Robotic security use cases and implementation for a secure future
In this article, Manoj Rajashekaraiah, Principal Engineer, Analog Devices will provide an overview of the components that constitute an industrial robot/cobot.
It’s worth noting that many of these similar components are also commonly used in autonomous mobile robots (AMRs) and pick-and-place systems. Subsequently, we will explore various robotic security use cases, showcasing how ADI’s security products simplify the implementation of security in these diverse robotic control systems.
Building secure robotic control systems: essential technical capabilities and development approach
We are visiting this section for a better understanding of key technical capabilities and technologies required to implement secure robotic control systems, which include:
• Secure authentication: integration of secure authenticators to verify device/component identity
• Secure coprocessors: utilisation of dedicated hardware for secure storage and cryptographic operations
• Secure communication: implementation of encrypted protocols for protected data exchange
• Access control: enforcement of granular permissions to restrict unauthorised system access
• Physical security measures: incorporation of measures to protect against physical tampering
In addition to these aspects, system developers must adopt a structured approach to secure development, including requirements gathering, threat modelling, secure design, implementation, testing, certification, and maintenance. Following a secure development life cycle (SDL) ensures security from the start.
An overview of components in industrial robots and cobots
Figure 1 shows typical components associated with the operation of industrial robots/cobots. Table 1 gives a quick overview of the different components.
Figure 1. Components of industrial robots/cobots.
Robotic security use cases: harnessing ADI’s expertise and products for design and implementation
Trusted PLC operation and gateway protection
The combination of PLCs and robotic controllers offers precise control in factory automation setups, enabling fine-grained control over various processes. In recent years, advancements in robotic technology have led to the development of integrated controllers that possess PLC-like functionality. Ensuring the reliability and security of PLC operation is of utmost importance when it comes to maintaining the safe operation of a factory automation setup. See Figure 2.
Figure 2. Enabling security with PLC.
Usage of devices like the MAXQ1065 (the ultra low power cryptographic controller with ChipDNA technology for embedded devices) within PLCs can support the following use cases:
Note: ChipDNA technology harnesses unique traits of electronic components to generate a secure cryptographic key. This key isn’t stored in memory or any fixed state, greatly enhancing protection against cyberattacks.
• Secure identification and clone prevention of the PLC modules
• Secure boot and firmware download
• Asymmetric key mutual authentication between PLC modules and PLC servers
• Establish secure communication session with ECDH key exchange
• Use of AES for encryption and decryption of network packets
Direct node to Cloud security
Node-to-Cloud communication (see Figure 3) in robotics enables several functionalities such as remote monitoring, data analysis, software updates, etc. It is crucial to secure the communication happening between the node and the Cloud.
Figure 3. Integration for the MAXQ1065 to enable the direct node to Cloud security.
The MAXQ1065 offers enhanced security features for sensor-to-Cloud and sensor-to-gateway communication:
• Enables the implementation of transport layer security (TLS) protocol, ensuring secure and encrypted data transmission. TLS verifies authenticity and safeguards sensitive information, making it essential for secure communication between nodes and the Cloud
• Facilitates secure communication for proprietary sensor-to-gateway or node-to-gateway connections. The controller helps establish a protected communication channel by enabling key exchange and data encryption, enhancing security for RF-based or other proprietary protocols
• Offers additional security features like node authentication, trusted node operation, secure boot, and secure firmware updates. These features enhance system security by validating node identity, ensuring trusted operations, and protecting against unauthorised modifications
Sensor data protection
Figure 4. Sensor data protection.
• Data at rest can be encrypted with ChipDNA technology
• Critical calibration data of sensor or sensor configuration information can be stored within the secure storage of the MAXQ1065 to prevent it from tampering or leaking. Further, it can be stored encrypted in the system. See Figure 4
Supply chain security
Supply chain security includes broad topics. See Figure 5.
• Prevention of product clones (counterfeit)
• Securing software-based feature enablement to prevent IP loss and revenue loss
• Verification of hardware authenticity. See Figure 6
Supply chain security can be easily enabled by using ADI’s secure authenticators.
• Preprogrammed authenticators from ADI provide robust protection against counterfeiting
• Secure life cycle management and key management ensure that assets remain secure throughout the device/product’s life cycle
• ADI’s authenticators enable secure feature enablement, protecting valuable intellectual property
Figure 5. Testing for authenticity with a challenge-and-response sequence.
Figure 6. A hardware authentication example using the DS28E01-100.
Secure PLC to node communication
Secure authenticators can help secure communication, for example, between PLCs and actuators or sensors and between PLCs and the supervisory control and data acquisition (SCADA) control system (in the PLC, not in the SCADA system). It helps enable TLS protocol, which is a widely used transport layer security protocol in internet protocol-based communications.
Joint authentication in robots
Implementing joint authentication (see Figure 7) in robots significantly enhances overall security by ensuring that only legitimate and authorised entities can interact within the robotic system. It effectively prevents unauthorised access, strengthens communication security, and contributes to the system’s overall integrity and reliability.
Figure 7. Joint authentication.
Joint secure boot
Joint secure boot (see Figure 8) in robots provides a strong foundation for a secure and trusted operating environment. It protects against unauthorised software execution, malware, and tampering, enhancing system security and reliability. By establishing a chain of trust and verifying the integrity of software components, joint secure boot ensures the overall integrity and authenticity of the robotic system’s operation. Joint secure updates are also enabled in a similar way.
Figure 8. Joint secure boot.
Selective feature enablement in joint and robot controller
Post successful secure boot the application microcontroller unit (MCU)/processor/field programmable gate array (FPGA) can read the secure configurable memory of the authenticator/coprocessor to selectively enable the feature in the joint/robot controller. See Figure 9.
Figure 9. A typical joint block diagram.
Figure 10. Joint secure communication.
Calibration data storage — joint and robot controller
Calibration data storage is critical to maintaining accurate measurements in peripherals that undergo individual calibration at the factory. By securely storing this data within an authenticator, organisations can ensure its integrity and protect it from unauthorised access. The host system can then retrieve and utilise this stored data, enabling more precise and reliable measurements from the peripherals. Secure calibration data storage enhances the overall accuracy and performance of the system, providing valuable insights and maintaining high quality standards.
Joint secure communication
Joint secure communication enhances the overall security posture of a robotic system, ensuring trusted and protected data exchange. See Figure 10.
Conclusion
In securing the future of robotics, cybersecurity is paramount. Robust measures, such as secure authentication, encrypted communication, and supply chain security, are crucial to protect against threats. ADI’s products and solutions provide advanced security features, ensuring the integrity and reliability of robotic systems. By prioritising cybersecurity and leveraging ADI’s expertise, we can unlock the full potential of robotics while safeguarding against emerging risks in an interconnected world.
References
Jean-Paul A. Yaacoub, Hassan N. Noura, Ola Salman, and Ali Chehab. “Robotics Cyber Security: Vulnerabilities, Attacks, Countermeasures, and Recommendations.” International Journal of Information Security, March 2021.
Christophe Tremlet. “The IEC 62443 Series of Standards: How to Defend Against Infrastructure Cyberattacks.” Analog Devices, Inc., April 2023.
“Protect Your R&D Investment with Secure Authentication.” Analog Devices, Inc. “The Basics of Using the DS28S60.” Analog Devices, Inc.
Featured products
MAX17793
Analog Devices Inc.
3V to 80V, 3A, High-Efficiency, Synchronous Step-Down DC-DC Converter
| SKU: | MAX17793 |
|---|---|
| Stock: | 9316 |
| Cost: | $3.64 |
MAX22516
Analog Devices Inc.
IO-Link Data Link Controller with Transceiver and Integrated DC-DC
| SKU: | MAX22516 |
|---|---|
| Stock: | 8000 |
| Cost: | $5.42 |
Product Spotlight
102991834
BeagleBoard
Single Board Computer (SBC), BeagleY-AI
AM67A BeagleY-AI Jacinto 7 AR...
| SKU: | 2820-102991834-ND |
|---|---|
| Stock: | 271 |
| Cost: | $55.61 |
SC1110
Raspberry Pi
Raspberry Pi 5 2GB
The Raspberry Pi 5 2GB model represents a leap for...
| SKU: | 2648-SC1110-ND |
|---|---|
| Stock: | 116 |
| Cost: | $38.33 |
AKX00069
Arduino
Arduino Plug and Make Kit
The Arduino Plug and Make Kit features the ...
| SKU: | 1050-AKX00069-ND |
|---|---|
| Stock: | 981 |
| Cost: | $66.97 |
300361-0011
Molex
MX150 Mid-Voltage MatSealed Female Connector Assembly, Dual Row, 20 Circ...
| SKU: | 900-3003610011-ND |
|---|---|
| Stock: | 280 |
| Cost: | $2.37 |
