UBC Theses and Dissertations
Security analysis of robotic vehicles protected by control-based techniques Dash, Pritam
Robotic vehicles (RV) are increasing in adoption in many industrial sectors (e.g., agriculture, surveillance, package delivery, warehouse management, cinematography, etc). RVs use auto-pilot software for perception and navigation, and rely on sensors and actuators for operating autonomously in the physical world. As RVs rely on sensor measurements for actuation, a common way of triggering attacks against RVs is through sensor tampering or spoofing. Such attacks cannot be prevented through traditional software security methods (e.g., cryptography, memory isolation, etc). Real-time invariant analysis has been proved effective in detecting sensor tampering attacks against CPS such as smart meters, water treatment plants, and smart grids. Because RVs inherently use control algorithms for minimizing sensor or actuator faults and for trajectory planning, control-based invariant analysis techniques have been proposed to detect attacks against RVs. In this thesis, we evaluate the efficacy of control-based intrusion detection techniques, and propose three kinds of stealthy attacks that evade detection and disrupt RV missions. By design, control-based techniques perform threshold analysis to tolerate environmental noise e.g., wind, friction, etc. Our main insight is that due to model inaccuracies, control-based intrusion detection techniques have a high detection threshold to avoid false positives. We propose automated process by which an attacker can learn the thresholds, and consequently perform targeted attacks against the RV. We also present algorithms for performing the attacks without requiring the attacker to expend significant effort or know specific details of the RV, making the attacks applicable to a wide range of RVs. We demonstrate the attacks on eight RV systems including three real vehicles, in the presence of an Intrusion Detection System (IDS) using control-based techniques to monitor RV’s runtime behavior and detect attacks. In addition, we show that the control-based techniques are incapable of detecting the stealthy attacks, and that the attacks can have significant adverse impact on the RV’s mission (e.g., deviate from its target significantly or result in the crash). Our findings show that using inaccurate models for invariant analysis in the case of non-linear cyber-physical systems such as RVs, opens new vulnerabilities that can be exploited to perform stealthy attacks.
Item Citations and Data
Attribution-NonCommercial-NoDerivatives 4.0 International