|
1 | 1 | # RSF |
2 | | -Robot Security Framework (RSF) |
| 2 | +Robot Security Framework (RSF) is a standardized methodology to perform security assessments in robotics. |
| 3 | + |
| 4 | +Based on the work of _Shyvakov, O. (2017). Developing a security framework for robots (Master's thesis, University of Twente)_. |
| 5 | + |
| 6 | +## Differences from _Shyvakov Robot Security Framework_: |
| 7 | +- `Component` becomes `aspect` |
| 8 | +- Content within `evaluation criteria` has been moved into further sub-sections. |
| 9 | + |
| 10 | +## Bibliography |
| 11 | +- [1] Shyvakov, O. (2017). Developing a security framework for robots (Master's thesis, University of Twente) |
| 12 | + |
| 13 | +## The `Robot Security Framework` |
| 14 | + |
| 15 | +_Text description dumping the table from [Shyvakov_MA_EEMCS (1).pdf](https://github.com/aliasrobotics/management/files/1997960/Shyvakov_MA_EEMCS.1.pdf) and reasoning about it._ |
| 16 | + |
| 17 | +## 1. `Layer`: Physical |
| 18 | +### 1.1 `Aspect`: External ports |
| 19 | +#### 1.1.1 `Criteria`: Presence of external communication ports |
| 20 | + |
| 21 | +- `Objective`: identify presence of unprotected external ports |
| 22 | +- `Rationale`: Unprotected external ports can let attackers in physical proximity to perform a variety of attacks and serve as an entry point for them |
| 23 | +- `Method`: |
| 24 | + - Inspect documentation / consult developers / inspect robot’s body and look for accessible ports (e.g. Ethernet, USB) |
| 25 | + - Open all doors, which are not protected by locks and look for ports inside |
| 26 | + - Investigate ventilation holes and see if they are wide enough to access internal communication ports |
| 27 | + |
| 28 | +#### 1.1.2 `Criteria`: Security of external communication ports |
| 29 | +- `Objective`: verify if attackers can sniff or modify any critical data during communication with a docking station or by connecting to the ports. |
| 30 | +- `Rationale`: Unprotected external ports can let attackers in physical proximity to perform a variety of attacks and serve as an entry point for them |
| 31 | +- `Method`: ... |
| 32 | + - Connect to the identified communication ports |
| 33 | + - Is authentication required to use them (e.g. Network access control for Ethernet) and do accounts meet requirements from **section 4.1?** (_review this_) |
| 34 | + - Try communicating with them, attempt fizzing to discover if robot’s state can be affected. |
| 35 | + - If a robot connects to a docking station to transfer some data, try to use sniffers to see how data exchange is being done (verify if some sensitive, configuration or control data is transferred in clear text) |
| 36 | + |
| 37 | +### 1.2 `Aspect`: Internal components |
| 38 | +#### 1.2.1 `Criteria`: Availability of internal components from outside |
| 39 | + |
| 40 | +Objective – |
| 41 | + |
| 42 | +- `Objective`: identify internal hardware that is accessible from outside without a need |
| 43 | +- `Rationale`: Directly accessible internal components can be physically damaged, stolen, tampered or completely disabled |
| 44 | +- `Method`: |
| 45 | + - Inspect robots body and look for accessible components (e.g. HDD, embedded devices) |
| 46 | + - Open all doors which are not protected by locks and look for accessible components inside |
| 47 | +- `Notes`: All cables should also remain inside of the robot. Some components require to be partially outside of the body frame (e.g. range finding systems, WI-FI/LTE antennas) in such a case only the required part should stick out, but not the whole component. |
| 48 | + |
| 49 | +## x. `Layer`: ... |
| 50 | +### x.y `Aspect`: ... |
| 51 | +#### x.y.z `Criteria`: ... |
| 52 | + |
| 53 | +- `Objective`: ... |
| 54 | +- `Rationale`: ... |
| 55 | +- `Method`: ... |
| 56 | + |
| 57 | + |
| 58 | +## Simplified template to execute the assessment |
| 59 | + |
| 60 | +| Layer | Aspect | Criteria | Objective | Rationale | Method | Assessment | |
| 61 | +| ----- | --------| --------|------------ |------------- | --------| ---------| |
| 62 | +| Physical | External ports | Presence of external communication ports | identify presence of unprotected external ports | Unprotected external ports can let attackers in physical proximity to perform a variety of attacks and serve as an entry point for them | **How to** a) Inspect documentation / consult developers / inspect robot’s body and look for accessible ports (e.g. Ethernet, USB) b) Open all doors, which are not protected by locks and look for ports inside c) Investigate ventilation holes and see if they are wide enough to access internal communication ports | | |
| 63 | +| Physical | External ports | Security of external communication ports | verify if attackers can sniff or modify any critical data during communication with a docking station or by connecting to the ports. | Unprotected external ports can let attackers in physical proximity to perform a variety of attacks and serve as an entry point for them | How to a) Connect to the identified communication ports b) Is authentication required to use them (e.g. Network access control for Ethernet) and do accounts meet requirements from section 4.1? c) Try communicating with them, attempt fizzing to discover if robot’s state can be affected. d) If a robot connects to a docking station to transfer some data, try to use sniffers to see how data exchange is being done (verify if some sensitive, configuration or control data is transferred in clear text) | | |
| 64 | +| ... | | | | | | | |
0 commit comments