ABSTRACT
Industrial robots have been shown to suffer from replay attacks, via which adversaries not only manipulate the robot operation by downloading malicious code, but also prevent the detection of this manipulation by replaying recorded (and normal) movement data to the monitoring system. To protect industrial robots from replay attacks, we design a novel intrusion detection system using the power fingerprint of robots, called PIDS (<u>Po</u>wer-based <u>I</u>ntrusion <u>D</u>etection <u>S</u>ystem), and deliver PIDS as a bump-in-the-wire module installed at the powerline of commodity robots. The foundation of PIDS is the physically-induced dependency between the robot movement and the concomitant electrical power consumption, which PIDS captures via joint physical analysis and (cyber) data-driven modeling. PIDS then fingerprints the robot movements observed by the monitoring system using their expected power consumption, and cross-validates the fingerprints with empirically collected power information --- a mismatch thereof flags anomalies of the observed movements (i.e., evidence of replay attack). We have evaluated PIDS using three models of robots from different vendors --- i.e., ABB IRB120, KUKA KR6 R700, and Universal Robots UR5 robots --- with over 2, 000 operation cycles. The experimental results show that PIDS detects replay attacks with an average rate of 96.5% (up to 99.9%) and a 0.1s latency.
- Ros anomaly detector package. https://github.com/narayave/mh5_anomaly_detector.Google Scholar
- Lucas Apa. Exploiting industrial collaborative robots. https://ioactive.com/exploiting-industrial-collaborative-robots/, 2017.Google Scholar
- Michèle Basseville, Igor V Nikiforov, et al. Detection of abrupt changes: theory and application, volume 104. Prentice Hall Englewood Cliffs, 1993.Google ScholarDigital Library
- Christian Bayens, Tuan Le, Luis Garcia, Raheem Beyah, Mehdi Javanmard, and Saman Zonouz. See no evil, hear no evil, feel no evil, print no evil? malicious fill patterns detection in additive manufacturing. In USENIX Security Symposium, pages 1181--1198, 2017.Google Scholar
- Christopher M Bishop. Pattern recognition and machine learning. springer, 2006.Google ScholarDigital Library
- André Carvalho Bittencourt. Friction change detection in industrial robot arms, 2007.Google Scholar
- Defense Use Case. Analysis of the cyber attack on the ukrainian power grid. Electricity Information Sharing and Analysis Center, 2016.Google Scholar
- Cesar Cerrudo and Lucas Apa. Hacking robots before skynet. IOActive Website, 2017.Google Scholar
- Cesar Cerrudo and Lucas Apa. Hacking robots before skynet: Technical appendix. Technical report, https://ioactive.com/pdfs/Hacking-Robots-Before-Skynet-Technical-Appendix.pdf, 2017.Google Scholar
- Rita Chattopadhyay, Mruthunjaya (Jay) Chetty, Eric XiaozhongJi, Stephanie Cope, and Jeffrey E Davis. Real time remote monitoring and anomaly detection in industrial robots based on vibration signals, enabling large scale deployment of condition based maintenance. International Journal of Nanotechnology & Nanomedicine, 2(1):1--4, 2017.Google Scholar
- Davide Chicco. Ten quick tips for machine learning in computational biology. BioData mining, 10(1):35, 2017.Google ScholarCross Ref
- Jui-Sheng Chou and Abdi Suryadinata Telaga. Real-time detection of anomalous power consumption. Renewable and Sustainable Energy Reviews, 33:400--411, 2014.Google ScholarCross Ref
- Keywhan Chung, Xiao Li, Peicheng Tang, Zeran Zhu, Zbigniew T Kalbarczyk, Ravishankar K Iyer, and Thenkurussi Kesavadas. Smart malware that uses leaked control data of robotic applications: The case of raven-ii surgical robots. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID), pages 337--351, 2019.Google Scholar
- Shane S Clark, Benjamin Ransford, Amir Rahmati, Shane Guineau, Jacob Sorber, Wenyuan Xu, and Kevin Fu. Wattsupdoc: Power side channels to nonintrusively discover untargeted malware on embedded medical devices. In HealthTech, 2013.Google Scholar
- Siobhan Climer and Mishaal Khan. Ransomware targets manufacturing industry: A cybersecurity report. https://gomindsight.com/insights/blog/ransomware-targets-manufacturing-industry-cybersecurity-report/, 2019.Google Scholar
- Thomas Eisenbarth, Christof Paar, and Björn Weghenkel. Building a side channel based disassembler. In Transactions on computational science X, pages 78--99. Springer, 2010.Google ScholarCross Ref
- Nicolas Falliere, Liam O Murchu, and Eric Chien. W32. stuxnet dossier. White paper, Symantec Corp., Security Response, 5(6):29, 2011.Google Scholar
- FANUC. Introduction of robots for the electrical and electronic industry. https://www.fanuc.co.jp/en/product/robot/application/elec/index.html.Google Scholar
- Damodar N Gujarati. Basic econometrics. Tata McGraw-Hill Education, 2009.Google Scholar
- Benjamin R Hamilton, Xiaoli Ma, Qi Zhao, and Jun Xu. Aces: adaptive clock estimation and synchronization using kalman filtering. In International Conference on Mobile Computing and Networking, pages 152--162. ACM, 2008.Google Scholar
- Carsten Heer. Robots double worldwide by 2020. https://ifr.org/ifr-press-releases/news/robots-double-worldwide-by-2020, 2018.Google Scholar
- RW Herschy. The uncertainty in a current meter measurement. Flow Measurement and Instrumentation, 13(5--6):281--284, 2002.Google Scholar
- Rachel Hornung, Holger Urbanek, Julian Klodmann, Christian Osendorfer, and Patrick Van Der Smagt. Model-free robot anomaly detection. In International Conference on Intelligent Robots and Systems, pages 3676--3683. IEEE, 2014.Google ScholarCross Ref
- Stephen Kent and Randall Atkinson. Rfc2401: Security architecture for the internet protocol, 1998.Google ScholarDigital Library
- Diederik P Kingma and Jimmy Ba. Adam: A method for stochastic optimization. arXiv preprint arXiv:1412.6980, 2014.Google Scholar
- Lei Liu, Guanhua Yan, Xinwen Zhang, and Songqing Chen. Virusmeter: Preventing your cellphone from spies. In International Workshop on Recent Advances in Intrusion Detection, pages 244--264. Springer, 2009.Google ScholarDigital Library
- Yannan Liu, Lingxiao Wei, Zhe Zhou, Kehuan Zhang, Wenyuan Xu, and Qiang Xu. On code execution tracking via power side-channel. In SIGSAC Conference on Computer and Communications Security (CCS), pages 1019--1031. ACM, 2016.Google ScholarDigital Library
- Maja Lutovac Banduka. Remote monitoring and control of industrial robot based on android device and wi-fi communication. Automatika: časopis za automatiku, mjerenje, elektroniku, računarstvo i komunikacije, 56(3):281--291, 2015.Google Scholar
- Michael L McIntyre, Warren E Dixon, Darren M Dawson, and Ian D Walker. Fault detection and identification for robot manipulators. In International Conference on Robotics and Automation (ICRA), volume 5, pages 4981--4986. IEEE, 2004.Google ScholarCross Ref
- Douglas C Montgomery. Introduction to statistical quality control. John Wiley & Sons, 2007.Google Scholar
- Samuel B Moore, Jacob Gatlin, Sofia Belikovetsky, Mark Yampolskiy, Wayne E King, and Yuval Elovici. Power consumption-based detection of sabotage attacks in additive manufacturing. arXiv preprint arXiv:1709.01822, 2017.Google Scholar
- Mehari Msgna, Konstantinos Markantonakis, and Keith Mayes. The b-side of side channel leakage: Control flow security in embedded systems. In International Conference on Security and Privacy in Communication Systems, pages 288--304. Springer, 2013.Google ScholarCross Ref
- Asim Munawar, Phongtharin Vinayavekhin, and Giovanni De Magistris. Spatiotemporal anomaly detection for industrial robots through prediction in unsupervised feature space. In Winter Conference on Applications of Computer Vision (WACV), pages 1017--1025. IEEE, 2017.Google Scholar
- Vedanth Narayanan and Rakesh B Bobba. Learning based anomaly detection for industrial arm applications. In Proceedings of Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC), pages 13--23. ACM, 2018.Google ScholarDigital Library
- Robotics Online. Top 6 future trends in robotic automation. https://www.robotics.org/blog-article.cfm/Top-6-Future-Trends-in-Robotic-Automation/101, 2018.Google Scholar
- Marcello Pogliani, Davide Quarta, Mario Polino, Martino Vittone, Federico Maggi, and Stefano Zanero. Security of controlled manufacturing systems in the connected factory: the case of industrial robots. Springer Journal of Computer Virology and Hacking Techniques, pages 1--15, 2019.Google Scholar
- IFR Press. Industrial robots: Robot investment reaches record 16.5 billion usd. https://ifr.org/ifr-press-releases/news/robot-investment-reaches-record-16.5-billion-usd, 2019.Google Scholar
- Hongyi Pu. Demo: Mounting replay attacks on industrial robots. https://youtu.be/HAeHg34146M.Google Scholar
- Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero. Breaking the laws of robotics attacking industrial robots. https://www.blackhat.com/us-17/briefings/schedule, 2017.Google Scholar
- Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, and Stefano Zanero. An experimental security analysis of an industrial robot controller. In Symposium on Security and Privacy (S&P), pages 268--286. IEEE, 2017.Google ScholarCross Ref
- Ahmad H Sabry, Farah Hani Nordin, Ameer H Sabry, and Mohd Zainal Abidin Ab Kadir. Fault detection and diagnosis of industrial robot based on power consumption modeling. Transactions on Industrial Electronics, 67(9):7929--7940, 2019.Google ScholarCross Ref
- BN Saeed. Introduction to Robotics: Analysis, Control, Applications. John Wiley & Sons, 2010.Google Scholar
- Michael Sharp. Observations on developing reliability information utilization in a manufacturing environment with case study: robotic arm manipulators. The International Journal of Advanced Manufacturing Technology, 102(9--12):3243--3264, 2019.Google Scholar
- Yoni Shohet. Ransomware attacks hit manufacturing - are you vulnerable? https://www.industryweek.com/technology-and-iiot/article/22027363/ransomware-attacks-hit-manufacturing-are-you-vulnerable, 2019.Google Scholar
- Bruno Siciliano, Lorenzo Sciavicco, Luigi Villani, and Giuseppe Oriolo. Robotics: modelling, planning and control. Springer Science & Business Media, 2010.Google Scholar
- Keith Stouffer, Joe Falco, and Karen Scarfone. Guide to industrial control systems (ics) security. NIST special publication, 800(82):16--16, 2011.Google ScholarDigital Library
- Genesis Systems. Robots in automotive manufacturing: Top 6 applications. https://www.genesis-systems.com/blog/robots-automotive-manufacturing-top-6-applications.Google Scholar
- Jieyu Tao, Bosheng Ye, Yuanlong Xie, Xiaoqi Tang, and Bao Song. Dynamic modeling and load identification of industrial robot using improved particle swarm optimization. In International Conference on Advanced Intelligent Mechatronics, pages 75--80. IEEE/ASME, 2018.Google ScholarCross Ref
- Technavio. Robotics engineering: 10 trends shaping the industrial robotics for 2019. https://blog.technavio.com/blog/robotics-engineering-trends-shaping-industrial-robotics, 2018.Google Scholar
- David I Urbina, Jairo A Giraldo, Alvaro A Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. Limiting the impact of stealthy attacks on industrial control systems. In SIGSAC Conference on Computer and Communications Security (CCS), pages 1092--1105. ACM, 2016.Google ScholarDigital Library
- Mien Van, Hee-Jun Kang, Young-Soo Suh, and Kyoo-Sik Shin. A robust fault diagnosis and accommodation scheme for robot manipulators. International Journal of Control, Automation and Systems, 11(2):377--388, 2013.Google ScholarCross Ref
Index Terms
- Detecting replay attacks against industrial robots via power fingerprinting
Recommendations
Delay-on-Squash: Stopping Microarchitectural Replay Attacks in Their Tracks
MicroScope and other similar microarchitectural replay attacks take advantage of the characteristics of speculative execution to trap the execution of the victim application in a loop, enabling the attacker to amplify a side-channel attack by executing it ...
Reconfigurable Binding against FPGA Replay Attacks
The FPGA replay attack, where an attacker downgrades an FPGA-based system to the previous version with known vulnerabilities, has become a serious security and privacy concern for FPGA design. Current FPGA intellectual property (IP) protection ...
Design guidelines for security protocols to prevent replay & parallel session attacks
This work is concerned with the design of security protocols. These protocols are susceptible to intruder attacks and their security compromised if weaknesses in the protocols' design are evident. In this paper a new analysis is presented on the reasons ...
Comments