Day 3: Simple attacks. Detection. Denial of Service attacks.

The robots work without authentication and encryption by default. This opens up the possibility of students issuing commands to and/or asking sensor values from any robot.

 

  • Simple Attack. While one student tries to use his or her robot driving program from the previous day, the other students implement an attack by issuing commands interfering with robot. Observe performance degradation.
    Video
  • Attack detection. The first step in defense is being able to detect an ongoing attack. Students will extend their self-driving program to detect an attack and display a warning on their screen. (NetsBlox sends all robot commands to the clients as well simulating overhearing.)
  • Simple Rate Control. The first step in defense is being able to detect an ongoing attack. Students will extend their self-driving program to detect an attack and display a warning on their screen. (NetsBlox sends all robot commands to the clients as well simulating overhearing.)
  • Tug of War game. Students work in pairs: one has the task of writing a self-driving program that tries to escape from circle. The other has to write an attack program that tries to prevent this. 
  • Source-Specific Rate Control. NetsBlox will provide an RPC to start source-specific rate control: the students will be able to set a rate for their own robots that controls the maximum frequency the server will accept requests from each client to send commands to the given robot. The RPC will have arguments for the rate and the timeout a given client will be locked out if the rate exceeds the limit. This approach will prevent the DoS attack, but students will learn about the implications: their own legitimate programs will have to be careful not to exceed the rate limit. 
  • Cyber-Security of Cars. Some of the known vulnerabilities and attacks are reviewed in the context of modern cars. This presentation is based on the paper "Survey on Security Threats and Protection Mechanisms in Embedded Automotive Networks" by I. Studnia et al.    Slides | Video
  • Denial of Service attack. In the previous exercise, students realized that the simplest yet very effective attack is DoS. We will further demonstrate this by having one robot trying to drive around while all other clients will ask sensor values from the robot at a rapid pace. Demonstrate this with both square driving and manual driving. Repeat manual driving race.