CORMAND2: A Deception Attack Against Industrial Robots

Hongyi Pu, Liang He, Peng Cheng, Jiming Chen, Youxian Sun

Engineering ›› 2024, Vol. 32 ›› Issue (1) : 186-201.

PDF(3059 KB)
PDF(3059 KB)
Engineering ›› 2024, Vol. 32 ›› Issue (1) : 186-201. DOI: 10.1016/j.eng.2023.01.013
Research
Article

CORMAND2: A Deception Attack Against Industrial Robots

Author information +
History +

Abstract

Industrial robots are becoming increasingly vulnerable to cyber incidents and attacks, particularly with the dawn of the Industrial Internet-of-Things (IIoT). To gain a comprehensive understanding of these cyber risks, vulnerabilities of industrial robots were analyzed empirically, using more than three million communication packets collected with testbeds of two ABB IRB120 robots and five other robots from various original equipment manufacturers (OEMs). This analysis, guided by the confidentiality–integrity–availability (CIA) triad, uncovers robot vulnerabilities in three dimensions: confidentiality, integrity, and availability. These vulnerabilities were used to design Covering Robot Manipulation via Data Deception (CORMAND2), an automated cyber–physical attack against industrial robots. CORMAND2 manipulates robot operation while deceiving the Supervisory Control and Data Acquisition (SCADA) system that the robot is operating normally by modifying the robot's movement data and data deception. CORMAND2 and its capability of degrading the manufacturing was validated experimentally using the aforementioned seven robots from six different OEMs. CORMAND2 unveils the limitations of existing anomaly detection systems, more specifically the assumption of the authenticity of SCADA-received movement data, to which we propose mitigations for.

Graphical abstract

Keywords

Industrial robots / Vulnerability analysis / Deception attacks / Defenses

Cite this article

EndNote

Ris (Procite)

Bibtex

Download citation ▾
Hongyi Pu, Liang He, Peng Cheng, Jiming Chen, Youxian Sun. CORMAND2: A Deception Attack Against Industrial Robots. Engineering, 2024, 32(1): 186‒201 https://doi.org/10.1016/j.eng.2023.01.013

References

Publishing order | Descend order by publishing year | Descend order by cited within
[1]
B. Wang, F. Tao, X. Fang, C. Liu, Y. Liu, T. Freiheit. Smart manufacturing and intelligent manufacturing: a comparative review. Engineering, 7 (6) ( 2021), pp. 738-757
[2]
International Federation of Robotics (IFR).IFR presents world robotics 2021 reports. Report. Los Angeles: IFR Press Room; 2021.
[3]
International Organization for Standardization (ISO). ISO10218-2: 2011: robots and robotic devices—safety requirements for industrial robots—part 2:robot systems and integration. Geneva: ISO; 2011.
[4]
International Organization for Standardization (ISO). ISO 12100: 2010: safety of machinery—general principles for design—risk assessment and risk reduction. Geneva: ISO; 2010.
[5]
Makarova O, Lihota M. Simulation of computer attack scenarios for industrial robots from the point of intruder view. In: Proceedings of 2021 Ural Symposium on Biomedical Engineering, Radioelectronicsand Information Technology ( USBEREIT2021; May 13-14 2021. p. 2021 ; Yekaterinburg, Russia. New York City: IEEE; 0474-7.
[6]
M. Pogliani, D. Quarta, M. Polino, M. Vittone, F. Maggi, S. Zanero. Security of controlled manufacturing systems in the connected factory: the case of industrial robots. J Comput Virol, 15 (3) ( 2019), pp. 161-175
[7]
Wagstaff K. Robotic surgery involved in 144 deaths in 14 years [Internet]. New York City:NBC NEWs; 2015 Jul 22 [cited 2022 Dec 8].
[8]
Agerholm H. Robot goes rogue and kills woman on Michigan car parts production line [Internet]. London: The Independent; 2017 Mar 15
[ 2022 Dec 8]
[9]
Coker J.Manufacturing sector paid out 62% of total ransomware payments in 2019
[ Internet.London: Infosecurity Magazine; 2020 Jul 7 [cited 2022 Dec 2 ]
[10]
Whittaker Z. Honda global operations halted by ransomware attack [Internet]. San Francisco: Techcrunch; 2022 Jun 9
[ 2022 Dec 2]
[11]
Whittaker Z. Manufacturing giant Aebi Schmidt hit by ransomware [Internet]. San Francisco: Techcrunch; 2019 Apr 24
[ 2022 Dec 2]
[12]
Quarta D, Pogliani M, Polino M, Maggi F, Zanchettin AM, Zanero S.An experimental security analysis of an industrial robot controller. In:Proceedings of IEEE Symposium on Security and Privacy (SP); 2017 May 22- 26; San Jose, CA, USA; 2017.
[13]
Alemzadeh H, Chen D, Li X, Kesavadas T, Kalbarczyk ZT, Iyer RK. Targeted attacks on teleoperated surgical robots:dynamic model-based detection and mitigation. In: Proceedings of 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks ( DSN2016; 2016. p. 2016 Jun 28-Jul 1; Toulouse, France. New York City: IEEE; 395-406.
[14]
Apa L. Exploiting industrial collaborative robots Internet. Washington, DC: IOActive Inc; 2017 Aug 22
[ 2022 Dec 2]
[15]
Major companies in the global industrial robot market in 2019,by estimated market share
[ Internet. New York City: Statista; 2019 Jan 5 [cited 2022 Dec 2 ]
[16]
Ghaeini HR, Chan M, Bahmani R, Brasser F, Garcia L, Zhou J, et al. PAtt: physics-based attestation of control systems. In:Proceedings of 22nd International Symposium on Research in Attacks, Intrusions and Defenses; 2019 Sep 23-25; Beijing, China. Berlin:Springer; 2019. p. 165-80.
[17]
Narayanan V, Bobba RB. Learning based anomaly detection for industrial arm applications. In: Proceedingsof the 2018 Workshop on Cyber-Physical Systems Security and Privacy; Oct 15-19 Canada. 2018. p. 2018 ; Toronto, ON, New York City: Association for Computing Machinery; 13-23.
[18]
J. Xie, J. Yu, J. Wu, Z. Shi, J. Chen. Adaptive switching spatial-temporal fusion detection for remote flying drones. IEEE Trans Veh Technol, 69 (7) ( 2020), pp. 6964-6976
[19]
Maggi F, Quarta D, Pogliani M, Polino M, Zanchettin AM, Zanero S. Rogue robots:testing the limits of an industrial robot's security. Report. Milano: Trend Micro; 2017.
[20]
Chan C, Chow K, Tang T.Security analysis of software updates for industrial robots. In:Proceedings of the 16th International Conference on Critical Information Infrastructures Security (CRITIS 2021); 2021 Sep 27-29; Lausanne, Switzerland. Berlin:Springer; 2021. p. 229-45.
[21]
Chung K, Li X, Tang P, Zhu Z, Kalbarczyk ZT, Iyer RK, et al. Smart malware that uses leaked control data of robotic applications: the case of raven-ii surgical robots. In:Proceedings of 22nd International Symposium on Research in Attacks, Intrusions and Defenses; 2022 Oct 26- 28; Limassol, Cyprus. Berlin:Springer; 2019. p. 337-51.
[22]
B. Dieber, B. Breiling, S. Taurer, S. Kacianka, S. Rass, P. Schartner. Security for the robot operating system. Robot Auton Syst, 98 ( 2017), pp. 192-203
[23]
Dieber B, Kacianka S, Rass S, Schartner P. Application-level security for ROS-based applications. In: Proceedings of 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems ( IROS2016; Oct 9-14 2016. p. 2016 ; Daejeon, Repulic of Korea. New York City: IEEE; 4477-82.
[24]
Zhang M, Moyne J, Mao ZM, Chen C, Kao B, Qamsane Y, et al. Towards automated safety vetting of PLC code in real-world plants. In: Proceedings of 2019 IEEE Symposium on Security and Privacy (SP); 2019 May 20-22; San Francisco, CA, USA. New York City: IEEE; 2019. p. 522-38.
[25]
East S, Butts J, Papa M, Shenoi S.A taxonomy of attacks on the DNP 3 protocol. In:Proceedings of International Conference on Critical Infrastructure Protection (ICCIP 2019); 2019 Mar 11-12; Arlington, VA, USA. Berlin:Springer; 2009. p. 67-81.
[26]
Y. Hu, A. Yang, H. Li, Y. Sun, L. Sun. A survey of intrusion detection on industrial control systems. Int J Distrib Sens Netw, 14 (8) ( 2018), pp. 1-14
[27]
Hong J, Liu C, Govindarasu M. Detection of cyber intrusions using network-based multicast messages for substation automation. In: InnovativeSmart Grid Technologies ( ISGT2014; Feb 19-22 ; Washington DC, USA. 2014. p. 2014 New York City: IEEE; 1-5.
[28]
Wang Y, Fan K, Lai Y, Liu Z, Zhou R, Yao X, et al. Intrusion detection of industrial control system based on Modbus TCP protocol. In: Proceedingsof 2017 IEEE 13th International Symposium on Autonomous Decentralized Systems ISADAS; Mar 22-24 2017. p. 2017 ; Bangkok, Thailand. New York City: IEEE; 156-62.
[29]
Stouffer K, Pillitteri V, Lightman S, Abrams M, Hahn A. Guide to industrial control systems (ICS) security. New York City: National Institute of Standards and Technology (NIST) special publication; 2011.
[30]
Marsden T, Moustafa N, Sitnikova E, Creech G. Probability risk identification based intrusion detection system for SCADA systems. In: Proceedingsof Lecture Notes of the Institute for Computer Sciences, SocialInformatics and Telecommunications Engineering ( ICST2018; Apr 9-13 Springer; 2017. p. 2018 ; Vasteras, Sweden. Berlin:353-63.
[31]
C. Fang, Y. Qi, P. Cheng, W. Zheng. Optimal periodic watermarking schedule for replay attack detection in cyber-physical systems. Automatica, 112 ( 2020), Article 108698
[32]
Falliere N, Murchu LO, Chien E. W32. Stuxnet dossier. Mountain View: Symantec Corp., Security Response; 2011.
[33]
Garcia L, Brasser F, Cintuglu MH, Sadeghi A, Mohammed OA, Zonouz SA.Hey, my malware knows physics! attacking PLCs with physical model aware rootkit. In:Proceedings of the 4th Annual Network and Distributed System Security Symposium (NDSS 2017); 2017 Feb 26-Mar 1; San Diego, CA, USA. Reston: The Internet Society; 2017. p. 1-15.
[34]
Han Y, Etigowni S, Liu H, Zonouz S, Petropulu A. Watch me, but don't touch me! contactless control flow monitoring via electromagnetic emanations. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security; 2017 Oct 30-Nov 3; Dallas, TX, USA. New York City: Association for Computing Machinery; 2017. p. 1095-108.
[35]
Pu H, He L, Zhao C, Yau DKY, Cheng P, Chen J. Detecting replay attacks against industrial robots via power fingerprinting. In: Proceedingsof the 18th Conference on Embedded Networked Sensor Systems; Nov 16-19 2020. p. 2020 ; online. New York City: Association for Computing Machinery (ACM); 285-97.
[36]
H. Pu, L. He, C. Zhao, D.K.Y. Yau, P. Cheng, J. Chen. Fingerprinting movements of industrial robots for replay attack detection. IEEE Trans Mob Comput, 21 (10) ( 2021), pp. 3629-3643
[37]
Electricity Information Sharing and Analysis Center (E-ISAC). Analysis of the cyber attack on the Ukrainian power grid: defense use case. Washington, DC: E-ISAC; 2016 Mar.
[38]
Kovacevic A, Nikolic D. Cyber attacks on critical infrastructure:review and challenges. In: Cruz-CunhaMM, PortelaIM,editors. Handbook of research on digital crime, cyberspace security, and information assurance. Pennsylvania: IGI Global Publisher Of Timely Knowledge; 2015.
[39]
O. Kris, D. Christian. SoK: ATT&CK techniques and trends in windows malware. Proceedings of the 15th EAI Conference on Security and Privacy in Communication Systems; 2019 Oct 23- 25, Springer, Orlando, FL, USA. Berlin ( 2019), pp. 406-425
[40]
Mayoral-Vilches V, Carbajo UA, Gil-Uriarte E. Industrial robot ransomware:Akerbeltz. In: Proceedings of 2020 4th IEEE International Conference on Robotic Computing ( IRC2020; Nov 9-11 2020. p. 2020 ; Taichung, China. New York City: IEEE; 432-5.
[41]
Bonaci T, Yan J, Herron J, Kohno T, Chizeck HJ. Experimental analysis of denial-of-service attacks on teleoperated robotic systems. In: Proceedings of the ACM/IEEE 6th International Conference on Cyber-Physical Systems; 2015 Apr 14-16; Washington, DC, USA. New York City: Association for Computing Machinery (ACM); 2015. p. 11-20.
[42]
Pu H.Demo: covering manipulation of industrial robots via data deception [Internet]. Genève: Zenodo; 2022 Aug 6
[ 2022 Dec 8]
[43]
Gander K. Worker killed by robot at Volkswagen car factory [Internet]. London: The Independent; 2015 Jul 2
[ 2022 Dec 2]
[44]
Workers killed by the industrial robot, how can the safety regulations be ignored? Beijing: Sohu; [cited 2022 Dec 2].
[45]
Sharma A. Universal robots continues to dominate cobot market but faces many challengers [Internet]. London: Interact Analysis; 2018 Nov
[ 2022 Dec 2]
[46]
C.Y. Kim, D. Song, J. Yi, X. Wu. Decentralized searching of multiple unknown and transient radio sources with paired robots. Engineering, 1 (1) ( 2015), pp. 58-65
[47]
Cerrudo C, Apa L. Hacking robots before Skynet Internet. Washington, DC: IOActive Inc; 2017 Mar 1
[ 2022 Dec 2]
[48]
B.N. Saeed.Introduction to robotics: analysis, control, applications. (2nd ed.), Wiley, Hoboken ( 2010)
[49]
Formby D, Srinivasan P, Leonard A, Rogers J, Beyah RA. Who's in control of your control system? Device fingerprinting for cyber-physical systems. In: Proceedings of 2016 Network and Distributed System Security Symposium; 2016 Feb 21-24; San Diego, CA, USA. New York City: IEEE; 2016. p. 1-15.
[50]
Quinonez R, Giraldo J, Salazar L, Bauman E, Cardenas A, Lin Z. SAVIOR:securing autonomous vehicles with robust physical invariants. In: Proceedingsof the 29th USENIX: Security Symposium; Aug 12-14 2020. p. 2020 ; online. Berkeley: USENIX Association; 895-912.
[51]
Chen Y, Poskitt CM, Sun J. Learning from mutants:using code mutation to learn and monitor invariants of a cyber-physical system. In: Proceedings of 39th IEEE Symposium on Security and Privacy ( SP2018; May 20-24 2018. p. 2018 ; San Francisco, CA, USA. New York City: IEEE; 648-60.
AI Summary AI Mindmap
PDF(3059 KB)

Accesses

Citations

Detail
Sections
Recommended

/