cooperation between Centria University of Applied Sciences and Luleå University of Technology. The main purpose is to identify challenges for digital business development; test, experiment, and learn about cyber security, and to explore emergent technologies.

References:

Pfeiffer S. 2016. Robots, industry 4.0 and humans, or why assembly work is more than routine work. Multidisciplinary Digital Publishing, Basel, Switzerland. Available at: https://www.mdpi.com/2075-4698/6/2/16/htm. Referenced November 16, 2021.

IFR 2021. IFR presents World Robotics 2021 reports. International Federation of Robotics, Frankfurt, Germany. Available at: https://ifr.org/ifr-press-releases/news/robot-sales-rise-again. Referenced November 16, 2021.

Rosen J. & Hannaford B. 2006. Doc at a distance. IEEE Spectrum, New York, United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=1705774. Referenced November 17, 2021.

Cheein F. A. A. & Carelli R. 2013. Agricultural robotics: unmanned robotic service units in agricultural tasks. IEEE Industrial Electronics Magazine, United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6603408. Referenced November 17, 2021.

Michael C., James M. & Mehdi M. 2016. Where machines could replace humans – and where they can’t (yet). McKinsey Quarterly, Seattle, Washington. Available at: http://dln.jaipuria.ac.in:8080/jspui/bitstream/123456789/2951/1/Where-machines-could-replace-humans-and-where-they-cant-yet.pdf. Referenced November 18, 2021.

Clark G. W., Doran M. V. & Andel T. R. 2017. Cybersecurity issues in robotics. 2017 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA), United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7929597. Referenced November 22, 2021.

Waksman A. & Sethumadhavan S. 2010. Tamper Evident Microprocessors. 2010 IEEE Symposium on Security and Privacy, United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=5504715. Referenced November 22, 2021.

Agrawal D., Baktir S., Karakoyunlu D., Rohatgi P. & Sunar B. 2007. Trojan Detection using IC Fingerprinting. 2007 IEEE Symposium on Security and Privacy, United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4223234. Referenced November 23, 2021.

Fagiolini A., Pellinacci M., Valenti G., Dini G. & Bicchi A. 2008. Consensus-based distributed intrusion detection for multi-robot systems. 2008 IEEE International Conference on Robotics and Automation, United States. Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4543196. Referenced November 23, 2021.

Tom Tuunainen
R&D Developer
Centria University of Applied Sciences
Tel. +358 40 681 7207

Facebooktwitterlinkedinmail