Search for: All records

ABSTRACT Industrial robotic systems in the era of Industry 4.0 play a pivotal role in modern manufacturing. These systems, which belong to the larger class of cyber‐physical systems (CPSs), rely heavily on advanced sensing capabilities to execute complex and delicate tasks with high precision and efficiency. It is of no surprise that the integration of sensors with Industry 4.0 robotic systems exposes them to potential cyber‐physical risks/threats. This paper addresses a critical gap in the literature of industrial robotics cybersecurity by presenting a comprehensive analysis of vulnerabilities in the sensing systems of industrial robots. In particular, we systematically explore how sensor performance limits, faults and biases can be exploited by attackers who can then turn these inherent weaknesses into security threats. Our investigation relies on a detailed literature review of a multitude of commonly used sensors in industrial robotic systems through the lens of their physics‐based operating principles, classifications, performance limits, potential faults and associated vulnerabilities against disturbances such as temperature fluctuations, electromagnetic and acoustic interference, and ambient light variations. The result of this systematic investigation is a ring chart illustrating the overlaps and entanglements of sensor faults and performance limits, which can be exploited by cyber‐physical adversaries. Additionally, we investigate the cascading effects of compromised sensor data on the operation of industrial robotic systems through a cause‐and‐effect analysis, where the sensor vulnerabilities can cause malfunction and lead to cyber‐physical damage. The result of this analysis is a sensor cyber‐physical threat cause‐and‐effect diagram, which can be employed for design of robust and effective cyber‐physical defence measures. By providing insights into sensor‐related cyber‐risks, our cyber‐physical threat analysis paves the path for enhanced industrial robotics security. 

The Controller Area Network (CAN) is widely used in the automotive industry for its ability to create inexpensive and fast networks. However, it lacks an authentication scheme, making vehicles vulnerable to spoofing attacks. Evidence shows that attackers can remotely control vehicles, posing serious risks to passengers and pedestrians. Several strategies have been proposed to ensure CAN data integrity by identifying senders based on physical layer characteristics, but high computational costs limit their practical use. This paper presents a framework to efficiently identify CAN bus system senders by fingerprinting them. By modeling the CAN sender identification problem as an image classification task, the need for expensive handcrafted feature engineering is eliminated, improving accuracy using deep neural networks. Experimental results show the proposed methodology achieves a maximum identification accuracy of 98.34%, surpassing the state-of-the-art method’s 97.13%. The approach also significantly reduces computational costs, cutting data processing time by a factor of 27, making it feasible for real-time application in vehicles. When tested on an actual vehicle, the proposed methodology achieved a no-attack detection rate of 97.78% and an attack detection rate of 100%, resulting in a combined accuracy of 98.89%. These results highlight the framework’s potential to enhance vehicle cybersecurity by reliably and efficiently identifying CAN bus senders. 

The Battery Management System (BMS) plays a crucial role in modern energy storage technologies, ensuring battery safety, performance, and longevity. However, as the BMS becomes more sophisticated and interconnected, it faces increasing cybersecurity challenges that can lead to catastrophic failures and safety hazards. This paper provides a comprehensive overview of cyberattacks targeting both traditional and wireless BMS. It explores various attack vectors, including malware injection, electromagnetic interference (EMI), temperature sensing manipulation, sensor malfunctioning and fault injection, and jamming attacks on modern BMS. Through threat modeling and vulnerability analysis, this paper examines the potential impacts on BMS functionality, safety, and performance. We highlight vulnerabilities associated with different BMS architectures and components, emphasizing the need for robust cybersecurity measures to protect against emerging threats. Cybersecurity measures are essential to protect the system from potential threats that could trigger false alarms, cause malfunctions, or lead to dangerous failures. Unauthorized access or tampering with the BMS can disrupt its fault response mechanisms, jeopardizing system performance and associated resources. Key cybersecurity strategies include intrusion detection systems (IDS), crypto-based authentication, secure firmware updates, and hardware-based security mechanisms such as trusted platform modules (TPMs). These measures strengthen BMS resilience by preventing unauthorized access and ensuring data integrity. Our findings are essential for mitigating risks in various sectors, including electric vehicles (EVs), renewable energy, and grid storage. They underscore the importance of ongoing research and development of adaptive security strategies to safeguard BMS against evolving cyber threats. Additionally, we propose a trust mechanism that secures the connection between input sensors and the BMS, ensuring the reliability and safety of battery-powered systems across various industries. 

In the current automotive ecosystem, the trend of pairing mobile devices to connected vehicles is gaining momentum, providing a vast number of benefits such as hands-free driving and remote vehicle control. However, along with these conveniences arises the issue of data accumulation, ranging from vehicle diagnostics to personal identifiable information (PII). The problem emerges when a consumer rents a vehicle, pairs their mobile device to the infotainment system, and neglects to remove their device prior to returning the vehicle. This oversight can potentially expose vulnerabilities with the current renter’s PII for subsequent renters to exploit. Research indicates that renters often overlook the deletion process prior to returning the rental vehicle and are unaware of whose responsibility it is to perform this task. In this survey, we investigated the experiences and perceptions of a group of consumers who have previously rented vehicles. We wanted to know if the participants were aware they were responsible for deleting their mobile device from the rental vehicle before returning it, the renters’ importance and tolerance for risk if they overlooked the deletion process leaving their shared data on the infotainment system for subsequent users, and if they were aware who was responsible for deleting their shared data. Lastly, we explored if the participants supported an automated solution to perform this manual deletion process. The goal of this paper is to demonstrate the significance of safeguarding PII in connected vehicles and advocate for the adoption of an automated solution to mitigate this privacy risk. 

The integration of connected autonomous vehicles (CAVs) has significantly enhanced driving convenience, but it has also raised serious privacy concerns, particularly regarding the personal identifiable information (PII) stored on infotainment systems. Recent advances in connected and autonomous vehicle control, such as multi-agent system (MAS)-based hierarchical architectures and privacy-preserving strategies for mixed-autonomy platoon control, underscore the increasing complexity of privacy management within these environments. Rental cars with infotainment systems pose substantial challenges, as renters often fail to delete their data, leaving it accessible to subsequent renters. This study investigates the risks associated with PII in connected vehicles and emphasizes the necessity of automated solutions to ensure data privacy. We introduce the Vehicle Inactive Profile Remover (VIPR), an innovative automated solution designed to identify and delete PII left on infotainment systems. The efficacy of VIPR is evaluated through surveys, hands-on experiments with rental vehicles, and a controlled laboratory environment. VIPR achieved a 99.5% success rate in removing user profiles, with an average deletion time of 4.8 s or less, demonstrating its effectiveness in mitigating privacy risks. This solution highlights VIPR as a critical tool for enhancing privacy in connected vehicle environments, promoting a safer, more responsible use of connected vehicle technology in society. 

A novel technique for electronic control unit (ECU) identification is proposed in this study to address security vulnerabilities of the controller area network (CAN) protocol. The reliable ECU identification has the potential to prevent spoofing attacks launched over the CAN due to the lack of message authentication. In this regard, we model the ECU-specific random distortion caused by the imperfections in the digital-to-analog converter and semiconductor impurities in the transmitting ECU for fingerprinting. Afterward, a 4-layered artificial neural network (ANN) is trained on the feature set to identify the transmitting ECU and the corresponding ECU pin. The ECU-pin identification is also a novel contribution of this study and can be used to prevent voltage-based attacks. We have evaluated our method using ANNs over a dataset generated from 7 ECUs with 6 pins, each having 185 records, and 40 records for each pin. The performance evaluation against state-of-the-art methods revealed that the proposed method achieved 99.4% accuracy for ECU identification and 96.7% accuracy for pin identification, which signifies the reliability of the proposed approach. 

The safety-critical nature of vehicle steering is one of the main motivations for exploring the space of possible cyber-physical attacks against the steering systems of modern vehicles. This paper investigates the adversarial capabilities for destabilizing the interaction dynamics between human drivers and vehicle haptic shared control (HSC) steering systems. In contrast to the conventional robotics literature, where the main objective is to render the human-automation interaction dynamics stable by ensuring passivity, this paper takes the exact opposite route. In particular, to investigate the damaging capabilities of a successful cyber-physical attack, this paper demonstrates that an attacker who targets the HSC steering system can destabilize the interaction dynamics between the human driver and the vehicle HSC steering system through synthesis of time-varying impedance profiles. Specifically, it is shown that the adversary can utilize a properly designed non-passive and time-varying adversarial impedance target dynamics, which are fed with a linear combination of the human driver and the steering column torques. Using these target dynamics, it is possible for the adversary to generate in realtime a reference angular command for the driver input device and the directional control steering assembly of the vehicle. Furthermore, it is shown that the adversary can make the steering wheel and the vehicle steering column angular positions to follow the reference command generated by the time-varying impedance target dynamics using proper adaptive control strategies. Numerical simulations demonstrate the effectiveness of such time-varying impedance attacks, which result in a non-passive and inherently unstable interaction between the driver and the HSC steering system. 

There are a variety of ways, such as reflashing of targeted electronic control units (ECUs) to hijacking the control of a fleet of wheeled mobile robots, through which adversaries can execute attacks on the actuators of mobile robots and autonomous vehicles. Independent of the source of cyber-physical infiltration, assessing the physical capabilities of an adversary who has made it to the last stage and is directly controlling the cyber-physical system actuators is of crucial importance. This paper investigates the potentials of an adversary who can directly manipulate the traction dynamics of wheeled mobile robots and autonomous vehicles but has a very limited knowledge of the physical parameters of the traction dynamics. It is shown that the adversary can exploit a new class of closed-loop attack policies that can be executed against the traction dynamics leading to wheel lock conditions. In comparison with a previously proposed wheel lock closed-loop attack policy, the attack policy in this paper relies on less computations and knowledge of the traction dynamics. Furthermore, the proposed attack policy generates smooth actuator input signals and is thus harder to detect. Simulation results using various tire-ground interaction conditions demonstrate the effectiveness of the proposed wheel lock attack policy. 

In face of an increasing number of automotive cyber-physical threat scenarios, the issue of adversarial destabilization of the lateral motion of target vehicles through direct attacks on their steering systems has been extensively studied. A more subtle question is whether a cyberattacker can destabilize the target vehicle lateral motion through improper engagement of the vehicle brakes and/or anti-lock braking systems (ABS). Motivated by such a question, this paper investigates the impact of cyber-physical attacks that exploit the braking/ABS systems to adversely affect the lateral motion stability of the targeted vehicles. Using a hybrid physical/dynamic tire-road friction model, it is shown that if a braking system/ABS attacker manages to continuously vary the longitudinal slips of the wheels, they can violate the necessary conditions for asymptotic stability of the underlying linear time-varying (LTV) dynamics of the lateral motion. Furthermore, the minimal perturbations of the wheel longitudinal slips that result in lateral motion instability under fixed slip values are derived. Finally, a real-time algorithm for monitoring the lateral motion dynamics of vehicles against braking/ABS cyber-physical attacks is devised. This algorithm, which can be efficiently computed using the modest computational resources of automotive embedded processors, can be utilized along with other intrusion detection techniques to infer whether a vehicle braking system/ABS is experiencing a cyber-physical attack. Numerical simulations in the presence of realistic CAN bus delays, destabilizing slip value perturbations obtained from solving quadratic programs on an embedded ARM Cortex-M3 emulator, and side-wind gusts demonstrate the effectiveness of the proposed methodology.