Pritam Dash, Mehdi Karimibiuki, and Karthik Pattabiraman, Annual Computer Security Applications Conference (ACSAC), 2019. (Acceptance Rate: 22.6%) [ PDF | Talk ] (Code – Artifacts Reusable Badge from ACM)(Videos) This work appeared in the media and was ranked one of the top 10 cybersecurity innovations in Canade for the year 2019 by SERENE-RISC (Eureka alert)(TechXplore)(Globalnews)(Market Associates)(Helpnet, SERENE-RISC digest)
Abstract: Robotic vehicles (RVs) are cyber-physical systems that operate in the physical world under the control of software functions. They are increasing in adoption in many industrial sectors. RVs rely on sensors and actuators for system operations and navigation. Control algorithm based estimation techniques have been used in RVs to minimize the effects of noisy sensors, prevent faulty actuator output, and recently, detecting attacks against RVs. In this paper, we propose three kinds of attacks to evade the control-based detection techniques and cause RVs to malfunction. We also propose automated algorithms for performing the attacks without requiring the attacker to expend significant effort or know specific details of the RV, making the attacks applicable to a wide range of RVs. We demonstrate these attacks on ArduPilot simulators and two real RVs (a drone and a rover) in the presence of an Intrusion Detection System (IDS) using control estimation models to monitor the runtime behavior of the system. We find that the control models are incapable of detecting our stealthy attacks, and that the attacks can have significant adverse impact on the RV’s mission.