Litcius/Paper detail

CORMAND2: A Deception Attack Against Industrial Robots

Hongyi Pu, Liang He, Peng Cheng, Jiming Chen, Youxian Sun

2023Engineering11 citationsDOIOpen Access PDF

Abstract

Industrial robots are becoming increasingly vulnerable to cyber incidents and attacks, particularly with the dawn of the Industrial Internet-of-Things (IIoT). To gain a comprehensive understanding of these cyber risks, vulnerabilities of industrial robots were analyzed empirically, using more than three million communication packets collected with testbeds of two ABB IRB120 robots and five other robots from various Original Equipment Manufacturers (OEMs). This analysis, guided by the confidentiality–integrity–availability (CIA) triad, uncovers robot vulnerabilities in three dimensions: confidentiality, integrity, and availability. These vulnerabilities were used to design Covering Robot Manipulation via Data Deception (CORMAND2), an automated cyber–physical attack against industrial robots. CORMAND2 manipulates robot operation while deceiving the Supervisory Control and Data Acquisition (SCADA) system that the robot is operating normally by modifying the robot’s movement data and data deception. CORMAND2 and its capability of degrading the manufacturing was validated experimentally using the aforementioned seven robots from six different OEMs. CORMAND2 unveils the limitations of existing anomaly detection systems, more specifically the assumption of the authenticity of SCADA-received movement data, to which we propose mitigations for.

Topics & Concepts

RobotSCADAComputer securityDeceptionConfidentialityComputer scienceOriginal equipment manufacturerAnomaly detectionEngineeringArtificial intelligenceElectrical engineeringOperating systemSocial psychologyPsychologySmart Grid Security and ResiliencePhysical Unclonable Functions (PUFs) and Hardware SecurityAdvanced Malware Detection Techniques
CORMAND2: A Deception Attack Against Industrial Robots | Litcius