Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Deriving Mobile Robot Delivery Service Security Requirements Using STRIDE Threat Modeling

STRIDE 위협모델링을 활용한 이동로봇 배송 서비스 보안 요구사항 도출

  • Ji-Yong Choi (Chonnam University) ;
  • Jae-Dong Jang (Korea Internet and Security Agency) ;
  • Sang-Joon Lee (Chonnam University)
  • 최지용 (전남대학교) ;
  • 장재동 (한국인터넷진흥원) ;
  • 이상준 (전남대학교)
  • Received : 2024.06.17
  • Accepted : 2024.08.06
  • Published : 2024.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

Due to the global low birth rate and aging population, there is a growing interest in utilizing robot technology as a solution to address labor shortages. Specifically, mobile robots, which are growing rapidly, have become intelligent enough to recognize their environment and avoid obstacles to carry out tasks. However, the integration of IT technology into these robots has led to an increase in potential security vulnerabilities, and security research has been conducted to prepare countermeasures. However, research to examine the security threats of mobile robots in general is insufficient. To enhance the overall security of robot systems, it is imperative to systematically identify security threats starting from the design phase. In this paper, we identify security threats within the mobile robot delivery service environment using a structured approach that involves Data Flow Diagram and STRIDE threat modeling. Additionally, we visualize vulnerabilities and attack techniques through Attack Tree based on the Attack Library, and a Check List has finally been created to derive security requirements. We have been conducted this study with the hope that the results derived from this study will be utilized in establishing guidelines and policies related to robot security and contribute to the establishment of a safe robot foundation.

전 세계적인 저출산과 고령화로 인해 노동력이 부족한 가운데, 해결 방안으로 로봇 기술이 각광받고 있다. 특히 급성장 중인 이동로봇은 스스로 주변 환경을 인식하고 장애물을 피해 작업을 수행할 만큼 지능화되었다. 그러나 IT 기술의 접목으로 잠재된 보안위협이 증가하였고, 대응책을 마련하기 위해 보안 연구가 진행되었다. 하지만 이동로봇 전반의 보안위협을 점검하기 위한 연구는 부족하다. 전체적인 로봇 시스템의 강화를 위해선 설계 단계부터 체계적인 방법론으로 보안위협을 식별할 필요가 있다. 본 논문에서는 이동로봇 배송 서비스 환경을 대상으로 Data Flow Diagram과 STRIDE 위협모델링을 통해 보안위협을 식별하였다. 그리고 Attack Library의 취약점과 공격기법들을 Attack Tree를 통해 도식화하고, 최종적으로 Check List를 작성하여 보안 요구사항을 도출하였다. 본 연구를 통해 도출된 결과가 로봇 보안 관련 지침 및 정책 수립 시 활용되어 안전한 로봇 기반 조성에 기여하길 바라는 마음으로 연구를 진행하였다.

Keywords

Acknowledgement

이 논문은 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 지역지능화혁신인재양성사업(IITP-2024-00156287, 50%)과 정부(과학기술정보통신부)의 재원으로 정보통신기획평가원의 지원을 받아 수행된 연구임(IITP-RS-2022-II221203, 50%)

References

  1. Outsourcing Times, "Global Mobile Robot Industry Size", https://www.outsourcing.co.kr/news/articleView.html?idxno=97459, May. 2024.
  2. "'Outdoor mobile robot' business permit ted... "New markets such as delivery and patrol have opened"", Electronic Newspaper, Nov. 2023, p. 8,
  3. Safety Journal, "Robot Mistake", https://www.anjunj.com/news/articleView.html?idxno=38016, Jun. 2024.
  4. METRO, "Robot Vacuum Cleaner", https://metro.co.uk/2022/12/22/intimate-photos-taken-by-roomba-vacuums-leakedonline-17983006/?ito=article.desktop.share.top.link, Mar. 2024.
  5. I. Reithner, M. Papa, M. Aburaia, W. Wober and C. Ambros, "Analysis of the Interaction Between Safety and Security Demonstrated on a Mobile Robot and a Production Network", Proceedings of the 32nd International DAAAM Symposium 2021, pp. 349-355, Dec. 2021.
  6. K. M. Ahmad Yousef, A. AlMajali, R. Hasan, W. Dweik and B. Mohd, "Security risk assessment of the PeopleBot mobile robot research platform", International Conference on Electrical and Computing Technologies and Applications, pp. 1-5, Nov. 2017.
  7. S. Haas, T. Ulz and C. Steger, "Secured action authorization for industrial mobile robots", 2018 IEEE Industrial Cyber-Physical Systems (ICPS), pp. 806-811, May. 2018.
  8. C. Wang, Y. C. Tok, R. Poolat, S. Chattopadhyay and M. R. Elara, "How to secure autonomous mobile robots? An approach with fuzzing, detection and mitigation", Journal of Systems Architecture, Vol. 112, no. 5, pp.1-14, Jan. 2021.
  9. Adam Shostak, Threat Modeling: Designing for Security, Wiley Publishing, Feb. 2014.
  10. M. Cagnazzo, M. Hertlein, T. Holz and N. Pohlmann, "Threat modeling for mobile health systems", 2018 IEEE Wireless Communications and Networking Conference Workshops, pp. 314-319, Apr. 2018.
  11. M. N. Anwar, M. Nazir and A. M. Ansari, "Modeling Security Threats for Smart Cities: A STRIDE-Based Approach", Smart Cities-Opportunities and Challenges, pp. 387-396, Apr. 2020.
  12. S. M. Khalil, H. Bahsi, H. O. Dola, T. Korotko, K. McLaughlin and V. Kotkas, "Threat Modeling of Cyber-Physical Systems - A Case Study of a Microgrid System", Computers &Security, Vol.124, no. C, pp. 1-16, Jan. 2023.
  13. R. H. Jacobsen and A. Marandi, "Security Threats Analysis of the Unmanned Aerial Vehicle System", MILCOM2021 - 2021 IEEE Military Communications Conference (MILCOM), pp. 316-322, Dec. 2021.
  14. International Organization for Standardization, "Robots and robotic devices-Safety requirements for personal carerobots", ISO 13482:2014, Feb. 2014.
  15. Doo-Hyun Kim, Jae-ho Choi, Seung-tae Lee and Hee-cheol Park, "Whyshould you invest in logistics robots now?", Logistics Robot [AMR] Overweight, Hana Financial Investment, May. 2023.
  16. Myeong-Cheol Park, Kang-Hyun Kim, and Hyo-Seop Jeon, "Development of an apartment type self-driving courier delivery robot", Proceedings of the Korean Society of Computer Information Conference, pp. 301-302, Jan. 2022.
  17. Seung-Bin Lee, Dong-Byun Jo, Ji-Min Kwon, Tae-Jun Choi, Hee-Beom Kim and Byeong-Kwon Kang, "Autonomous driving guidance robot using ultrasonic sensors", Proceedings of KIIT Conference, pp. 456-459, Dec. 2022.
  18. N. Sathiabalan, A. Lokimi, O. Jin, N.Hasrin, A. S. Md Zain, N. Ramli, H. Zakaria, S. Firuz, N. B. Mohd Hashim and M. Taib, "Autonomous robotic fire detection and extinguishing system", Journal of Physics Conference Series, pp. 7499-7504, Oct. 2021.
  19. J. Saike, W. Shilin, Y. Zhongyi, Z. Meina and L. Xiaolan, "Autonomous Navigation System of Greenhouse Mobile Robot Based on 3D Lidar and 2D Lidar SLAM", Frontiers in Plant Science, Vol. 13, pp. 1-18, Mar. 2022.
  20. S. Vongbunyong, K. Thamrongaphichartkul, N. Worrasittichai, A. Takutruea and T. Prayongrak, "Development of Tele-Operated Mobile Robots for COVID-19 Field Hospitals", 25th International Computer Science and Engineering Conference, pp. 319-324, Nov. 2021.
  21. D. Yanmida, S. Alim and A. Imam, "Design and Implementation of an Autonomous Delivery Robot for Restaurant Services", Journal of Electrical Engineering, Vol. 19, no. 3, pp. 66-69, Dec. 2020.
  22. Su-Min Shim, Jeong-Min Oh, Hyo-Jin Song, Si-Hyeon Park, Jae-Hoon Yoo, Won-Hee Kim, Seong-Wook Hwang, Hee-Sang Lee and JunYoung Kim, "Analysis of mobile small robot wireless communication protocols and related service trends and considerations on considerations". The Journal of Korean Institute of Communication and Information Sciences, Vol. 49, no. 1, pp. 142-156, Jan. 2024.
  23. Telecommunication Techonology Association, "Urban autonomous delivery robot service - Part 1: Interconnection requirements", TTAK.KO-10.1486-Part1, Dec. 2023.
  24. Seong-Rok Choi, Dong-Hyung Kim, Jae-Young Lee, Seung-Hwan Park, Beom-Soo Seo, Byeong-Jae Park, Byeong-Yeol Song, Jung-Bae Kim, Won-Pil Yoo and Jae-Il Jo, "Trends and implications of logistics/delivery robots in the era of the 4th Industrial Revolution", Electronics and Telecommunications Trends, Vol. 34, no. 34, pp. 98-107, Aug. 2019.
  25. Daejonilbo, "Twinny Self-Driving Robot", https://www.daejonilbo.com/news/articleView.html?idxno=2088162, May. 2024.
  26. Aju Economy, "Domestic Guidance Mobile Robot", https://www.ajunews.com/view/20210926093946950, May. 2024.
  27. Dong-Hyeon Ko, Jae-Hyun Lee, Jeong-In Kim, Beom-Sol Park and Chi-Beom Lee, "Integration of mobile robots and manipulators using ROS," Journal of the Korean Society of Manufacturing Technology Engineers, Vol. 29, no. 3, pp. 182-188, Jun. 2020.
  28. K. Rahul, H. Raheman and V. Paradkar, "Design of a 4 DOF parallel robot arm and the firmware implementation on embedded system to transplant pot seedlings", Artificial Intelligence in Agriculture, Vol. 4, no. 2, pp. 172-183, Sep. 2020.
  29. Z. Yin, D. Wang and J. Liu, "A Method of Constructing Robotics Service Platform for Assisting Handicapped or Elderly People", Journal of Robotics, Vol.2020, no. 1, pp. 1-6, Jul. 2020.
  30. H. Kabir, M. L. Thamand Y. C. Chang, "Internet of robotic things for mobile robots: Concepts, technologies, challenges, applications, and future directions", Digital Communications and Networks, Vol. 9, no. 6, pp. 1265-1290, Dec. 2023.
  31. Eui-Seon Kim, Beom-Su Kim and Ik-Sang Kim, "Implementation of a serving mobile robot using ROS", Journal of Korean Institute of Information Technology, Vol. 17, no. 2, pp 33-43, Feb. 2019.
  32. Korea Research Institute for Vocationa l Education and Training, "Robot hard ware architecture and input/output interface design", National Job Competency Standards, Dec. 2023.
  33. Ji-Tae Park, Min-Seong Lee, Bo-Seon Kim, Myeong-Seop Kim, and Chang-eui Shin, "Design of a robot control platform for efficient indoor robot control", Proceedings of Korean Institute of Communications and Information Sciences Conference, pp. 1301-1302, Jun. 2022.
  34. E. Kadena, P. D. Nguyen and L. Ruiz, "Mobile Robots: An Overview of Data and Security", 7th International Conference on Information Systems Security and Privacy, pp. 291-299, Dec. 2020.
  35. P. Guo, H. Kim, N. Virani, J. Xu, M. Zhu and P. Liu, "Exploiting Physical Dynamics to Detect Actuator and Sensor Attacks in Mobile Robots", Pennsylvania State University, Aug. 2017.
  36. JP. A. Yaacoub, H. N. Noura, O. Salman and A. Chehab "Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendations", International Journal of Information Security, Vol. 21, no. 1, pp. 115-158, Mar. 2022.
  37. K. M. Ahmad Yousef, A. Almajali, S. A. Ghalyon, W. Dweik and B. Mohd, "Analyzing Cyber-Physical Threats on Robotic Platforms", Sensors, Vol. 18, no. 5, pp. 1643-1654, May. 2018.
  38. JP. A. Yaacoub, H. N. Noura and B. Piranda, "The internet of modular robotic things: Issues, limitations, challenges, & solutions", Internet of Things, Vol. 23, no. 1, pp. 1-66, Oct. 2023.
  39. E. Basan, M. Medvedev and S. Teterevyatnikov, "Analysis of the Impact of Denial of Service Attacks on the Group of Robots", 2018 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery, pp.63-638, Sep. 2018.
  40. G. Cornelius, P. Caire, N. Hochgesch wender, M. A. Olivares-Mendez, P. Verissimo, M. Volp and H. Voos, "A Perspective of Security for Mobile Service Robots", Iberian Robotics Conference, pp. 88-100, Dec. 2017.
  41. S. Hollerer, C. Fischer, B. Brenner, M. Papa, S. Schlund, W. Kastner, J. Fabini and T. Zseby, "Cobot attack: a security assessment exemplified by a specific collaborative robot", 10th CIRP Sponsored Conference on Digital Enterprise Technologies (DET 2021), pp. 191-196, Oct. 2021.
  42. G. W. Clark, M. V. Doran and T. R. Andel, "Cybersecurity issues in robotics", 2017 IEEE Conference on Cognitive and Computational Aspects of Situation Management, pp. 1-5, Mar. 2017.
  43. E. Yagdereli, C. Gemci, A. Ziya Aktas, "A study on cyber-security of autonomous and unmanned vehicles", Journal of Defense Modeling and Simulation: Applications, Methodology, Technology, Vol. 12, no. 4, pp. 369-381, Mar. 2015.
  44. S. O. Oruma and S. Petrovic, "Security Threats to 5G Networks for Social Robots in Public Spaces: A Survey", IEEE Access, Vol. 11, pp. 63205-63237, Jun. 2023.
  45. S. Kim and T. Kim, "RoboFuzz: fuzzing robotic systems over robot operating system(ROS) for finding correctness bugs", Proceedings of the 30th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 447-458, Nov. 2022.
  46. K. -T. Xie, J. -J. Bai, Y. -H. Zou and Y. -P. Wang, "ROZZ: Property-based Fuzzing for Robotic Programs in ROS". 2022 International Conference on Robotics and Automation, pp. 6786-6792, May. 2022.
  47. MITRE, CVE-2024-30735, Apr. 2024.
  48. MITRE, CVE-2023-3103, Nov. 2023.