Abstract
Robotic vehicles (RV) are increasing in adoption in many industrial sectors. RVs use auto-pilot software for perception and navigation and rely on sensors and actuators for operating autonomously in the physical world. Control algorithms have been used in RVs to minimize the effects of noisy sensors, prevent faulty actuator output, and, recently, to detect attacks against RVs. In this article, we demonstrate the vulnerabilities in control-based intrusion detection techniques and propose three kinds of stealthy attacks that evade detection and disrupt RV missions. We also propose automated algorithms for performing the attacks without requiring the attacker to expend significant effort or to know specific details of the RV, thus making the attacks applicable to a wide range of RVs. We demonstrate the attacks on eight RV systems including three real vehicles in the presence of an Intrusion Detection System using control-based techniques to monitor RV’s runtime behavior and detect attacks. We find that the control-based techniques are incapable of detecting our stealthy attacks and that the attacks can have significant adverse impact on the RV’s mission (e.g., deviate it significantly from its target, or cause it to crash).
- Sridhar Adepu and Aditya Mathur. 2016. Using process invariants to detect cyber attacks on a water treatment system. In Proceedings of the IFIP International Information Security and Privacy Conference. 91--104Google Scholar
- Ekta Aggarwal, Mehdi Karimibiuki, Karthik Pattabiraman, and André Ivanov. 2018. CORGIDS: A correlation-based generic intrusion detection system. In Proceedings of the 2018 Workshop on Cyber-Physical Systems Security and PrivaCy (CPS-SPC’18). ACM, New York, NY, 24--35. DOI:https://doi.org/10.1145/3264888.3264893Google Scholar
- Chuadhry Mujeeb Ahmed, Jianying Zhou, and Aditya P. Mathur. 2018. Noise matters: Using sensor and process noise fingerprint to detect stealthy cyber attacks and authenticate sensors in CPS. In Proceedings of the 34th Annual Computer Security Applications Conference (ACSAC’18). ACM, New York, NY, 566--581. DOI:https://doi.org/10.1145/3274694.3274748Google Scholar
- H. Alemzadeh, D. Chen, X. Li, T. Kesavadas, Z. T. Kalbarczyk, and R. K. Iyer. 2016. Targeted attacks on teleoperated surgical robots: Dynamic model-based detection and mitigation. In Proceedings of the 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN’16). 395--406. DOI:https://doi.org/10.1109/DSN.2016.43Google Scholar
- Maryam Raiyat Aliabadi, Amita Ajith Kamath, Julien Gascon-Samson, and Karthik Pattabiraman. 2017. ARTINALI: Dynamic invariant detection for cyber-physical system security. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE’17). ACM, New York, NY, 349--361. DOI:https://doi.org/10.1145/3106237.3106282Google ScholarDigital Library
- Amazon Prime [n.d.]. Amazon Prime Delivery. Retrieved January 24, 2019 from https://www.amazon.com/Amazon-Prime-Air/b?node=8037720011.Google Scholar
- ArduPilot [n.d.]. Ardupilot—Software in the Loop. Retrieved May 24, 2018 from http://ardupilot.org/dev/docs/sitl-simulator-software-in-the-loop.html.Google Scholar
- Aryn Baker. [n.d.]. Zipline Drone Delivery. Retrieved January 24, 2019 from http://www.flyzipline.com/.Google Scholar
- P.-J. Bristeau, E. Dorveaux, D. Vissière, and N. Petit. 2010. Hardware and software architecture for state estimation on an experimental low-cost small-scaled helicopter. Contr. Eng. Pract. 18, 7 (2010), 733--746. DOI:https://doi.org/10.1016/j.conengprac.2010.02.014Google ScholarCross Ref
- Stephen Burns. [n.d.]. Drone Meets Delivery Truck. Retrieved May 24, 2019 from https://www.ups.com/us/es/services/knowledge-center/article.page?name=drone-meets-delivery-truck8kid=cd18bdc2.Google Scholar
- Alvaro Cardenas, Saurabh Amin, Bruno Sinopoli, Annarita Giani, Adrian Perrig, and Shankar Sastry. 2009. Challenges for securing cyber physical systems. In Proceedings of the Workshop on Future Directions in Cyber-physical Systems Security. DHS.Google Scholar
- Y. Chen, C. M. Poskitt, and J. Sun. 2018. Learning from mutants: Using code mutation to learn and monitor invariants of a cyber-physical system. In Proceedings of the 2018 IEEE Symposium on Security and Privacy (SP’18). IEEE Computer Society, Los Alamitos, CA, 648--660. DOI:https://doi.org/10.1109/SP.2018.00016Google ScholarCross Ref
- Grzegorz Chmaj and Henry Selvaraj. 2015. Distributed processing applications for UAV/drones: A survey. In Progress in Systems Engineering, Henry Selvaraj, Dawid Zydek, and Grzegorz Chmaj (Eds.). Springer International Publishing, Cham, 449--454.Google Scholar
- Hongjun Choi, Sayali Kate, Yousra Aafer, Xiangyu Zhang, and Dongyan Xu. 2020. Software-based realtime recovery from sensor attacks on robotic vehicles. In Proceedings of the 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’20). USENIX Association.Google Scholar
- Hongjun Choi, Wen-Chuan Lee, Yousra Aafer, Fan Fei, Zhan Tu, Xiangyu Zhang, Dongyan Xu, and Xinyan Deng. 2018. Detecting attacks against robotic vehicles: A control invariant approach. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS’18). ACM, New York, NY, 801--816. DOI:https://doi.org/10.1145/3243734.3243752Google ScholarDigital Library
- Keywhan Chung, Zbigniew T. Kalbarczyk, and Ravishankar K. Iyer. 2019. Availability attacks on computing systems through alteration of environmental control: Smart malware approach. In Proceedings of the 10th ACM/IEEE international conference on cyber-physical systems (ICCPS’19). ACM, New York, NY, 1--12. DOI:https://doi.org/10.1145/3302509.3311041Google Scholar
- Keywhan Chung, Xiao Li, Peicheng Tang, Zeran Zhu, Zbigniew T. Kalbarczyk, Ravishankar K. Iyer, and Thenkurussi Kesavadas. 2019. Smart malware that uses leaked control data of robotic applications: The case of Raven-II surgical robots. In Proceedings of the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID’19). USENIX Association, 337--351.Google Scholar
- G. Dan and H. Sandberg. 2010. Stealth attacks and protection schemes for state estimators in power systems. In Proceedings of the 2010 1st IEEE International Conference on Smart Grid Communications. 214--219. DOI:https://doi.org/10.1109/SMARTGRID.2010.5622046Google Scholar
- Drew Davidson, Hao Wu, Rob Jellinek, Vikas Singh, and Thomas Ristenpart. 2016. Controlling UAVs with sensor input spoofing attacks. In Proceedings of the 10th USENIX Workshop on Offensive Technologies (WOOT’16). USENIX Association.Google Scholar
- Emlid. [n.d.]. Navio2. Retrieved from https://emlid.com/navio/.Google Scholar
- ETH-Agile and Dexterous Robotics Lab. [n.d.]. Control Toolbox. Retrieved from https://ethz-adrl.github.io/ct/ct_doc/doc/html/index.html.Google Scholar
- Fan Fei, Zhan Tu, Dongyan Xu, and Xinyan Deng. 2019. Learn-to-recover: Retrofitting UAVs with reinforcement learning-assisted flight control under cyber-physical attacks. In IEEE International Conference on Robotics and Automation (ICRA'20). 7358--7364. DOI:10.1109/ICRA40945.2020.9196611Google Scholar
- Gene F. Franklin, J. David Powell, and Abbas Emami-Naeini. 2018. Feedback Control of Dynamic Systems (8th Ed.) (What’s New in Engineering). Pearson.Google Scholar
- Luis Garcia, Ferdinand Brasser, Mehmet Hazar Cintuglu, Ahmad-Reza Sadeghi, Osama A. Mohammed, and Saman A. Zonouz. 2017. Hey, my malware knows physics! Attacking PLCs with physical model aware rootkit. In Proceedings of the Network and Distributed System Security Symposium (NDSS’17).Google Scholar
- Ian Y. Garrett and Ryan M. Gerdes. 2020. On the efficacy of model-based attack detectors for unmanned aerial systems. In Proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec’20). Association for Computing Machinery, New York, NY, 11--14.Google Scholar
- R. M. Góes, E. Kang, R. Kwong, and S. Lafortune. 2017. Stealthy deception attacks for cyber-physical systems. In Proceedings of the 2017 IEEE 56th Annual Conference on Decision and Control (CDC’17). 4224--4230. DOI:https://doi.org/10.1109/CDC.2017.8264281Google Scholar
- J. Habibi, A. Gupta, S. Carlsony, A. Panicker, and E. Bertino. 2015. MAVR: Code reuse stealthy attacks and mitigation on unmanned aerial vehicles. In Proceedings of the 2015 IEEE 35th International Conference on Distributed Computing Systems. 642--652.Google Scholar
- D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. 2008. Pacemakers and implantable cardiac defibrillators: Software radio attacks and zero-power defenses. In Proceedings of the 2008 IEEE Symposium on Security and Privacy (SPS’08).Google Scholar
- Andrew J. Hawkins. [n.d.]. UPS will use drones to deliver medical supplies in North Carolina. Retrieved May 24, 2019 from https://www.theverge.com/2019/3/26/18282291/ups-drone-delivery-hospital-nc-matternet.Google Scholar
- Todd E. Humphreys. 2008. Assessing the spoofing threat: Development of a portable GPS civilian spoofer. In Proceedings of the Institute of Navigation GNSS (ION GNSS’08).Google Scholar
- JSMSim [n.d.]. JSBSim Open Source Flight Dynamics Model. Retrieved May 24, 2018 from “http://jsbsim.sourceforge.net/”.Google Scholar
- S. Karnouskos. 2011. Stuxnet worm impact on industrial cyber-physical system security. In Proceedings of the 37th Annual Conference of the IEEE Industrial Electronics Society (IECON’11). 4490--4494. DOI:https://doi.org/10.1109/IECON.2011.6120048Google Scholar
- Kyo Hyun Kim, Siddhartha Nalluri, Ashish Kashinath, Yu Wang, Sibin Mohan, Miroslav Pajic, and Bo Li. 2020. Security analysis against spoofing attacks for distributed UAVs. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). Association for Computing Machinery, New York, NY. DOI:https://doi.org/10.1145/2976749.2978388Google Scholar
- Taegyu Kim, Chung Hwan Kim, Junghwan Rhee, Fan Fei, Zhan Tu, Gregory Walkup, Xiangyu Zhang, Xinyan Deng, and Dongyan Xu. 2019. RVFuzzer: Finding input validation bugs in robotic vehicles through control-guided testing. In Proceedings of the 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, 425--442.Google Scholar
- Robert M. Lee, Michael J. Assante, and Tim Conway. 2016. Analysis of the cyber attack on the ukrainian power grid. Technical report. Electricity Information Sharing and Analysis Center (E-ISAC).Google Scholar
- J. Li and Y. Li. 2011. Dynamic analysis and PID control for a quadrotor. In Proceedings of the 2011 IEEE International Conference on Mechatronics and Automation. 573--578. DOI:https://doi.org/10.1109/ICMA.2011.5985724Google Scholar
- Yao Liu, Peng Ning, and Michael K. Reiter. 2009. False data injection attacks against state estimation in electric power grids. In Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS’09). ACM, New York, NY, 21--32. DOI:https://doi.org/10.1145/1653662.1653666Google Scholar
- L. Ljung. 1979. Asymptotic behavior of the extended Kalman filter as a parameter estimator for linear systems. IEEE Trans. Automat. Contr. 24, 1 (Feb. 1979), 36--50. DOI:https://doi.org/10.1109/TAC.1979.1101943Google Scholar
- K. Manandhar, X. Cao, F. Hu, and Y. Liu. 2014. Detection of faults and attacks including false data injection attack in smart grid using kalman filter. IEEE Trans. Contr. Netw. Syst. 1, 4 (Dec. 2014), 370--379. DOI:https://doi.org/10.1109/TCNS.2014.2357531Google Scholar
- MATLAB. [n.d.]. System Identification Overview. Retrieved from https://www.mathworks.com/help/ident/gs/about-system-identification.html.Google Scholar
- MATLAB. [n.d.]. System Identification Toolbox. Retrieved from https://www.mathworks.com/products/sysid.html.Google Scholar
- S. McLaughlin and S. Zonouz. 2014. Controller-aware false data injection against programmable logic controllers. In Proceedings of the 2014 IEEE International Conference on Smart Grid Communications (SmartGridComm’14). 848--853. DOI:https://doi.org/10.1109/SmartGridComm.2014.7007754Google Scholar
- Lorenz Meier, Petri Tanskanen, Friedrich Fraundorfer, and Marc Pollefeys. 2011. Pixhawk: A system for autonomous flight using onboard computer vision. In Proceedings of the 2011 IEEE International Conference on Robotics and Automation. IEEE, 2992--2997.Google Scholar
- MARS 2020 Mission. [n.d.]. MARS Exploration Rover. Retrieved from https://mars.nasa.gov/mer/mission/rover/.Google Scholar
- Robert Mitchell and Ing-Ray Chen. 2012. Specification based intrusion detection for unmanned aircraft systems. In Proceedings of the 1st ACM MobiHoc Workshop on Airborne Networks and Communications. 31--36.Google ScholarDigital Library
- Robert Mitchell and Ing-Ray Chen. 2014. Adaptive intrusion detection of malicious unmanned air vehicles using behavior rule specifications. IEEE Trans. Syst. Man Cybernet.: Syst. 44, 5 (2014), 2014.Google ScholarCross Ref
- GNU Octave. [n.d.]. GNU Octave Scientific Programming Language. Retrieved from https://www.gnu.org/software/octave/.Google Scholar
- Out of Control. [n.d.]. Artificial Delay Attack Demo Video. Retrieved from https://drive.google.com/open?id=1_CHITopKSraKZXnAIyeUoQZqki8fgUXe.Google Scholar
- Out of Control. [n.d.]. False Data Injection Attack Demo Video. Retrieved from https://drive.google.com/open?id=1JgrCpwspsBiYdNvKUxeKnl-bZQ9WS_Cg.Google Scholar
- Out of Control. [n.d.]. Switch Mode Attack Demo Video. Retrieved from https://drive.google.com/open?id=1yUSGa5GoBQYl0GTiTbcPFN5NnjBHXL-Y.Google Scholar
- Parrot.com. [n.d.]. Bebop2. Retrieved from https://www.parrot.com/us/drones/parrot-bebop-2.Google Scholar
- Gazebo Project. [n.d.]. Gazebo Robot Simulation. Retrieved from http://gazebosim.org/.Google Scholar
- Raul Quinonez, Jairo Giraldo, Luis Salazar, Erick Bauman, Alvaro Cardenas, and Zhiqiang Lin. 2020. SAVIOR: Securing autonomous vehicles with robust physical invariants. In Proceedings of the 29th USENIX Security Symposium (USENIX Security 20). USENIX Association.Google Scholar
- Hadi Ravanbakhsh, Sina Aghli, Christoffer Heckman, and Sriram Sankaranarayanan. 2018. Path-following through control funnel functions. arXiv/1804.05288. Retrieved from https://arxiv:1804.05288.Google Scholar
- Aion Robotics. [n.d.]. R1 ArduPilot Edition. Retrieved from https://docs.aionrobotics.com/en/latest/r1-ugv.html.Google Scholar
- Sky Rocket. [n.d.]. Sky Viper Journey. Retrieved from https://sky-viper.com/journey/.Google Scholar
- H. Sakoe and S. Chiba. 1978. Dynamic programming algorithm optimization for spoken word recognition. IEEE Trans. Acoust. Speech Sign. Process. 26, 1 (Feb. 1978), 43--49.Google ScholarCross Ref
- Nicolas Sheilds. [n.d.]. Walmart Drone Delivery. Retrieved December 9, 2018 from https://www.businessinsider.com/walmart-blockchain-drone-delivery-patent-2018-9.Google Scholar
- Yasser Shoukry, Paul Martin, Paulo Tabuada, and Mani Srivastava. 2013. Non-invasive spoofing attacks for anti-lock braking systems. In Proceedings of the Cryptographic Hardware and Embedded Systems (CHES’13), Guido Bertoni and Jean-Sebastien Coron (Eds.). Springer, Berlin, 55--72.Google Scholar
- Yunmok Son, Hocheol Shin, Dongkwan Kim, Youngseok Park, Juhwan Noh, Kibum Choi, Jungwoo Choi, and Yongdae Kim. 2015. Rocking drones with intentional sound noise on gyroscopic sensors. In Proceedings of the 24th USENIX Security Symposium (USENIX Security 15). USENIX Association, 881--896.Google ScholarDigital Library
- Christopher Steiner. [n.d.]. Bot-In-Time Delivery. Retrieved from https://www.forbes.com/forbes/2009/0316/040_bot_time_saves_nine.html#68ee53d9b942.Google Scholar
- Paparazzi Development Team. [n.d.]. Paparazzi—The Free Autopilot. Retrieved from https://wiki.paparazziuav.org/wiki/Main_Page.Google Scholar
- Pixhawk Development Team. [n.d.]. Pixhawk AutoPilot. Retrieved from https://docs.px4.io/en/flight_controller/pixhawk_series.html.Google Scholar
- Nils Ole Tippenhauer, Christina Pöpper, Kasper Bonne Rasmussen, and Srdjan Capkun. 2011. On the requirements for successful GPS spoofing attacks. In Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS’11). ACM, New York, NY, 75--86.Google ScholarDigital Library
- T. Trippel, O. Weisse, W. Xu, P. Honeyman, and K. Fu. 2017. WALNUT: Waging doubt on the integrity of MEMS accelerometers with acoustic injection attacks. In Proceedings of the 2017 IEEE European Symposium on Security and Privacy (EuroSP’17). 3--18. DOI:https://doi.org/10.1109/EuroSP.2017.42Google Scholar
- David I. Urbina, Jairo A. Giraldo, Alvaro A. Cardenas, Nils Ole Tippenhauer, Junia Valente, Mustafa Faisal, Justin Ruths, Richard Candell, and Henrik Sandberg. 2016. Limiting the impact of stealthy attacks on industrial control systems. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, New York, NY, 1092--1105. DOI:https://doi.org/10.1145/2976749.2978388Google ScholarDigital Library
- T. P. Vuong, G. Loukas, D. Gan, and A. Bezemskij. 2015. Decision tree-based detection of denial of service and command injection attacks on robotic vehicles. In Proceedings of the 2015 IEEE International Workshop on Information Forensics and Security (WIFS’15). 1--6.Google Scholar
- Zhaolin Yang, Feng Lin, and B. M. Chen. 2016. Survey of autopilot for multi-rotor unmanned aerial vehicles. In Proceedings of the 42nd Annual Conference of the IEEE Industrial Electronics Society (IECON’16). 6122--6127. DOI:https://doi.org/10.1109/IECON.2016.7793820Google Scholar
Index Terms
- Stealthy Attacks against Robotic Vehicles Protected by Control-based Intrusion Detection Techniques
Recommendations
Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityRobotic vehicles (RVs), such as drones and ground rovers, are a type of cyber-physical systems that operate in the physical world under the control of computing components in the cyber world. Despite RVs' robustness against natural disturbances, cyber ...
Out of control: stealthy attacks against robotic vehicles protected by control-based techniques
ACSAC '19: Proceedings of the 35th Annual Computer Security Applications ConferenceRobotic vehicles (RVs) are cyber-physical systems that operate in the physical world under the control of software functions. They are increasing in adoption in many industrial sectors. RVs rely on sensors and actuators for system operations and ...
Modeling and control of Cyber-Physical Systems subject to cyber attacks: A survey of recent advances and challenges
Highlights- In general, the cyber-attacks in the literature can be classified into three main types: denial of service (DoS) attacks, deception attacks, and replay ...
AbstractCyber Physical Systems (CPS) are almost everywhere; they can be accessed and controlled remotely. These features make them more vulnerable to cyber attacks. Since these systems provide critical services, having them under attack would ...
Comments