While researching on the landscape of cybersecurity in robotics we encountered CTFs. Capture The Flag (CTF) competitions are designed as the outdoor game and computer game counterparts (e.g. Unreal Tournament, Counter Strike, etc). A flag is hidden somewhere over an scenario and teams or individuals attempt to capture it, scoring points accordingly. The flags consist of secret data and the player needs to exploit weaknesses present in code or binaries to capture it.

This article brings up the work we performed about the last couple of years and provides a walkthrough on how to launch simple scenarios and extend it yourself

Robots state of insecurity is onstage. There is an emerging concern about major robot vulnerabilities and their adverse consequences. However, there is still a considerable gap between robotics and cybersecurity domains. For the purpose of filling that gap, we presented the Robotics CTF (RCTF), a playground to challenge robot security using Docker. In our original work, we described the architecture of the RCTF and provided 9 scenarios where hackers can challengethe security of different robotic setups. Our work empowers security researchers to a) reproduce virtual robotic scenarios locally and b) change the networking setup to mimic real robot targets. We advocate for hacker powered security in robotics and contribute by open sourcing our scenarios.

Introduction

The robotics landscape is rapidly evolving. Robots are spreading and will soon be everywhere. Systems traditionally employed in industry are being replaced by collaborative robots, and an increasing amount of professional and consumer robots are introduced in people’s daily activities. Following Personal Computers (PCs) and smartphones, robots are called to be the next technological revolution. Withal, robot cybersecurity is being largely underestimated, since safety cannot be granted without security [1].

Over the last decade, the domains of security and cybersecurity have been substantially democratized, attracting individuals to many sub-areas within security assessment. According to recent technical reports summarizing hacker’s activity in different sectors [2], [3], most security researchers are currently reporting vulnerabilities in websites (70.8%) or mobile phones (smartphones, 5.6%), and there is only a marginal contribution to emerging technologies such as Internet of the Things (IoT) devices (2.6%). To date, only some pioneering offensive security studies [4], [5] have yet published relevant data about robotics’ state-of-insecurity, but it seems to be an emerging field of research. We believe that the main reasons for this lag have been twofold. In a first aspect, robot security is a complex subject from a technological perspective which requires an interdisciplinary array of backgrounds, including security researchers, roboticists, software engineers and hardware engineers. In a second aspect, there are few guidelines or tools, and little formal documentation to assess robot security [6], [7]. However, recent contributions have shed some light on the need of taking into account systematic security on robot deployments, inter alia [8] [9].

Furthermore, some of the components of modern robotics such as the Robot Operating System [10] (ROS) was developed as research platforms, and were purposefully developed without any security concerns. Some recent work demonstrated that robots powered by ROS are deployed revealing major vulnerabilities and flaws or simply left unprotected[11]. As the current state of ROS security is under question by the hacker and researcher community, there have been laudable but discrete efforts among the roboticists by adopting early security implementations. Through projects like SROS[12] or Secure ROS, other available research works have dealt with hardening particular aspects of ROS [11],[12], [13], [14], [15], [16], [17], [18], [19]. But, overall, those have been poorly explored in the practice. We believe that the robotics community and the ROS community could both greatly benefit from an integrative collaborative effort in an offensive security approach for robotics.

rctf3

In an attempt to raise awareness around robot security, we presented the Robotics CTF (RCTF)

Robotics CTF (RTCF)

Motivated by the growing insecurity in the field of robotics and the lack of security countermeasures adopted by robot manufacturers, our team is proud to introduce the first Robotics Capture The Flag game: the Robotics CTF (RCTF). The RCTF has been designed to be a playground, available using one of the most popular technology, such as Docker. This facilitate the process of learning robot hacking step by step. White-hat hacker audience is invited to test, challenge, learn and interact with state of the art of robot environments, from an educational perspective and with robot security as the final goal. Gradually, the accomplishments during the RCTF program enable the ethical hacker to acquire the competences to assess robot security. To play the RCTF, a user only need to have Docker installed on her/his machine and compile the images, instructions are available on each scenario. All available scenarios are linked on the following github repository.

Alias Robotics’ RCTF consists on an array of serial scenarios that hackers have to successfully complete as fast and accurately as possible, in order to get the password.

Robotics CTF is designed to provide hackers with a full experience of the security landscape in robotics. Designed scenarios allows to learn using tools such as ROS, is compatible with other hacking tools and provides robot simulation through Gazebo [20]. The first scenarios are education-oriented and, by achieving those, the hacker will gain basic know-how for the forecoming challenges. The scenarios depicted in RCTF are fictitious and do not have real-world counterparts, but do certainly reflect similarities with current real platforms in robotics.

A quick walkthrough

Let's try one of the available scenarios. We'll go with https://github.com/aliasrobotics/rctf-scenario1:

alias  ~/Alias/rctf-scenario1   master  docker run -it rctf-scenario1 bash
... logging to /root/.ros/log/754b0162-637d-11ea-83ec-0242ac110002/roslaunch-338f5327952b-29.log
Checking log directory for disk usage. This may take awhile.
Press Ctrl-C to interrupt
Done checking log file disk usage. Usage is <1GB.

started roslaunch server http://338f5327952b:36657/
ros_comm version 1.12.14


SUMMARY
========

PARAMETERS
 * /rosdistro: kinetic
 * /rosversion: 1.12.14

NODES

auto-starting new master
process[master]: started with pid [40]
ROS_MASTER_URI=http://338f5327952b:11311/

setting /run_id to 754b0162-637d-11ea-83ec-0242ac110002
process[rosout-1]: started with pid [53]
started core service [/rosout]
  ___     _         _   _          ___ _____ ___
 | _ \___| |__  ___| |_(_)__ ___  / __|_   _| __|
 |   / _ \ '_ \/ _ \  _| / _(_-< | (__  | | | _|
 |_|_\___/_.__/\___/\__|_\__/__/  \___| |_| |_|


 Scenario 1:
 Unprotected topics show a lot of interesting information.
 Search on them to get your answer.
 Useful tools: rostopic
root@338f5327952b:/# rostopic list
/flag
/rosout
/rosout_agg
root@338f5327952b:/#
root@338f5327952b:/#
root@338f5327952b:/# rostopic echo /flag
data: "br{N(*-E6NgwbyWc"
---
data: "br{N(*-E6NgwbyWc"
---
data: "br{N(*-E6NgwbyWc"
---

Contributing

We also invite security researchers to share their scenarios with the RCTF community. We gladly accept contributions through Pull Requests at rctf-list. Therein, the procedure of RCTF scenario submission is summarized, which require a short description of the goal of each scenario.

For more details about our work, read the full paper here.


  1. Robot hazards: from safety to security  PDF Alzola Kirschgens, L., Zamalloa Ugarte, I., Gil Uriarte, E., Muniz Rosas, A. and Mayoral Vilches, V., 2018. ArXiv e-prints. ↩︎

  2. The hacker-powered security report. Hackerone, 2017. Hacker-one white paper. ↩︎

  3. The 2018 hacker report. Hackerone, 2018. Hacker-one white paper. ↩︎

  4. Towards an open standard for assessing the severity of robot security vulnerabilities PDF, the Robot Vulnerability Scoring System (RVSS), Mayoral Vilches, V., Gil-Uriarte, E., Zamalloa Ugarte, I., Olalde Mendia, G., Izquierdo Pisón, R., Alzola Kirschgens, L., Bilbao Calvo, A., Hernández Cordero, A., Apa, L. and Cerrudo, C., 2018. ArXiv e-prints. ↩︎

  5. Hacking Robots Before Skynet, Cerrudo, C. and Apa, L., 2017. ↩︎

  6. Framework for improving critical infrastructure cybersecurity, version 1.0, Sedgewick, A., 2014.
    Framework for Improving Critical Infrastructure Cybersecurity ↩︎

  7. Standards, N.I.o. and Technology, ., 2016. ↩︎

  8. Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics  PDF, Mayoral Vilches, V., Alzola Kirschgens, L., Bilbao Calvo, A., Hernández Cordero, A., Izquierdo Pisón, R., Mayoral Vilches, D., Muñiz Rosas, A., Olalde Mendia, G., Usategi San Juan, L., Zamalloa Ugarte, I., Gil-Uriarte, E., Tews, E. and Peter, A., 2018. ArXiv e-prints. ↩︎

  9. Security framework for industrial collaborative robotic cyber-physical systems, Khalid, A., Kirisci, P., Khan, Z.H., Ghrairi, Z., Thoben, K. and Pannek, J., 2018. Computers in Industry, Vol 97, pp. 132 - 145. DOI: https://doi.org/10.1016/j.compind.2018.02.009 ↩︎

  10. ROS: an open-source Robot Operating System, Quigley, M., Conley, K., Gerkey, B., Faust, J., Foote, T., Leibs, J., Wheeler, R. and Ng, A.Y., 2009. ICRA workshop on open source software, Vol 3(3.2), pp. 5. ↩︎

  11. Building Secure Robot Applications. Finnicum, M. and King, S.T., 2011. HotSec. ↩︎

  12. A preliminary cyber-physical security assessment of the robot operating system (ros), McClean, J., Stull, C., Farrar, C. and Mascarenas, D., 2013. Unmanned Systems Technology XV, Vol 8741, pp. 874110. ↩︎

  13. Application-level security for ROS-based applications, Dieber, B., Kacianka, S., Rass, S. and Schartner, P., 2016. Intelligent Robots and Systems (IROS), 2016 IEEE/RSJ International Conference on, pp. 4477—4482. ↩︎

  14. Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS, Lera, F.J.R., Balsa, J., Casado, F., Fernández, C., Rico, F.M. and Matellán, V., 2016. Málaga, Spain, pp. 47. ↩︎

  15. A Study on ROS Vulnerabilities and Countermeasure, Jeong, S., Choi, I., Kim, Y., Shin, Y., Han, J., Jung, G. and Kim, K., 2017. Proceedings of the Companion of the 2017 ACM/IEEE International Conference on Human-Robot Interaction, pp. 147—148. ↩︎

  16. Security for the Robot Operating System, Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S. and Schartner, P., 2017. Robotics and Autonomous Systems, Vol 98, pp. 192—203. Elsevier. ↩︎

  17. Cybersecurity of Robotics and Autonomous Systems: Privacy and Safety, Lera, F.J.R., Llamas, C.F., Guerrero, Á.M. and Olivera, V.M., 2017. Robotics-Legal, Ethical and Socioeconomic Impacts. InTech. ↩︎

  18. Quantitative analysis of security in distributed robotic frameworks, Martín, F., Soriano, E. and Cañas, J.M., 2018. Robotics and Autonomous Systems, Vol 100, pp. 95—107. Elsevier. ↩︎

  19. Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot, Giaretta, A., De Donno, M. and Dragoni, N., 2018. ArXiv e-prints. ↩︎

  20. Design and Use Paradigms for Gazebo, An Open-Source Multi-Robot Simulator, Koenig, N. and Howard, A., 2004. In IEEE/RSJ International Conference on Intelligent Robots and Systems, pp. 2149—2154. ↩︎