[PPT] - Domestic Robots a case study on security in ubiquitous computing PowerPoint Presentation

SLIDE 1

Domestic Robots

a case study on security in ubiquitous computing

Thomas Knell Ubiquitous Computing Seminar 15.4.2014

SLIDE 2

!

Any automatically operated machine that replaces human effort, though it may not resemble human beings in appearance or perform functions in a humanlike manner. – Encyclopaedia Britannica

!

A robot is a cyber-physical system with sensors, actuators and mobility.

– A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

!

I can't define a robot, but I know one when I see one. – Joseph Engelberger (pioneer in industrial robotics)

Defining Robot

There exists no universally accepted definition of a robot

2

SLIDE 3

Example 1: Cleaning Robots

Roomba MyWindoro

3

SLIDE 4

Example 2: PR2

PR2 is a robotics research and development platform that lets you innovate right out of the box. No more building hardware and software from scratch. http://www.willowgarage.com/pages/pr2/overview

4

SLIDE 5

Example 3: Atlas

Atlas is a high mobility, humanoid robot designed to operate

utdoors, even on extremely rough terrain.

http://www.bostondynamics.com/robot_Atlas.html

5

SLIDE 6

Perception of Robots

!

Survey from 2007

!

240 Participants

What do people expect from robots?, C. Ray et al.

6

SLIDE 7

Stakeholder expectations

! New appliance: The household robot ! Users may have:

− Incorrect preconceptions − No point of reference to understand the robot

! Designers will have to either:

− Create very intuitive products, or − Integrate training course

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

7

SLIDE 8

What is Security?

! Security:

− Systems behave as intended

even in the presence of an adversary

! Safety:

− Systems behave as intended

even in the presence of accidental failures

8

SLIDE 9

Network Security Goals

! Confidentiality

− Encryption

! Integrity

− MAC, Digital Signature

! Availability

− Redundancy, more Bandwidth And More:

!

Authentication

!

Accountability

!

Non-repudiation

!

Privacy

Network Security, Bernhard Plattner

9

SLIDE 10

Secure Communication Channel

! Confidential channel

− No eavesdropping possible on information sent

! Authentic channel

− Sender is the one he claims to be and − Content is original

! Secure channel

− Authentic and confidential channel

Network Security, Bernhard Plattner

10

SLIDE 11

Attack Classification

Passive attacks

Confidentiality

Traffic analysis Compromise

f content

Active attacks

Availability Integrity and Authenticity

Denial of service Modification Fabrication Replay

Classification due to Steve Kent, BBN Technologies

11

SLIDE 12

Timeline: Computers

The Future of Household Robots, T. Denning

1951 UNIVAC 1946 ENIAC 1944 Colossus

12

SLIDE 13

Timeline: Computers

The Future of Household Robots, T. Denning

1974 Altair 8800 1977 Apple II 1981 IBM PC 1982 Commodore 64 1984 Apple Macintosh

13

SLIDE 14

Timeline: Computers

The Future of Household Robots, T. Denning

14

SLIDE 15

Timeline: Computer Security Attacks

1960-1970 Phone Phreaking

The Future of Household Robots, T. Denning

15

SLIDE 16

Timeline: Computer Security Attacks

The Future of Household Robots, T. Denning

1980s The 414s break into 60 Computer systems

16

SLIDE 17

Timeline: Computer Security Attacks

1986 “The Brain” Virus

The Future of Household Robots, T. Denning

17

SLIDE 18

Timeline: Computer Security Attacks

1988 Morris Worm

The Future of Household Robots, T. Denning

18

SLIDE 19

Timeline: Computer Security Attacks

The Future of Household Robots, T. Denning

2000s DDoS Attacks

19

SLIDE 20

Timeline: Computer Security Attacks

The Future of Household Robots, T. Denning

20

! Rootkits ! Trojan Horses ! Botnets ! Phishing ! Keyloggers ! Cross-Site Scripting ! etc.

SLIDE 21

Timeline: Computer Security Attacks

Observations:

! The attack rate increases ! The attacks lag behind the technology

The Future of Household Robots, T. Denning

21

SLIDE 22

Timeline: Robots

The Future of Household Robots, T. Denning

1979 Robotics Institute founded at Carnegie Mellon University

22

SLIDE 23

Timeline: Robots

The Future of Household Robots, T. Denning

1982 WABOT-2 accompanies people on a keyboard instrument

23

SLIDE 24

Timeline: Robots

The Future of Household Robots, T. Denning

1986 Honda founds Humanoid Robot Division

24

SLIDE 25

Timeline: Robots

The Future of Household Robots, T. Denning

25

1999 AIBO

SLIDE 26

Timeline: Robots

The Future of Household Robots, T. Denning

26

2000 ASIMO

SLIDE 27

Timeline: Robots

The Future of Household Robots, T. Denning

27

2001 Paro therapeutic seal

SLIDE 28

Timeline: Robots

The Future of Household Robots, T. Denning

2002 Roomba

28

SLIDE 29

Timeline: Robots

The Future of Household Robots, T. Denning

2005 Actroid Android

29

SLIDE 30

Timeline: Robots

The Future of Household Robots, T. Denning

2008 Okonomiyaki Robot

30

SLIDE 31

Timeline: Robots

Observations:

! No large-scale attacks on robot security yet

Recall (computer security):

! The attack rate increases ! The attacks lag behind the technology

The Future of Household Robots, T. Denning

31

SLIDE 32

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons

32

SLIDE 33

Rovio

! For adults ! Telepresence ! Home surveillance ! Check up on relatives ! Follows pre-programmed

IR beacons

! Controlled via web interface

33

SLIDE 34

Spykee

! Toy for children ! Assembled and configured

by children

! Telepresence: Parent can

tuck in kids when out of town

! “Spy” robot ! Controlled via program

34

SLIDE 35

Discovered Vulnerabilities

35

SLIDE 36

Remote Discovery

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

36

SLIDE 37

Eavesdropping

Neighbor or Hacker in a car

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

37

SLIDE 38

Intercepting Credentials (MITM)

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

Can intercept login credentials

www.spykeeworld.com 38

SLIDE 39

Physical Takeover

! With credentials: Drive the robot anywhere ! Access the AV stream at any time

39

SLIDE 40

Possible Attacks

! Robot vandalism

− Damage fragile object − Knock object off of a table − Damaging the robot itself (robot suicide)

! Manipulate Objects

− Use mobility to locate (physical) key

− Take image of a key − Pick up and hide key

! Eldercare

− Robot used to trip an elder − Play noises and speech to confuse elder

A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al.

40

SLIDE 41

Mechatronic Security and Robot Authentication

41

SLIDE 42

Robot as Living Individuals

! Born at some point

− Has non-clonable DNA − Gets a birth certificate

! Starts usual transactions with its environment

− Learning, developing its knowledge and capabilities

! Gets old

− Has to be repaired, or − dies

Mechatronic Security and Robot Authentication, W. Adi

42

SLIDE 43

! Biological mutation

−

Permanent irremovable change

! Electronic mutation

−

Simulated change

! e-DNA

−

Generate e-DNA chain from e-Mutation

Bio-Inspired Robot Identity

Mechatronic Security and Robot Authentication, W. Adi

43

SLIDE 44

Detecting Cloning Attack

! Cloning almost impossible

− Crack mutated identity − Copy all robot transactions history

! Detect Cloning Attack

− Two G units with same properties − Each unit G generates new trace − G' and G'' most likely different − Both systems claim to be G − Identification process will fail

Mechatronic Security and Robot Authentication, W. Adi

44

SLIDE 45

Mechatronic Security Goals

! Robot is provable witness of event ! Robot can prove having performed action ! Robot cannot falsly claim to have performed action

45

SLIDE 46

Risks of Tomorrow

46

SLIDE 47

Risks of Tomorrow

! Robots for elders

− Exoskeleton for mobility − Lifting robot 47

SLIDE 48

Risks of Tomorrow

! Robots for elders

− Exoskeleton for mobility − Lifting robot

! Robots for children

− As companions or as therapy

for unique emotional needs

48

SLIDE 49

Risks of Tomorrow

! Robots for elders

− Exoskeleton for mobility − Lifting robot

! Robots for children

− As companions or as therapy

for unique emotional needs

! Robots that use tools

49

SLIDE 50

Risks of Tomorrow

! Robots for elders

− Exoskeleton for mobility − Lifting robot

! Robots for children

− As companions or as therapy

for unique emotional needs

! Robots that use tools ! Robots with sophisticated A.I.

50

SLIDE 51

Are the Risks real?

Potential types of attackers

! Terrorists ! Competitor ! Acquaintance ! ID Thief ! Prankster ! Governments

51

SLIDE 52

Conclusion

! Spykee and Rovio robots are “only” toys

− Security not first priority − Vulnerabilities not specific to robots

Can be easily fixed

! Future robots more complex

− Even developers don't understand reasons for behavior − Difficult to detect an enemy's attack − How to prevent the robot from leaking information?

! Young area of research

− Lack of detailed studies − Difficult to predict technology 52

SLIDE 53

Questions?

53