Abstract
Robots are often used in highly sensitive, safety-critical, or high-value applications (e.g. medical, nuclear, space, offshore, manufacturing). Where AI is not able or trusted to perform the necessary tasks, humans operators are required to train or directly control these systems. However, robots are not usually built with security as a key concern, and malicious actors need to be identified before they can cause damage or disruption through the robot’s operation. Of particular interest is ensuring whether operators of robots are who they claim to be, i.e., there is a need for identification and authentication. Traditionally, authentication is carried out through passwords or demonstrating possession of a token such as a smart card, but these are one-shot approaches and confidence in authentication wanes as time elapses. Thus, repeated authentication may be needed to provide ongoing confidence, though, in practice, such repeated actions may be highly disruptive. In this paper, we evaluate how ongoing user behaviour monitoring can be used as the basis for unobtrusive continuous user authentication, which is a form of biometric behaviour modelling. To gather data, we use a simulation in which a group of users hand-guide a robotic manipulator to perform a task (analogous to teaching by demonstration or teleoperation), with some users posing as malicious agents. We then tested our continuous authentication technique against a popular behavioural biometric attack called a ‘mimicry attack.’
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Robot simulator coppeliasim: create, compose, simulate, any robot coppelia robotics. https://www.coppeliarobotics.com/
Almohamade, S.S., Clark, J.A., Law, J.: Behaviour-Based biometrics for continuous user authentication to industrial collaborative robots. In: Maimut, D., Oprina, A.-G., Sauveron, D. (eds.) SecITC 2020. LNCS, vol. 12596, pp. 185–197. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-69255-1_12
Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., Chizeck, H.J.: To make a robot secure: an experimental analysis of cyber security threats against teleoperated surgical robots. arXiv preprint arXiv:1504.04339 (2015)
Cerrudo, C., Apa, L.: Hacking robots before skynet. IOActive Website, pp. 1–17 (2017)
Clarke, N.: Transparent User Authentication: Biometrics, RFID and Behavioural Profiling. Springer Science & Business Media, London (2011). https://doi.org/10.1007/978-0-85729-805-8
Freese, M., Singh, S., Ozaki, F., Matsuhira, N.: Virtual robot experimentation platform V-REP: a versatile 3D robot simulator. In: Ando, N., Balakirsky, S., Hemker, T., Reggiani, M., von Stryk, O. (eds.) SIMPAR 2010. LNCS (LNAI), vol. 6472, pp. 51–62. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17319-6_8
Gafurov, D., Snekkenes, E., Bours, P.: Spoof attacks on gait authentication system. IEEE Trans. Inf. Forensics Secur. 2(3), 491–502 (2007)
Gleirscher, M., Johnson, N., Karachristou, P., Calinescu, R., Law, J., Clark, J.: Challenges in the safety-security co-assurance of collaborative industrial robots. arXiv preprint arXiv:2007.11099 (2020)
Granitto, P.M., Furlanello, C., Biasioli, F., Gasperi, F.: Recursive feature elimination with random forest for PTR-MS analysis of agroindustrial products. Chemometr. Intell. Lab. Syst. 83(2), 83–90 (2006)
Hadid, A., Evans, N., Marcel, S., Fierrez, J.: Biometrics systems under spoofing attack: an evaluation methodology and lessons learned. IEEE Sig. Process. Mag. 32(5), 20–30 (2015)
Khalid, A., Kirisci, P., Khan, Z.H., Ghrairi, Z., Thoben, K.D., Pannek, J.: Security framework for industrial collaborative robotic cyber-physical systems. Comput. Ind. 97, 132–145 (2018)
Khan, H., Hengartner, U., Vogel, D.: Targeted mimicry attacks on touch input based implicit authentication schemes. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, pp. 387–398 (2016)
Khan, H., Hengartner, U., Vogel, D.: Mimicry attacks on smartphone keystroke authentication. ACM Trans. Priv. Secur. (TOPS) 23(1), 1–34 (2020)
Kumar, R., Phoha, V.V., Jain, A.: Treadmill attack on gait-based authentication systems. In: 2015 IEEE 7th International Conference on Biometrics Theory, Applications and Systems (BTAS), pp. 1–7. IEEE (2015)
Maggi, F., Quarta, D., Pogliani, M., Polino, M., Zanchettin, A.M., Zanero, S.: Rogue robots: Testing the limits of an industrial robot’s security. Technical Report, Trend Micro, Politecnico di Milano (2017)
Mansfield, A.J., Wayman, J.L.: Best practices in testing and reporting performance of biometric devices (2002)
Mjaaland, B.B., Bours, P., Gligoroski, D.: Walk the walk: attacking gait biometrics by imitation. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 361–380. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_31
Riel, A., Kreiner, C., Macher, G., Messnarz, R.: Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Ann. 66(1), 177–180 (2017)
Roberts, C.: Biometric attack vectors and defences. Comput. Secur. 26(1), 14–25 (2007)
Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., Uluagac, A.S.: A survey on sensor-based threats and attacks to smart devices and applications. IEEE Commun. Surv. Tutorials 23(2), 1125–1159 (2021)
Tey, C.M., Gupta, P., Gao, D.: I can be you: questioning the use of keystroke dynamics as biometrics (2013)
Uludag, U., Jain, A.K.: Attacks on biometric systems: a case study in fingerprints. In: Security, Steganography, and Watermarking of Multimedia Contents VI, vol. 5306, pp. 622–634. International Society for Optics and Photonics (2004)
Yaacoub, J.-P.A., Noura, H.N., Salman, O., Chehab, A.: Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations. Int. J. Inf. Secur. 1–44 (2021). https://doi.org/10.1007/s10207-021-00545-8
Acknowledgements
Shurook S. Almohamade is supported by a PhD studentship from Taibah University, Medina, Saudi Arabia. James Law and John Clark are supported in part by the CSI: Cobot project, sponsored by the Assuring Autonomy International Programme (AAIP), a partnership between Lloyd’s Register Foundation and the University of York, UK.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Almohamade, S.S., Clark, J.A., Law, J. (2021). Mimicry Attacks Against Behavioural-Based User Authentication for Human-Robot Interaction. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2021. Lecture Notes in Computer Science(), vol 13136. Springer, Cham. https://doi.org/10.1007/978-3-030-93747-8_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-93747-8_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-93746-1
Online ISBN: 978-3-030-93747-8
eBook Packages: Computer ScienceComputer Science (R0)