Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice

Zhu, Quanyan; Raß, Stefan; Dieber, Bernhard; Vilches, Víctor Mayoral

doi:10.48550/arxiv.2103.05789

Cited by 2 publications

(2 citation statements)

References 118 publications

(165 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, the increased connectivity in an IoT network inevitably enlarges the attack surface and enables the attacker to access the system from multiple entry points [1]. Second, modern 5G IoT networks consist of heterogeneous devices, diverse applications, and third-party services, and not all of them are accompanied by regular security updates [2]. It leads to multiple vulnerabilities that can be exploited by an attacker to access the network.…”

Section: Introductionmentioning

confidence: 99%

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

Ge,

Zhu

2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

The increasing connectivity in the 5G Internet of Things networks has enlarged the attack surface and made the traditional security defense inadequate for sophisticated attackers, who can move laterally from node to node with stored credentials once build a foothold in the network. There is a need to shift from the perimeter-based defense to a zerotrust security framework that focuses on agent-centric trust evaluation and access policies to identify malicious attackers, and proactively delay their lateral movement while ensuring system performance. In this work, we propose a GAme-theoretic ZEro-Trust Authentication framework, known as GAZETA, to design interdependent trust evaluation and authentication policies using dynamic game models. The stealthy and dynamic behaviors of the agent are captured by a Markov game with one-sided incomplete information. We provide a quantitative trust evaluation mechanism for the agent and update the trust score continuously based on observations. The analysis of the equilibrium not only provides a way to quantitatively assess the security posture of the network but also enables a formal method to design zero-trust authentication policies. We propose a moving-horizon computational method to enable online decisions and rapid responses to environmental changes. This online computation also enables a dynamic trust evaluation that integrates multiple sources of security evidence. We use a case study to illustrate the resilience, robustness, and efficiency of the proposed zero-trust approach.

show abstract

Section: Introductionmentioning

confidence: 99%

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

Ge,

Zhu

2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

show abstract

“…The recent advances in cloud services, data communication, and automation technologies have increased flexibility and efficiency in modern network systems [1]. However, the adoption of smart devices and the Internet of Things (IoT) has brought up new and expanding cyber risks, not just capable of impacting a particular device but creating severe concerns in the whole system [2]. The increasing connectivity, heterogeneity, and dynamic accessing environments inevitably enlarge the attack surface and lead to multiple vulnerabilities that attackers can exploit.…”

Section: Introductionmentioning

confidence: 99%

Scenario-Agnostic Zero-Trust Defense with Explainable Threshold Policy: A Meta-Learning Approach

Ge¹,

Li²,

Zhu³

2023

Preprint

View full text Add to dashboard Cite

The increasing connectivity and intricate remote access environment have made traditional perimeter-based network defense vulnerable. Zero trust becomes a promising approach to provide defense policies based on agent-centric trust evaluation. However, the limited observations of the agent's trace bring information asymmetry in the decision-making. To facilitate the human understanding of the policy and the technology adoption, one needs to create a zero-trust defense that is explainable to humans and adaptable to different attack scenarios. To this end, we propose a scenario-agnostic zero-trust defense based on Partially Observable Markov Decision Processes (POMDP) and firstorder Meta-Learning using only a handful of sample scenarios. The framework leads to an explainable and generalizable trustthreshold defense policy. To address the distribution shift between empirical security datasets and reality, we extend the model to a robust zero-trust defense minimizing the worst-case loss. We use case studies and real-world attacks to corroborate the results.

show abstract

Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice

Cited by 2 publications

References 118 publications

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

GAZETA: GAme-Theoretic ZEro-Trust Authentication for Defense Against Lateral Movement in 5G IoT Networks

Scenario-Agnostic Zero-Trust Defense with Explainable Threshold Policy: A Meta-Learning Approach

Contact Info

Product

Resources

About