The Future of Household Robots: Ensuring the Safety and Privacy of Users
Total Page:16
File Type:pdf, Size:1020Kb
The Future of Household Robots: Ensuring the Safety and Privacy of Users Tamara Denning C y n t h i a M a t u s z e k K a r l K o s c h e r Joshua R. Smith T a d a y o s h i K o h n o Computer Science and Engineering University of Washington Focus of This Talk: Robots, Security, and Privacy 2 This talk is about two things: The future of robots in the home Computer security and privacy To make sure we‟re all on the same page, first: Brief background on robots Brief background on security and privacy 11/24/2009 What is a Robot? 3 Cyber-physical system with: Mobility Sensors Actuators Some reasoning capabilities (potentially) CC images courtesy of: http://www.flickr.com/photos/bbum/133956572/, http://www.flickr.com/photos/deadair/220147470/, http://www.flickr.com/photos/cmpalmer/3380364862/ 11/24/2009 What is a Robot? 4 Cyber-physical system with: Mobility Sensors Actuators Some reasoning capabilities (potentially) Applications: Elder care Physically-enabled smart home 11/24/2009 What is Security? 5 Security: Systems behave as intended even in the presence of an adversary 11/24/2009 What is Security? 6 Security: Systems behave as intended even in the presence of an adversary NOT Safety: Systems behave as intended even in the presence of accidental failures 11/24/2009 Security for Robots? 7 To understand the importance of security for robots, we give context: A brief history of computers and computer security. 11/24/2009 Timeline: Computers 8 1940 1970 2000 11/24/2009 Timeline: Computers 9 1951 UNIVAC 1946 ENIAC 1944 Colossus 1940 1970 2000 11/24/2009 Timeline: Computers 10 1984 Apple Macintosh 1982 Commodore 64 1981 IBM Personal Computer 1977 Apple II 1974 Altair 8800 1940 1970 2000 11/24/2009 Timeline: Computers 11 1990 World Wide Web 1940 1970 2000 11/24/2009 Timeline: Computers 12 2006 Twitter 2005 YouTube 2004 Facebook 1998 Google 1995 Ebay 1994 Amazon 1940 1970 2000 11/24/2009 Timeline: Computers 13 1940 1970 2000 11/24/2009 Timeline: Computers 14 Now looking at computer security… 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 15 1971 Phone Phreaking 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 16 1982 The 414s break into 60 computer systems 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 17 1986 “The Brain” Virus 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 18 1988 Morris Worm 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 19 2000 DDoS Attack 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 20 • Rootkits 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 21 • Rootkits • Trojan Horses 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 22 • Rootkits • Trojan Horses • Botnets 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 23 • Rootkits • Trojan Horses • Botnets • Phishing 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 24 • Rootkits • Trojan Horses • Botnets • Phishing • Keyloggers 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 25 • Rootkits • Trojan Horses • Botnets • Phishing • Keyloggers • Cross-Site Scripting 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 26 • Rootkits • Trojan Horses • Botnets • Phishing • Keyloggers • Cross-Site Scripting • etc. 1940 1970 2000 11/24/2009 Timeline: Computer Security Attacks 27 Observations: • The attack rate increases • The attacks lag behind the technology 1940 1970 2000 11/24/2009 Timeline: Robots 28 1979 Robotics Institute founded at Carnegie Mellon University 1960 2000 2020 11/24/2009 Timeline: Robots 29 1982 WABOT-2 accompanies people on a keyboard instrument 1960 2000 2020 11/24/2009 Timeline: Robots 30 1986 Honda founds Humanoid Robot Division 1960 2000 2020 11/24/2009 Timeline: Robots 31 1999 AIBO 1960 2000 2020 11/24/2009 Timeline: Robots 32 2000 ASIMO 1960 2000 2020 11/24/2009 Timeline: Robots 33 2001 Paro therapeutic seal 1960 2000 2020 11/24/2009 Timeline: Robots 34 2002 Roomba 1960 2000 2020 11/24/2009 Timeline: Robots 35 2005 Actroid Android 2005 Wakamaru Companion Robot 1960 2000 2020 11/24/2009 Timeline: Robots 36 2008 Okonomiyaki Robot 1960 2000 2020 11/24/2009 Timeline: Robots 37 2010 ? HAL exoskeleton 1960 2000 2020 11/24/2009 Timeline: Robots 38 1960 2000 2020 11/24/2009 Timeline: Robot Security 39 Observation: • No attacks on robot security yet Recall (computer security): • The attack rate increases • The attacks lag behind the technology What is the future of robot security? 1960 2000 2020 11/24/2009 Robot Security and Privacy in Context 40 Our focus: Robot security and privacy Evil people doing bad things with robots Most likely near term security and privacy threat 11/24/2009 Robot Security and Privacy in Context 41 Our focus: Robot security and privacy Evil people doing bad things with robots Most likely near term security and privacy threat Evil robots Popular topic of science fiction Unlikely near term security and privacy threat Other challenges to mixing humans with robots Safety Human-robot interaction 11/24/2009 Talk Outline 42 Part 1. Introduction Part 2. Assessing the Risks: Today and Tomorrow Part 3. Challenges and Next Steps 11/24/2009 Understanding Current and Future Risks: The Computer Security Approach 43 Identify representative examples of future tech Assess the security and privacy vulnerabilities of those examples Determine risks for today and extrapolate risks for tomorrow 11/24/2009 There are many household robots for sale… 44 How to pick which robots to study? Roomba (vacuum) Scooba (mop) Robomow (lawn mower) Pleo (artificial Lego Mindstorm NXT FlyTech Bladestar lifeform toy) (toy and learning kit) (flying toy) 11/24/2009 Axes for Selecting Representatives Robots 45 Strategy: Pick robots that span likely properties of future robots Different Groups of Intended Users Mobility Actuators Sensors Communication Methods 11/24/2009 Our Selection: Spanning the Axes 46 RoboSapien V2 Rovio Spykee Robots purchased for experimentation during or before October 2008.11/24/2009 RoboSapien V2 47 • Toy for children and hobbyists • Mobile, bipedal • Basic Dexterity • Controlled by IR remote • Some autonomous behavior • Pre-programmed speech 11/24/2009 Rovio 48 • For adults • Telepresence • Home surveillance • Check up up on relatives • Follows pre-programmed IR beacons 11/24/2009 Spykee 49 • Toy for children • Assembled and configured by children • Telepresence: Parent can tuck in kids when out of town • “Spy” robot 11/24/2009 50 So, what vulnerabilities did we find? 11/24/2009 51 So, what vulnerabilities did we find? Focusing on Spykee and Rovio for now (we‟ll come back to RoboSapien V2 later) 11/24/2009 Remote Discovery 52 (Artificial data -- not real locations of robots) 11/24/2009 Eavesdropping (shown in ad hoc mode) 53 Neighbor or Hacker in a car CC images courtesy of: http://www.flickr.com/photos/wwworks/3039389897/, http://www.flickr.com/photos/jamimages/83601411/ 11/24/2009 Intercepting Credentials (Remote Mode) 54 254757324 523476784 561436546 456436345 09867028 09867028 934149871 User: 934149871 358357619 alice1 358357619 035602844 Password: 035602844 pass1 http://spykeeworld.com 11/24/2009 Physical Takeover 55 With credentials: Drive the robot anywhere Access the AV stream at any time 11/24/2009 What the vulnerabilities mean to people… 56 We discussed some vulnerabilities… What do these vulnerabilities mean to people and their environment? 11/24/2009 What the vulnerabilities mean to people… 57 We discussed some vulnerabilities… What do these vulnerabilities mean to people and their environment? (We did not implement these attacks.) Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. 11/24/2009 Rovio: Spy on Home 58 Spy/eavesdrop in the home Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/3mieszczanka/3253181023/ 11/24/2009 Rovio: Spy on Home 59 Spy/eavesdrop in the home Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/arthurohm/1977354073/ 11/24/2009 Rovio: Spy on Home 60 Spy/eavesdrop in the home Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/paladin27/2277420652/ 11/24/2009 Rovio: Spy on Home 61 Spy/eavesdrop in the home Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/affixations/2542167108/ 11/24/2009 Rovio: Move Around the Home 62 Move around rooms of the house to facilitate spying and eavesdropping Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. 11/24/2009 Rovio: Property Damage 63 Use weight to cause minor property damage Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/kacey3/2002598626/ 11/24/2009 Rovio: Create Hazards 64 E.g., Bowl of grapes near an infant Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/mindfire/3256681195/ 11/24/2009 Rovio: Trip People 65 Drive underneath elder‟s feet to trip them Many risks today are minor. We explore attack scenarios because they illustrate potential future risks with household robots. CC image courtesy of: http://www.flickr.com/photos/marktristan/2733951264/ 11/24/2009 Rovio: People with Dementia 66 Make sounds to confuse people with dementia Displace objects to confuse people with dementia Many risks today are minor.