Simple Attacks
Learning Goals
- Understand that networked applications are vulnerable
- Motivate the need for securing robots and programs by demonstrating dangers of communicating over a shared medium
- Learn how to detect simple attacks
Description
The robots work without authentication and encryption by default. This opens up the possibility of students issuing commands to and/or asking sensor values from any robot.
In this unit students will learn about some of the weaknesses of their robot programs. After demonstrating that any user can take over any robot as well as passively listen to other user's robots, we'll introduce a simple detection mechanism to identify such instances.
This is similar to any real world scenarios involving unencrypted messages or data. These are quite vulnerable to any attacks!
Glossary
Required/Authorized Commands
listen- all robotics commands from previous unit
Activities
- Overhearing
-
When the user listens to a robot they are also signing up to receive a copy of all the commands issued to the robot in the form of messages. These messages will have the following format:
- "robot command" with payload:
robot&command - "robot message" with payload:
robot&message
- "robot command" with payload:
-
- Simple Attack
- While one student tries to use his or her robot driving program from the previous units, the other students implement an attack by issuing commands interfering with the robot. Observe performance degradation and loss of control. NetsBlox sends all robot commands to the clients as well, allowing for the simulation of overhearing as an additional attack.
- Attack Detection
- The first step in defense is being able to detect an ongoing attack. Students will extend their self-driving program to detect an attack and display a warning on their screen.
- Tug of War Game
- Students work in pairs: one has the task of writing a self-driving program that tries to escape from a circle. The other has to write an attack program that tries to prevent this escape.
Common Pitfalls
- In attack detection, students might have issues keeping the counts in sync and therefore getting false positives for presence of an attacks.
- It's important to mention that failed commands won't be overheard: network disconnect or invalid commands. We try to provide some solutions to this in the full write-up.