Abstract:
Cyber-physical systems (CPS) are increasingly deployed as part of the interconnected robotic cyber-infrastructures which are known as the Industrial Internet of Things (IIoT) network. Those pervasive devices are capable of automatizing various tasks and provide novel functionalities in a wide range of applications. However, this growth made the devices a worthwhile target for attackers and cybercriminals as well. The new frontiers of large-scale deployments of connected smart devices, in which we observed a tremendous growth in the amount of stored and processed sensitive data, have maturated into a widespread suspicion concerning the way in which these flow into the infrastructures. How do we make these devices safe? How can we verify their correct operation? Due to the intrinsic limitations of those devices, either from the power consumption point of view and the actual computational power at our disposal, engineering cybersecurity solutions are not trivial. This thesis focuses on discussing and developing security solutions for those networks by analyzing the application of the security pillars of Confidentiality, Integrity, Availability, Privacy, Authenticity and Trustworthiness, Non-Repudiation, Accountability, and Auditability. We provide an overview of the robotic scene and introduce the Robot Operating System (ROS), the framework we adopted as a testbed of our solutions. More in detail, this work discusses (i) novel solutions in the field of authentication and authorization in access control architectures and policy generation, management, and distribution, (ii) vulnerabilities and countermeasures in robotic frameworks, and (iii) novel approaches of network vulnerabilities excavation and accountability. In order to provide agnostic research tools and results, we develop static solutions at the application-level that could exploit prior offline computation power.
The main results of the thesis can be summarized as follows: (i) a state of the art analysis of application-level threats on a general robotic framework and an in-deep review of the attack surface on ROS (ii) the formalization of novel approaches to access control architectures distribution, and the dissertation of an advanced policy management tooling we developed in the field of authentication and authorization
(iii) the definition of a novel network vulnerability excavation tool and discussion on attribute-based encryption to tackle privacy issues (iv) creation of a blockchain-powered software-based black box for a robotic network to address Accountability and Non-Repudiation
The results discussed in this thesis give a solid base for the definition of the future security mechanisms for robotic devices that could be easily and securely integrated into big-scale deployments spreading security solutions by reducing overall the tradeoff between security and usability.