domestic robots
play

Domestic Robots a case study on security in ubiquitous computing - PowerPoint PPT Presentation

Domestic Robots a case study on security in ubiquitous computing Thomas Knell Ubiquitous Computing Seminar 15.4.2014 Defining Robot There exists no universally accepted definition of a robot Any automatically operated machine that replaces


  1. Domestic Robots a case study on security in ubiquitous computing Thomas Knell Ubiquitous Computing Seminar 15.4.2014

  2. Defining Robot There exists no universally accepted definition of a robot Any automatically operated machine that replaces human effort, ! though it may not resemble human beings in appearance or perform functions in a humanlike manner. – Encyclopaedia Britannica A robot is a cyber-physical system with sensors, actuators and ! mobility. – A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. I can't define a robot, but I know one when I see one. ! – Joseph Engelberger (pioneer in industrial robotics) 2

  3. Example 1: Cleaning Robots Roomba MyWindoro 3

  4. Example 2: PR2 PR2 is a robotics research and development platform that lets you innovate right out of the box. No more building hardware and software from scratch. http://www.willowgarage.com/pages/pr2/overview 4

  5. Example 3: Atlas Atlas is a high mobility, humanoid robot designed to operate outdoors, even on extremely rough terrain. http://www.bostondynamics.com/robot_Atlas.html 5

  6. Perception of Robots Survey from 2007 ! 240 Participants ! What do people expect from robots?, C. Ray et al. 6

  7. Stakeholder expectations ! New appliance: The household robot ! Users may have: − Incorrect preconceptions − No point of reference to understand the robot ! Designers will have to either: − Create very intuitive products, or − Integrate training course A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. 7

  8. What is Security? ! Security: − Systems behave as intended even in the presence of an adversary ! Safety: − Systems behave as intended even in the presence of accidental failures 8

  9. Network Security Goals ! Confidentiality − Encryption ! Integrity − MAC, Digital Signature ! Availability − Redundancy, more Bandwidth And More: Authentication ! Accountability ! Non-repudiation ! Privacy ! Network Security, Bernhard Plattner 9

  10. Secure Communication Channel ! Confidential channel − No eavesdropping possible on information sent ! Authentic channel − Sender is the one he claims to be and − Content is original ! Secure channel − Authentic and confidential channel Network Security, Bernhard Plattner 10

  11. Attack Classification Active attacks Passive attacks Confidentiality Availability Integrity and Authenticity Compromise Traffic analysis Denial of Modification Replay of content service Fabrication Classification due to Steve Kent, BBN Technologies 11

  12. Timeline: Computers 1951 UNIVAC 1946 ENIAC 1944 Colossus The Future of Household Robots, T. Denning 12

  13. Timeline: Computers 1984 Apple Macintosh 1982 Commodore 64 1981 IBM PC 1977 Apple II 1974 Altair 8800 The Future of Household Robots, T. Denning 13

  14. Timeline: Computers The Future of Household Robots, T. Denning 14

  15. Timeline: Computer Security Attacks 1960-1970 Phone Phreaking The Future of Household Robots, T. Denning 15

  16. Timeline: Computer Security Attacks 1980s The 414s break into 60 Computer systems The Future of Household Robots, T. Denning 16

  17. Timeline: Computer Security Attacks 1986 “The Brain” Virus The Future of Household Robots, T. Denning 17

  18. Timeline: Computer Security Attacks 1988 Morris Worm The Future of Household Robots, T. Denning 18

  19. Timeline: Computer Security Attacks 2000s DDoS Attacks The Future of Household Robots, T. Denning 19

  20. Timeline: Computer Security Attacks ! Rootkits ! Trojan Horses ! Botnets ! Phishing ! Keyloggers ! Cross-Site Scripting ! etc. The Future of Household Robots, T. Denning 20

  21. Timeline: Computer Security Attacks Observations: ! The attack rate increases ! The attacks lag behind the technology The Future of Household Robots, T. Denning 21

  22. Timeline: Robots 1979 Robotics Institute founded at Carnegie Mellon University The Future of Household Robots, T. Denning 22

  23. Timeline: Robots 1982 WABOT-2 accompanies people on a keyboard instrument The Future of Household Robots, T. Denning 23

  24. Timeline: Robots 1986 Honda founds Humanoid Robot Division The Future of Household Robots, T. Denning 24

  25. Timeline: Robots 1999 AIBO The Future of Household Robots, T. Denning 25

  26. Timeline: Robots 2000 ASIMO The Future of Household Robots, T. Denning 26

  27. Timeline: Robots 2001 Paro therapeutic seal The Future of Household Robots, T. Denning 27

  28. Timeline: Robots 2002 Roomba The Future of Household Robots, T. Denning 28

  29. Timeline: Robots 2005 Actroid Android The Future of Household Robots, T. Denning 29

  30. Timeline: Robots 2008 Okonomiyaki Robot The Future of Household Robots, T. Denning 30

  31. Timeline: Robots Observations: ! No large-scale attacks on robot security yet Recall (computer security): ! The attack rate increases ! The attacks lag behind the technology The Future of Household Robots, T. Denning 31

  32. A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons 32

  33. Rovio ! For adults ! Telepresence ! Home surveillance ! Check up on relatives ! Follows pre-programmed IR beacons ! Controlled via web interface 33

  34. Spykee ! Toy for children ! Assembled and configured by children ! Telepresence: Parent can tuck in kids when out of town ! “Spy” robot ! Controlled via program 34

  35. Discovered Vulnerabilities 35

  36. Remote Discovery A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. 36

  37. Eavesdropping Neighbor or Hacker in a car A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. 37

  38. Intercepting Credentials (MITM) Can intercept login credentials www.spykeeworld.com A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. 38

  39. Physical Takeover ! With credentials: Drive the robot anywhere ! Access the AV stream at any time 39

  40. Possible Attacks ! Robot vandalism − Damage fragile object − Knock object off of a table − Damaging the robot itself (robot suicide) ! Manipulate Objects − Use mobility to locate (physical) key − Take image of a key − Pick up and hide key ! Eldercare − Robot used to trip an elder − Play noises and speech to confuse elder A Spotlight on Security and Privacy Risks with Future Household Robots: Attacks and Lessons, T. Denning et al. 40

  41. Mechatronic Security and Robot Authentication 41

  42. Robot as Living Individuals ! Born at some point − Has non-clonable DNA − Gets a birth certificate ! Starts usual transactions with its environment − Learning, developing its knowledge and capabilities ! Gets old − Has to be repaired, or − dies Mechatronic Security and Robot Authentication, W. Adi 42

  43. Bio-Inspired Robot Identity ! Biological mutation Permanent irremovable change − ! Electronic mutation Simulated change − ! e-DNA Generate e-DNA chain from e-Mutation − Mechatronic Security and Robot Authentication, W. Adi 43

  44. Detecting Cloning Attack ! Cloning almost impossible − Crack mutated identity − Copy all robot transactions history ! Detect Cloning Attack − Two G units with same properties − Each unit G generates new trace − G' and G'' most likely different − Both systems claim to be G � − Identification process will fail Mechatronic Security and Robot Authentication, W. Adi 44

  45. Mechatronic Security Goals ! Robot is provable witness of event ! Robot can prove having performed action ! Robot cannot falsly claim to have performed action 45

  46. Risks of Tomorrow 46

  47. Risks of Tomorrow ! Robots for elders − Exoskeleton for mobility − Lifting robot 47

  48. Risks of Tomorrow ! Robots for elders − Exoskeleton for mobility − Lifting robot ! Robots for children − As companions or as therapy for unique emotional needs 48

  49. Risks of Tomorrow ! Robots for elders − Exoskeleton for mobility − Lifting robot ! Robots for children − As companions or as therapy for unique emotional needs ! Robots that use tools 49

  50. Risks of Tomorrow ! Robots for elders − Exoskeleton for mobility − Lifting robot ! Robots for children − As companions or as therapy for unique emotional needs ! Robots that use tools ! Robots with sophisticated A.I. 50

  51. Are the Risks real? Potential types of attackers ! Terrorists ! Competitor ! Acquaintance ! ID Thief ! Prankster ! Governments 51

  52. Conclusion ! Spykee and Rovio robots are “only” toys − Security not first priority − Vulnerabilities not specific to robots Can be easily fixed ! Future robots more complex − Even developers don't understand reasons for behavior − Difficult to detect an enemy's attack − How to prevent the robot from leaking information? ! Young area of research − Lack of detailed studies − Difficult to predict technology 52

  53. Questions? 53

Recommend


More recommend