Scribd Logo
Upload

Welcome to Scribd!

  • Robots Designs

    Uploaded by

    Arshi Chadha
    11 views12 pages
    The document discusses potential robot design considerations and attack scenarios. It proposes the following cybersecurity capture the flag (CTF) ideas: 1) An authentication bypass CTF where an alien planet tries to impersonate the intended planet by cracking the robot's crypto key. 2) A resource exhaustion CTF where an adversary causes the robot's memory to fill up, preventing it from storing and sending data. 3) A priority inversion CTF where a high priority interrupt takes over the robot's main task of collecting and sending data.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses potential robot design considerations and attack scenarios. It proposes the following cybersecurity capture the flag (CTF) ideas: 1) An authentication bypass CTF where an alien planet tries to impersonate the intended planet by cracking the robot's crypto key. 2) A resource exhaustion CTF where an adversary causes the robot's memory to fill up, preventing it from storing and sending data. 3) A priority inversion CTF where a high priority interrupt takes over the robot's main task of collecting and sending data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views12 pages

    Robots Designs

    Uploaded by

    Arshi Chadha
    The document discusses potential robot design considerations and attack scenarios. It proposes the following cybersecurity capture the flag (CTF) ideas: 1) An authentication bypass CTF where an alien planet tries to impersonate the intended planet by cracking the robot's crypto key. 2) A resource exhaustion CTF where an adversary causes the robot's memory to fill up, preventing it from storing and sending data. 3) A priority inversion CTF where a high priority interrupt takes over the robot's main task of collecting and sending data.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Robots Designs

    1
    Some design considerations:
    ● How complex do we want our operations to be?
    ● Do we want only physical device access attacks?
    ● Do we want to consider some network attacks as well, if the device is
    assumed to be communicating with a server?
    ● Having network into the picture opens up whole new world of attacks.

    2
    Storyline:
    ● Automated room idea remains the same with automations such as:
    ○ firing some wake-up/birthday alarms
    ○ bringing food to the owner
    ○ making bed for sleep for the owner
    ○ doing laundry of the owner etc.
    ○ opening up curtains for the owner in the daytime automatically and close in the night
    ○ remembering todo lists of the owner
    ● Additional:
    ○ aliens have sent this robotic toy on the earth, which in the daytime acts as the owner’s best friend and
    turns off its connection to the server.
    ○ but in the night time, it steps out and starts collecting data about the earth i.e. it is actually a
    Earth-rover for the aliens.
    ● Possible adversaries:
    ○ aliens from different planet who want to destroy planet A’s robot’s capabilities to learn about Earth.
    ○ owner’s roommate who wants to just make their life more difficult out of academic competition.

    3
    CTF ideas:

    4
    #1 Authentication bypass
    Scenario: The robot while sending data back to the planet A, needs to make sure that it is talking
    to the intended planet’s aliens.

    Therefore, it needs authentication mechanism on the embedded system.

    Challenge:

    > Crypto key needs some form of randomization.

    > Given, limited resources availability on the robot, how can we guarantee randomization?

    CTF:

    Suppose, randomization is being achieved on the robot using current time and let’s say precision
    on the robot is just second-based? So easily crackable?

    5
    Input validation error
    Scenario: The robot takes in the value from the owner as to- when to wake the
    owner up?
    Challenge:
    > The aliens are not as smart as the highly sophisticated earth humans and
    CMU has not yet opened up on their planet to teach them good technical skills.
    Therefore, they forgot to validate the inputs by the owner. The roommate entered
    a negative value, which when converted to an unsigned integer, gave funny
    results and the owner could not wake up on the day of her thesis presentation.
    CTF:
    Take input value for the alarm clock and the roommate will enter a negative value.

    6
    Absolute timing error:
    Scenario: The robot was supposed to die in the year 2055. However, the maximum
    capacity of the rover to record time is just upto 2053 due to 32-bit register limitation.
    Challenge:
    > It is 2022 year going on and the aliens are happily sipping their tea and are very
    happy with their product and are sleeping peacefully in the night. In the meanwhile, wrap
    parameter of the timer can be tempered with by the planet B’s aliens and thus, the robot
    can be killed earlier than it was supposed to die.
    CTF:
    > What if the wrap parameter is maximized too? Will the aliens stop receiving timestamps
    along with the useful information?

    7
    Resource Exhaustion:
    Scenario: The robot was supposed to collect a number of values, such as earth’s
    temperature, humidity etc. during the day and store them in its own memory, till
    the night when the robot actually starts sending data back to the planet A.

    Challenge:

    > Memory on the robot is a fairly limited resource.

    Possible CTF:

    > What if the memory gets exhausted?

    8
    Priority inversion:
    Scenario: As we know our rover becomes the Earth-rover during the night and
    starts collecting and sending data over to the Planet A in the night.
    Challenge:
    > What if a person roaming on the roads in the night got hold of the rover and
    they start pressing a button that does some trivial job like saying- “Hi, I’m She-Ra,
    R-she’s best friend”. This will interrupt the device’s job to collect and send data
    back to the planet A.
    Possible CTF:
    > Have a higher priority interrupt, which when fired, takes over the real job of the
    rover and thus defeat its purpose at critical times?

    9
    Naive forward secrecy:
    Scenario: The aliens on planet A are very excited about their Earth-rover project and
    want to use the latest security practices to secure communications between their rover
    and their planet. Therefore, they use encryption to exchange unique session keys,
    encrypted with the shared key K.
    Challenge:
    > What is planet B’s rover breaks into their network and is able to crack the private
    key of the planet A’s rover.
    Possible CTF:
    > What if the shared key K is cracked? All session keys will be broken and thus, planet B
    will be able to decrypt all conversations between the rover and the planet A’s aliens.

    10
    Relative timing error?

    11
    Data corruption?

    12

    You might also like