Abstract
The spread adoption of humanoid social robots in different application fields is growing the interest of hackers who could violate the privacy of people, or—even worse—threaten humans’ life from physical and emotional/social point of views. Different vectors of attack exist, which are more easily exploitable if physical access to the target robot is available. This is very likely for humanoids that typically reside in untrusted environments where physically access to the robot is allowed and expected, thus permitting anyone to exploit the Linux kernel vulnerability (e.g., through the insertion of a USB pen drive) with the objective of tampering sensitive data. The Robot Operating System (ROS) is at the core of humanoids. Thus, it is crucial for their security. The most-recent solutions introduced in ROS2, SROS, and H-ROS are not sufficient for facing powerful adversaries. In this paper, we first identify the uncovered ROS weaknesses, which are particularly worrying in the case of humanoids. Then, we present our patched ROS solution called Trusted-ROS (TROS) leveraging hardware-assisted trusted computing to shield data managed by ROS, which otherwise would reside in robot’s memory unencrypted. The design of TROS is reported, together with a prototype implementation using a simulated version of the NAO humanoid secured through an Intel SGX hardware. Finally, we evaluated the proposed solution from both security and performance perspectives in order to demonstrate the practicability of our approach.
Similar content being viewed by others
Notes
Misuse cases describe steps and scenarios which a user performs in order to accomplish a malicious act against a system.
References
Alemzadeh H, Chen D, Li X, Kesavadas T, Kalbarczyk ZT, Iyer RK (2016) Targeted attacks on teleoperated surgical robots: dynamic model-based detection and mitigation. In: DSN. IEEE Computer Society, pp 395–406 (2016)
ARM TR (2009) Security technology building a secure system using trustzone technology
Bonaci T, Herron J, Yusuf T, Yan J, Kohno T, Chizeck HJ (2015) To make a robot secure: an experimental analysis of cyber security threats against teleoperated surgical robots. CoRR arXiv:1504.04339. http://dblp.uni-trier.de/db/journals/corr/corr1504.html#BonaciHYYKC15
Breiling B, Dieber B, Schartner P (2017) Secure communication for the robot operating system. In: 2017 annual IEEE international systems conference (SysCon), pp 1–6. https://doi.org/10.1109/SYSCON.2017.7934755
Broquère X, Finzi A, Mainprice J, Rossi S, Sidobre D, Staffa M (2014) An attentional approach to human–robot interactive manipulation. Int J Soc Robot 6(4):533–553
Burattini E, Finzi A, Rossi S, Staffa M (2009) Monitoring strategies for adaptive periodic control in behavior-based robotic systems. In: Proceedings—2009 advanced technologies for enhanced quality of life, AT-EQUAL 2009, pp 130–135. https://doi.org/10.1109/AT-EQUAL.2009.34
Burattini E, Finzi A, Rossi S, Staffa M (2012) Attentional human–robot interaction in simple manipulation tasks. In: Yanco HA, Steinfeld A, Evers V, Jenkins OC (eds) HRI. ACM, New York, pp 129–130
Cavallo F, Aquilano M, Bonaccorsi M, Mannari I, Carrozza MC, Ratti PD (2011) Multidisciplinary approach for developing a new robotic system for domiciliary assistance to elderly people. In: EMBC. IEEE, pp 5327–5330
Clark GW, Doran MV, Andel TR (2017) Cybersecurity issues in robotics. In: 2017 IEEE conference on cognitive and computational aspects of situation management (CogSIMA), pp 1–5. https://doi.org/10.1109/COGSIMA.2017.7929597
Coker G, Guttman J, Loscocco P, Herzog A, Millen J, Hanlon B, Ramsdell J, Segall A, Sheehy J, Sniffen B (2011) Principles of remote attestation. Int J Inf Secur 10(2):63–81. https://doi.org/10.1007/s10207-011-0124-7
Coker G, Guttman J, Loscocco P, Sheehy J, Sniffen B (2008) Attestation: evidence and trust. In: Proceedings of the 10th international conference on information and communications security, ICICS’08. Springer, Berlin, pp 1–18. https://doi.org/10.1007/978-3-540-88625-9_1
Coppolino L, D’Antonio S, Mazzeo G, Romano L (2019) A comprehensive survey of hardware-assisted security: from the edge to the cloud. Internet Things 6:100055. https://doi.org/10.1016/j.iot.2019.100055
Coppolino L, D’Antonio S, Mazzeo G, Romano L (2017) Cloud security: emerging threats and current solutions. Comput Electr Eng 59:126–140. https://doi.org/10.1016/j.compeleceng.2016.03.004
Coppolino L, D’Antonio S, Mazzeo G, Romano L, Sgaglione L (2018) Exploiting new CPU extensions for secure exchange of ehealth data at the EU level. In: 2018 14th European dependable computing conference (EDCC), pp 17–24. https://doi.org/10.1109/EDCC.2018.00015
Dynamic root of trust in trusted computing. www.tml.tkk.fi/Publications/C/25/papers/Nie_final.pdf. Accessed 17 Apr 2018
Dieber B, Breiling B, Taurer S, Kacianka S, Rass S, Schartner P (2017) Security for the robot operating system. Rob Auton Syst 98(C):192–203. https://doi.org/10.1016/j.robot.2017.09.017
Dieber B, Kacianka S, Rass S, Schartner P (2016) Application-level security for ROS-based applications. In: 2016 IEEE/RSJ international conference on intelligent robots and systems (IROS), pp 4477–4482. https://doi.org/10.1109/IROS.2016.7759659
Elkady A, Sobh T (2012) Robotics middleware: a comprehensive literature survey and attribute-based bibliography. In: 2016 IEEE/RSJ international conference on intelligent robots and systems (IROS) (2012). https://doi.org/10.1155/2012/959013
Fetzer C, Mazzeo G, Oliver J, Romano L, Verburg M (2017) Integrating reactive cloud applications in Sereca. In: Proceedings of the 12th international conference on availability, reliability and security, ARES’17. ACM, New York, NY, USA, pp 39:1–39:8. https://doi.org/10.1145/3098954.3105820
glibc - ’realpath()’ privilege escalation. https://www.exploit-db.com/exploits/44889/. Accessed 28 June 2018
Giuliani MV, Scopelliti M, Fornara F (2005) Elderly people at home: technological help in everyday activities. In: RO-MAN. IEEE, pp 365–370
Götzfried J, Eckert M, Schinzel S, Müller T (2017) Cache attacks on Intel SGX. In: Proceedings of the 10th European workshop on systems security, EuroSec’17. ACM, New York, NY, USA, pp 2:1–2:6. https://doi.org/10.1145/3065913.3065915
Hardware robot operating system (H-ROS). https://acutronicrobotics.com/technology/som/files/Hans_CoS.pdf. Accessed 17 Apr 2018
Iengo S, Origlia A, Staffa M, Finzi A (2012) Attentional and emotional regulation in human–robot interaction. In: RO-MAN. IEEE, pp 1135–1140
Jayaram Masti R, Marforio C, Capkun S (2013) An architecture for concurrent execution of secure environments in clouds. In: Proceedings of the 2013 ACM workshop on cloud computing security workshop, CCSW’13. ACM, New York, NY, USA, pp 11–22. https://doi.org/10.1145/2517488.2517489
Kim J, Smereka JM, Cheung C, Nepal S, Grobler M (2018) Security and performance considerations in ROS 2: a balancing act. CoRR arXiv:1809.09566
King HHI, Tadano K, Donlin R, Friedman DCW, Lum MJH, Asch V, Wang C, Kawashima K, Hannaford B (2009) Preliminary protocol for interoperable telesurgery. In: ICAR. IEEE, pp 1–6
Kocher P, Genkin D, Gruss D, Haas W, Hamburg M, Lipp M, Mangard S, Prescher T, Schwarz M, Yarom Y (2018) Spectre attacks: exploiting speculative execution. CoRR arXiv:1801.01203
Maene P, Gotzfried J, de Clercq R, Muller T, Freiling F, Verbauwhede I (2017) Hardware-based trusted computing architectures for isolation and attestation. IEEE Trans Comput PP(99):1–1. https://doi.org/10.1109/TC.2017.2647955
Martignoni L, Paleari R, Bruschi D (2010) Conqueror: tamper-proof code execution on legacy systems. In: Proceedings of the 7th international conference on detection of intrusions and malware, and vulnerability assessment, DIMVA’10. Springer, Berlin, pp 21–40
Mayoral V, Hernández A, Kojcev R, Muguruza I, Zamalloa I, Bilbao A, Usategi L (2017) The shift in the robotics paradigm—the hardware robot operating system (H-ROS); an infrastructure to create interoperable robot components. In: 2017 NASA/ESA conference on adaptive hardware and systems (AHS), pp 229–236. https://doi.org/10.1109/AHS.2017.8046383
McKeen F, Alexandrovich I, Berenzon A, Rozas CV, Shafi H, Shanbhogue V, Savagaonkar UR (2013)Innovative instructions and software model for isolated execution. In: Proceedings of the 2nd international workshop on hardware and architectural support for security and privacy, HASP
Morante S, Victores J, Balaguer C (2015) Cryptobotics: why robots need cyber safety. Front. Robot. AI. https://doi.org/10.3389/frobt.2015.00023
Nocera D, Finzi A, Rossi S, Staffa M (2014) The role of intrinsic motivations in attention allocation and shifting. Front Psychol. https://doi.org/10.3389/fpsyg.2014.00273
Quigley M, Conley K, Gerkey BP, Faust J, Foote T, Leibs J, Wheeler R, Ng AY (2009) Ros: an open-source robot operating system. In: ICRA workshop on open source software
Rossi S, Santangelo G, Staffa M, Varrasi S, Conti D, Di Nuovo A (2018) Psychometric evaluation supported by a social robot: personality factors and technology acceptance. In: In the proceedings of the 27th IEEE international conference on robot and human interactive communication, Ro-MAN2018. IEEE
Rossi S, Staffa M, Tamburro A (2018) Socially assistive robot for providing recommendations: comparing a humanoid robot with a mobile application. Int J Soc Robot 10(2):265–278
Staffa M, Rossi S (2016) Recommender interfaces: the more human-like, the more humans like. In: Agah A, Cabibihan JJ, Howard AM, Salichs MA, He H (eds) ICSR, lecture notes in computer science, vol 9979, pp 200–210
Setup and configuration of the navigation stack on a robot. http://wiki.ros.org/navigation/Tutorials/RobotSetup#Base_Controller_.28base_controller.29. Accessed 25 May 2019
The new Intel Xeon scalable processor powers the future of AI. https://itpeernetwork.intel.com/xeon-scalable-powers-future-ai/. Accessed 17 Apr 2018
Tower probe USB vulnerability. https://nvd.nist.gov/vuln/detail/CVE-2017-15102. Accessed 04 May 2019
Vuong T, Loukas G, Gan D, Bezemskij A (2015) Decision tree-based detection of denial of service and command injection attacks on robotic vehicles. https://doi.org/10.1109/WIFS.2015.7368559
White R, Christensen HI, Quigley M (2016) SROS: securing ROS over the wire, in the graph, and through the kernel. CoRR arXiv:1611.07060
Xu Y, Cui W, Peinado M (2015) Controlled-channel attacks: deterministic side channels for untrusted operating systems. In: Proceedings of the 2015 IEEE symposium on security and privacy, SP’15. IEEE Computer Society, Washington, DC, USA, pp 640–656. https://doi.org/10.1109/SP.2015.45
Yu R, Hui E, Lee J, Poon D, Ng A, Sit K, Ip K, Fannie Y, Wong M, Shibata T, Woo J (2015) Use of a therapeutic, socially assistive pet robot (paro) in improving mood and stimulating social interaction and communication for people with dementia: study protocol for a randomized controlled trial. JMIR Res Protoc 4:e45. https://doi.org/10.2196/resprot.4189
Zaraki A, Khamassi M, Wood L, Lakatos G, Tzafestas C, Robins B, Dautenhahn K (2018) A novel paradigm for children as teachers to the Kaspar robot learner. In: BAILAR workshop at the 27th international symposium on robot and human interactive communication (RO-MAN 2018). Nanjing, China
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
One of the authors of this paper, Mariacarla Staffa, is part of the Editorial Board of this Special Issue. The authors declare that they have no other conflict of interest to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Mazzeo, G., Staffa, M. TROS: Protecting Humanoids ROS from Privileged Attackers. Int J of Soc Robotics 12, 827–841 (2020). https://doi.org/10.1007/s12369-019-00581-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12369-019-00581-4