To Make a Robot Secure: An Experimental Analysis of Cyber Security Threats Against Teleoperated Surgical Robots

Teleoperated robots are playing an increasingly important role in military actions and medical services. In the future, remotely operated surgical robots will likely be used in more scenarios such as battlefields and emergency response. But rapidly growing applications of teleoperated surgery raise the question; what if the computer systems for these robots are attacked, taken over and even turned into weapons? Our work seeks to answer this question by systematically analyzing possible cyber security attacks against Raven II, an advanced teleoperated robotic surgery system. We identify a slew of possible cyber security threats, and experimentally evaluate their scopes and impacts. We demonstrate the ability to maliciously control a wide range of robots functions, and even to completely ignore or override command inputs from the surgeon. We further find that it is possible to abuse the robot's existing emergency stop (E-stop) mechanism to execute efficient (single packet) attacks. We then consider steps to mitigate these identified attacks, and experimentally evaluate the feasibility of applying the existing security solutions against these threats. The broader goal of our paper, however, is to raise awareness and increase understanding of these emerging threats. We anticipate that the majority of attacks against telerobotic surgery will also be relevant to other teleoperated robotic and co-robotic systems.

[1]  References , 1971 .

[2]  M G Strintzis,et al.  Network and data security design for telemedicine applications. , 1997, Medical informatics = Medecine et informatique.

[3]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[4]  Robert H. Deng,et al.  Secure the image-based simulated telesurgery system , 2003, Proceedings of the 2003 International Symposium on Circuits and Systems, 2003. ISCAS '03..

[5]  S. Becker THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT , 2004 .

[6]  B. Hannaford,et al.  Doc at a Distance , 2006, IEEE Spectrum.

[7]  Elske Ammenwerth,et al.  End-to-end Security in Telemedical Networks - A Practical Guideline , 2007, Int. J. Medical Informatics.

[8]  Blake Hannaford,et al.  Field Operation of a Surgical Robot via Airborne Wireless Radio Link , 2007 .

[9]  Cristina L. Abad,et al.  An Analysis on the Schemes for Detecting and Preventing ARP Cache Poisoning Attacks , 2007, 27th International Conference on Distributed Computing Systems Workshops (ICDCSW'07).

[10]  Blake Hannaford,et al.  Objective Assessment of Telesurgical Robot Systems: Telerobotic FLS , 2008, MMVR.

[11]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[12]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[13]  Blake Hannaford,et al.  Evaluation of unmanned airborne vehicles and mobile robotic telesurgery in an extreme environment. , 2008, Telemedicine journal and e-health : the official journal of the American Telemedicine Association.

[14]  Bruno Sinopoli,et al.  Secure control against replay attacks , 2009, 2009 47th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[15]  Blake Hannaford,et al.  Effect of time delay on telesurgical performance , 2009, 2009 IEEE International Conference on Robotics and Automation.

[16]  S. Lipsitz,et al.  Comparative effectiveness of minimally invasive vs open radical prostatectomy. , 2009, JAMA.

[17]  S. Shankar Sastry,et al.  Safe and Secure Networked Control Systems under Denial-of-Service Attacks , 2009, HSCC.

[18]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[19]  Blake Hannaford,et al.  Preliminary protocol for interoperable telesurgery , 2009, 2009 International Conference on Advanced Robotics.

[20]  Zhiwei Li,et al.  Secure software attestation for military telesurgical robot systems , 2010, 2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE.

[21]  Matti Valovirta,et al.  Experimental Security Analysis of a Modern Automobile , 2011 .

[22]  Hovav Shacham,et al.  Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[23]  Kevin Fu,et al.  They can hear your heartbeats: non-invasive security for implantable medical devices , 2011, SIGCOMM.

[24]  Bhavani M. Thuraisingham,et al.  Cyberphysical systems security applied to telesurgical robotics , 2012, Comput. Stand. Interfaces.

[25]  Blake Hannaford,et al.  Raven-II: An Open Platform for Surgical Robotics Research , 2013, IEEE Transactions on Biomedical Engineering.

[26]  Ehab Al-Shaer,et al.  Adaptive Information Coding for Secure and Reliable Wireless Telesurgery Communications , 2013, Mob. Networks Appl..