"Building Security Protections for Robotic Devices", Anastasiia Voitova
fwdays
487 views
28 slides
Sep 14, 2024
Slide 1 of 28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
About This Presentation
“No humans – no problems” It is critical to ensure the security of autonomous and robotic devices as they become more integrated into our daily lives. We will talk about building of defence-in-depth, ranging from OS hardening to signed over-the-air updates, as well as the implementation of eff...
Slide Content
Building Security Protections
for Robotic Systems
Anastasiia Voitova
for Robotic Systems
Anastasiia Voitova
Anastasiia Voitova
Head of Security Engineering @ Cossack Labs
cossacklabs.com
Head of Security Engineering @ Cossack Labs
cossacklabs.com
Anastasiia Voitova
Head of Security Engineering @ Cossack Labs
cossacklabs.com
Cossack Labs is a security solutions company for mission critical applications,
founded in 2014 in UK.
Building & breaking secure software/hardware in power grids, :9nance, ML/AI, ICS/
SCADA, IIoT, robotic & autonomous systems, communication systems — where data &
application security is a hard requirement.
Since 2022 — helping Ukrainian defenders be more resilient against russian
aggression in multiple domains.
Head of Security Engineering @ Cossack Labs
cossacklabs.com
Cossack Labs is a security solutions company for mission critical applications,
founded in 2014 in UK.
Building & breaking secure software/hardware in power grids, :9nance, ML/AI, ICS/
SCADA, IIoT, robotic & autonomous systems, communication systems — where data &
application security is a hard requirement.
Since 2022 — helping Ukrainian defenders be more resilient against russian
aggression in multiple domains.
Plaaaaaan
1.Robotic systems architecture.
2.Security goals and security threats.
3.Components of security system (OS hardening, device
provisioning, data security, OTA, ID and authN, reaction
on triggers).
4.Cases and examples.
Anastasiia Voitova
1.Robotic systems architecture.
2.Security goals and security threats.
3.Components of security system (OS hardening, device
provisioning, data security, OTA, ID and authN, reaction
on triggers).
4.Cases and examples.
Anastasiia Voitova
Robotic & autonomous systems
are appearing everywhere
Anastasiia Voitova
are appearing everywhere
Anastasiia Voitova
Anastasiia Voitova
AgricultureLogistics
Beehive
automation
Battle:9eld &
recon
IIoT use cases
* We will not talk about consumer IoT.
AgricultureLogistics
Beehive
automation
Battle:9eld &
recon
IIoT use cases
* We will not talk about consumer IoT.
Robotic system architecture
Anastasiia Voitova
Device
crypto module
/ TPM
sensors
SoC
WAF
data
storage
apps
RF remote
controller
Base station
SIEM
PKI
RF or
internet
telemetry, payload, video,
commands, OTA
internet
Core
infrastructure
IO
DMZ
Payload
processing
Telemetry
processing
Video
streams
processing
Fleet
mngmt
anomaly
detection
internet
* That’s a very generic scheme to show major components. Every system is unique.
Anastasiia Voitova
Device
crypto module
/ TPM
sensors
SoC
WAF
data
storage
apps
RF remote
controller
Base station
SIEM
PKI
RF or
internet
telemetry, payload, video,
commands, OTA
internet
Core
infrastructure
IO
DMZ
Payload
processing
Telemetry
processing
Video
streams
processing
Fleet
mngmt
anomaly
detection
internet
* That’s a very generic scheme to show major components. Every system is unique.
Different topologies are possible
Anastasiia Voitova
Device
Base station
Core
infrastructure
Device
Base station
Core
infrastructure
DeviceDevice
Device
Core
infrastructure
DeviceDevice
Base station
Anastasiia Voitova
Device
Base station
Core
infrastructure
Device
Base station
Core
infrastructure
DeviceDevice
Device
Core
infrastructure
DeviceDevice
Base station
Security goals
Anastasiia Voitova
1.IP protection: protection of payload & telemetry data, data from sensors,
ML models, and device :9rmware.
2.Device hijacking and control: protect communication, networking,
authenticated access, secure OTA updates.
3.Operator’s security: do not reveal operator’s and home base location.
4.System resilience: protection against reverse engineering and massive
exploits (break one device -> break them all).
Anastasiia Voitova
1.IP protection: protection of payload & telemetry data, data from sensors,
ML models, and device :9rmware.
2.Device hijacking and control: protect communication, networking,
authenticated access, secure OTA updates.
3.Operator’s security: do not reveal operator’s and home base location.
4.System resilience: protection against reverse engineering and massive
exploits (break one device -> break them all).
Identifying security threats
Physical security (direct hardware access,
side channels)
Supply chain risks (hardware, software)
Networking / connection / MitM access
Device hijacking / API vulnerabilities
(perform unauthorised commands)
Lack of :9rmware updates
Corrupted / malicious updates
Combination of threats for each module &
threats for data/command :'ow
Anastasiia Voitova
Fleet management exploits and
control over multiple devices
Data breaches and leakage
Inadequate AuthN and AuthZ
Hardware / software vulnerabilities
Cryptographic failures
Secret management issues
Poor device identi:9cation
“Evil twin”
Physical security (direct hardware access,
side channels)
Supply chain risks (hardware, software)
Networking / connection / MitM access
Device hijacking / API vulnerabilities
(perform unauthorised commands)
Lack of :9rmware updates
Corrupted / malicious updates
Combination of threats for each module &
threats for data/command :'ow
Anastasiia Voitova
Fleet management exploits and
control over multiple devices
Data breaches and leakage
Inadequate AuthN and AuthZ
Hardware / software vulnerabilities
Cryptographic failures
Secret management issues
Poor device identi:9cation
“Evil twin”
Identifying Security Threats: OWASP IoT Top10
Anastasiia Voitova
owasp.org/www-project-internet-of-things/
2018
Anastasiia Voitova
owasp.org/www-project-internet-of-things/
2018
Identifying Security Threats: OWASP ISTG
Anastasiia Voitova
github.com/OWASP/owasp-istg
Anastasiia Voitova
github.com/OWASP/owasp-istg
IoT / IIoT security guidelines and standards
github.com/OWASP/owasp-istg
OWASP ISTG
csrc.nist.gov/pubs/sp/800/213/:9nal
NIST SP 800-213
IoT Device Cybersecurity Guidance for the
Federal Government
Anastasiia Voitova
csrc.nist.gov/pubs/sp/800/82/r3/:9nal
NIST SP 800-82
Guide to Operational Technology (OT)
Security
nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.33.ipd.pdf
Product development cybersecurity handbook:
Concepts and considerations for IoT product
manufacturers
github.com/OWASP/owasp-istg
OWASP ISTG
csrc.nist.gov/pubs/sp/800/213/:9nal
NIST SP 800-213
IoT Device Cybersecurity Guidance for the
Federal Government
Anastasiia Voitova
csrc.nist.gov/pubs/sp/800/82/r3/:9nal
NIST SP 800-82
Guide to Operational Technology (OT)
Security
nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.33.ipd.pdf
Product development cybersecurity handbook:
Concepts and considerations for IoT product
manufacturers
Security components for robotic systems
Anastasiia Voitova
Hardware protection Physical ports restrictions OS hardening
Application security
Data security
(device, transport, cloud)
Communication &
network security
API security
Core infrastructure
security
Monitoring &
anomaly detection
Fleet management
web security
Provisioning pipelines
security
Code quality
Secure packaging
Secure updates
Emergency wipe
Intrusion Detection
AuthN, authZ,
access control
Supply chain &
dependency management
Backups & recovery
Reverse engineering
protections
* These are only engineering and technical controls, think also about procedures,
policies, employee management, etc.
And many more :)
Think zero trust instead of
perimeter security.
Security system is more than
a combination of controls
for each module.
Anastasiia Voitova
Hardware protection Physical ports restrictions OS hardening
Application security
Data security
(device, transport, cloud)
Communication &
network security
API security
Core infrastructure
security
Monitoring &
anomaly detection
Fleet management
web security
Provisioning pipelines
security
Code quality
Secure packaging
Secure updates
Emergency wipe
Intrusion Detection
AuthN, authZ,
access control
Supply chain &
dependency management
Backups & recovery
Reverse engineering
protections
* These are only engineering and technical controls, think also about procedures,
policies, employee management, etc.
And many more :)
Think zero trust instead of
perimeter security.
Security system is more than
a combination of controls
for each module.
Device provisioning
IaC everywhere: coded → reproducible.
Device Identi:9cation Problem is bigger than it sounds.
Generate cryptographic keys in SE, and derive all other keys from root keys.
Sign images and updates.
Test provisioning scripts, test device con:9guration after successful
provisioning, and test for provisioning interruptions.
Clean up and remove artefacts generated during provisioning.
Anastasiia Voitova
IaC everywhere: coded → reproducible.
Device Identi:9cation Problem is bigger than it sounds.
Generate cryptographic keys in SE, and derive all other keys from root keys.
Sign images and updates.
Test provisioning scripts, test device con:9guration after successful
provisioning, and test for provisioning interruptions.
Clean up and remove artefacts generated during provisioning.
Anastasiia Voitova
Device provisioning
Anastasiia Voitova
- name: Open LUKS device (key file)
ansible.builtin.command: >-
cryptsetup luksOpen --key-file {{ global_temp_path }}/cache/luks-unlocker.key
{{ loopback_dev_luks }}p2 {{ mapper_name }}
no_log: "{{ hide_log | d(true) | bool }}"
when: "'fullauto' in image_unlocker_type"
tags: ['s3', ‘image_custom']
- name: Configure LVM
ansible.builtin.command: "{{ item }}"
with_items:
- "pvcreate --force /dev/mapper/{{ mapper_name }}"
- "vgcreate vg_{{ device_name }}_root /dev/mapper/{{ mapper_name }}"
- "lvcreate -l 100%FREE -n lv_{{ device_name }}_root vg_{{ device_name }}_root"
tags: ['s3', 'image_custom']
Anastasiia Voitova
- name: Open LUKS device (key file)
ansible.builtin.command: >-
cryptsetup luksOpen --key-file {{ global_temp_path }}/cache/luks-unlocker.key
{{ loopback_dev_luks }}p2 {{ mapper_name }}
no_log: "{{ hide_log | d(true) | bool }}"
when: "'fullauto' in image_unlocker_type"
tags: ['s3', ‘image_custom']
- name: Configure LVM
ansible.builtin.command: "{{ item }}"
with_items:
- "pvcreate --force /dev/mapper/{{ mapper_name }}"
- "vgcreate vg_{{ device_name }}_root /dev/mapper/{{ mapper_name }}"
- "lvcreate -l 100%FREE -n lv_{{ device_name }}_root vg_{{ device_name }}_root"
tags: ['s3', 'image_custom']
Minimise human involvement,
isolate humans from critical deployment phases
Anastasiia Voitova
isolate humans from critical deployment phases
Anastasiia Voitova
OS hardening
Anastasiia Voitova
Remove unneeded packages, and apps, and :9les. Keep minimal.
Update packages to the stable version you :9nd appropriate. Latest doesn’t
always mean best. Think LTS.
Disable or limit root, create separate users.
Use full disk encryption, LUKS, SecureBoot.
Con:9gure WatchDog to recover from service failures.
Improve remote access security, disable SSH, setup VPN.
Dream about SELinux because who has time for that..
github.com/CISOfy/lynis
github.com/decalage2/awesome-security-hardening
Anastasiia Voitova
Remove unneeded packages, and apps, and :9les. Keep minimal.
Update packages to the stable version you :9nd appropriate. Latest doesn’t
always mean best. Think LTS.
Disable or limit root, create separate users.
Use full disk encryption, LUKS, SecureBoot.
Con:9gure WatchDog to recover from service failures.
Improve remote access security, disable SSH, setup VPN.
Dream about SELinux because who has time for that..
github.com/CISOfy/lynis
github.com/decalage2/awesome-security-hardening
Payload security
Anastasiia Voitova
payload
generation encryption
per device
storagetransfer
& TLS
transfer
& TLS
decryption re-encryption
& storage
encryptedPayload encryptedPayload
Core
infrastructure
device
payload
decryption
& usage
encryptedPayload payload
Encrypt data per each device using unique keys, tie data to device. HPKE.
Authenticate device.
Transfer data encrypted, and store encrypted on any modules that don’t need it (like base station).
Re-encrypt on device, decrypt before usage.
base station
datatracker.ietf.org/doc/rfc9180/
Anastasiia Voitova
payload
generation encryption
per device
storagetransfer
& TLS
transfer
& TLS
decryption re-encryption
& storage
encryptedPayload encryptedPayload
Core
infrastructure
device
payload
decryption
& usage
encryptedPayload payload
Encrypt data per each device using unique keys, tie data to device. HPKE.
Authenticate device.
Transfer data encrypted, and store encrypted on any modules that don’t need it (like base station).
Re-encrypt on device, decrypt before usage.
base station
datatracker.ietf.org/doc/rfc9180/
Telemetry security
Anastasiia Voitova
Telemetry (location, logs, sensor data) from device to core should be protected.
We care about con:9dentiality (often) and authenticity (always) of telemetry data.
Solutions: encryption (AEAD) and signing using device-speci:9c keys.
telemetry
processing decryption,
validation
storagetransfer
& TLS
transfer
& TLS
encryption, signing,
storage
encryptedTelemetry encryptedTelemetry
Core
infrastructure
device
telemetry
generation
encryptedTelemetry
base station
Anastasiia Voitova
Telemetry (location, logs, sensor data) from device to core should be protected.
We care about con:9dentiality (often) and authenticity (always) of telemetry data.
Solutions: encryption (AEAD) and signing using device-speci:9c keys.
telemetry
processing decryption,
validation
storagetransfer
& TLS
transfer
& TLS
encryption, signing,
storage
encryptedTelemetry encryptedTelemetry
Core
infrastructure
device
telemetry
generation
encryptedTelemetry
base station
Reverse engineering protections
Anastasiia Voitova
Code obfuscation and active debug detection techniques.
Honeypots and honeytokens, fake ssh, fake APIs, fake apps.
Wipe and clean up on emergencies.
Partial (SE) or complete (the whole device) self-destruction.
Alert the core infrastructure of what’s happening.
Physical tamper-evidence.
github.com/jaksi/sshesame
The goal is to make attacker’s life more complicated, save IP and payload.
Anastasiia Voitova
Code obfuscation and active debug detection techniques.
Honeypots and honeytokens, fake ssh, fake APIs, fake apps.
Wipe and clean up on emergencies.
Partial (SE) or complete (the whole device) self-destruction.
Alert the core infrastructure of what’s happening.
Physical tamper-evidence.
github.com/jaksi/sshesame
The goal is to make attacker’s life more complicated, save IP and payload.
Protecting telemetry data in state-wide critical
infrastructure network
Anastasiia Voitova
Challenges
✦ Hardware emitting telesignals is a heavily outdated legacy equipment.
✦ Telemetry data signals must be transmitted securely and reliably.
✦ There’s no direct communication link between power distribution stations and central
dispatch system.
✦ Security of CNI and power grids has a direct effect on the real life.
Solution
✦ Emitter: ARM-based devices that parse telemetry signal data, unificate its format to be
understood by central SCADA system and encrypt data for further secure processing.
Processor: Acra-based cluster in central TSO datacenter to analyse encrypted data.
Results
✦ The solution made telemetry data transmitted securely, instantly available for dispatch
system and stored for further analysis. The solution is compatible with SCADA legacy system
and compliant with regulatory requirements.
cossacklabs.com/case-studies/tso/
infrastructure network
Anastasiia Voitova
Challenges
✦ Hardware emitting telesignals is a heavily outdated legacy equipment.
✦ Telemetry data signals must be transmitted securely and reliably.
✦ There’s no direct communication link between power distribution stations and central
dispatch system.
✦ Security of CNI and power grids has a direct effect on the real life.
Solution
✦ Emitter: ARM-based devices that parse telemetry signal data, unificate its format to be
understood by central SCADA system and encrypt data for further secure processing.
Processor: Acra-based cluster in central TSO datacenter to analyse encrypted data.
Results
✦ The solution made telemetry data transmitted securely, instantly available for dispatch
system and stored for further analysis. The solution is compatible with SCADA legacy system
and compliant with regulatory requirements.
cossacklabs.com/case-studies/tso/
Cryptographic failures in RF encryption allow
stealing robotic devices
Results
✦ Abusing RF encryption protocols to perform replay attacks and control robotic devices.
✦ Reverse engineering UVs, breaking into cloud infrastructure, and compromising other active
UVs from there.
cossacklabs.com/blog/cryptographic-
failures-in-rf-encryption/
stealing robotic devices
Results
✦ Abusing RF encryption protocols to perform replay attacks and control robotic devices.
✦ Reverse engineering UVs, breaking into cloud infrastructure, and compromising other active
UVs from there.
cossacklabs.com/blog/cryptographic-
failures-in-rf-encryption/
Protecting edge-devices against tampering and
reverse engineering
Anastasiia Voitova
Challenges
✦ Devices handle sensitive data, but they are autonomous: they should be resilient against
attempts to reverse engineer, connect, and dig through data.
✦ There should be a way to provision and operate devices at scale, monitor, update remotely,
flag as compromised.
✦ Security should go through hardware, firmware, software, AI/ML and data components.
Solution
✦ The ecosystem contains multiple parts: operations on devices, communication between
devices and centralised server, fleet management, ML models usage, etc. Security protection
measures follow sensitive assets lifecycle and go through all layers.
Results
✦ With a mesh of security controls and reverse engineering protections, the [REDACTED]
company is confident that competitors won't be able to steal the IP or abuse devices easily.
cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/
reverse engineering
Anastasiia Voitova
Challenges
✦ Devices handle sensitive data, but they are autonomous: they should be resilient against
attempts to reverse engineer, connect, and dig through data.
✦ There should be a way to provision and operate devices at scale, monitor, update remotely,
flag as compromised.
✦ Security should go through hardware, firmware, software, AI/ML and data components.
Solution
✦ The ecosystem contains multiple parts: operations on devices, communication between
devices and centralised server, fleet management, ML models usage, etc. Security protection
measures follow sensitive assets lifecycle and go through all layers.
Results
✦ With a mesh of security controls and reverse engineering protections, the [REDACTED]
company is confident that competitors won't be able to steal the IP or abuse devices easily.
cossacklabs.com/case-studies/iiot-security-a-hive-and-a-queen/
Developing technology for identifying and tracking
robotic devices
Challenges
✦ Identification and tracking the UVs used in Ukraine is complicated.
✦ Requires secure data collection and processing for operational awareness, mission control
and analytics.
✦ Existing solutions don’t fit threat model and don’t protect operator’s position.
Solution
✦UA Drone ID is a technology designed by Cossack Labs: protocol, reference implementation
and ready-to-use SDKs. It’s a combination of cryptography, data security, physical device
security and orchestration of numerous security components into a cohesive security
architecture in a large distributed system. It’s based on zero-trust security controls assuming
both Drone and Ground Station will get into wrong hands.
Results
✦First MVP is adopted among several vendors and is actively used on the battlefield. More
updates are under development, supported by Ministry of Digital Transformation of Ukraine,
Ministry of Defence of Ukraine, and Aerorozvidka NGO.
mil.gov.ua/news/2024/04/10/zapobigannya-druzhnomu-vognyu-ta-analiz-vikoristannya-bezpilotnikiv/
robotic devices
Challenges
✦ Identification and tracking the UVs used in Ukraine is complicated.
✦ Requires secure data collection and processing for operational awareness, mission control
and analytics.
✦ Existing solutions don’t fit threat model and don’t protect operator’s position.
Solution
✦UA Drone ID is a technology designed by Cossack Labs: protocol, reference implementation
and ready-to-use SDKs. It’s a combination of cryptography, data security, physical device
security and orchestration of numerous security components into a cohesive security
architecture in a large distributed system. It’s based on zero-trust security controls assuming
both Drone and Ground Station will get into wrong hands.
Results
✦First MVP is adopted among several vendors and is actively used on the battlefield. More
updates are under development, supported by Ministry of Digital Transformation of Ukraine,
Ministry of Defence of Ukraine, and Aerorozvidka NGO.
mil.gov.ua/news/2024/04/10/zapobigannya-druzhnomu-vognyu-ta-analiz-vikoristannya-bezpilotnikiv/
“Our goal is for robots to :9ght, not people”
Anastasiia Voitova
send.monobank.ua/jar/8mhNpmHTbz
aerorozvidka.ngo/uk/donate-page/
send.monobank.ua/jar/6wxu6RBqsB
Anastasiia Voitova
send.monobank.ua/jar/8mhNpmHTbz
aerorozvidka.ngo/uk/donate-page/
send.monobank.ua/jar/6wxu6RBqsB
1. Build multi-layered security: follow data :'ows rather than
relying on perimeter protection for each module.
2. Minimise human involvement and automate security procedures
to reduce chances of mistakes.
Anastasiia Voitova
Lessons learnt
3. Design security controls so that exploit of one device does not lead
to the failure of the whole system.
relying on perimeter protection for each module.
2. Minimise human involvement and automate security procedures
to reduce chances of mistakes.
Anastasiia Voitova
Lessons learnt
3. Design security controls so that exploit of one device does not lead
to the failure of the whole system.
Anastasiia Voitova
Head of Security Engineering @ Cossack Labs
cossacklabs.com
[email protected]
The end
Head of Security Engineering @ Cossack Labs
cossacklabs.com
[email protected]
The end
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 487
- Slides 28
- Age 446 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
49 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
48 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
35 views
21
Know for Certain
DaveSinNM
23 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views