KAUST SENTRY team wins prestigious CSAW'22 embedded system hacking competition

The four students from the KAUST Secure Next Generation Resilient Systems (SENTRY) Lab who recently won the CSAW'22 HMR Challenge. From L-R: Ioannis Zografopoulos, Alyah Alfageh, Li Zhou and Shijie Pan. Photo courtesy of Professor Charalambos Konstantinou.

By David Murphy
 
Four KAUST Ph.D. students from the KAUST Secure Next Generation Resilient Systems (SENTRY) Lab recently won the CSAW Cybersecurity Games & Conference’s (CSAW'22) "Hack My Robot Challenge (HMR)." 
 
Featuring 12 cyber competitions, workshops and industry events, CSAW—which took place this year from November 9-12—is the most comprehensive student-run cybersecurity event in the world. 
 
The students—Alyah Alfageh, Shijie Pan, Li Zhou (M.S.) and Ioannis Zografopoulos (Ph.D.)—took part in the CSAW MENA region organized by New York University Abu Dhabi (NYUAD). The HMR challenge was created to raise awareness and familiarize students with the cybersecurity issues in industrial environments where robotic agents operate.

 

A challenging challenge 


This year marked the first edition of the embedded system competition, which the S.M.A.R.T. Construction Research Group at NYUAD organized with support from the university’s Center for Cybersecurity (CCS) and Center for AI and Robotics (CAIR).
 
The competition consisted of two rounds, a qualification and a final round, in which participants attacked the robot and compromised its operation. The organizers provided participants with a small, remotely operated autonomous robot, TurtleBot3, which created detailed maps of uncharted environments using its camera and light detection and ranging sensors. 
 
The team then implemented different attack types to illustrate the impact sophisticated and persistent hacking threats could have in a mission-critical industrial environment.
 
“During the prep process, we tried various methods to see if we could achieve the expected results,” Zografopoulos explained. “After our presentation, the judges decided which attack assumptions, implementations and compromises were better executed and announced the winners.
 
“Our group intercepted packets exchanged between the robot and its operator and performed packet inspection and modification attacks, compromising the exchanged data's integrity. In this false data injection attack scenario, by carefully crafting our malicious payloads, we could control the robot’s speed and navigation,” he added.
 
The group then planted a “backdoor” on the robot that allowed the students to fully control the robotic agent remotely, adding, removing, or manipulating any aggregated data, control commands and maps created.
 
“Our last attack demonstrated the disastrous consequences that can arise if adversaries can achieve persistence on an industrial asset. In our case, the robotic agent,” Zhou noted.
 
“We were able to secure first place, regardless of some technical difficulties that most teams had to go through. It was a great experience not only because we won the first prize but also because we learned a lot and improved our abilities during this competition.”
 

The KAUST SENTRY Lab

The research focus of the SENTRY Lab is in the area of cybersecurity and resilience of industrial control, critical power grid infrastructure and embedded systems. The lab follows the concept of an attacking "red team" versus a "blue team" that responds to the intrusion. 
 
Using this concept, SENTRY's researchers design adaptive, novel modeling methods, monitoring schemes and control algorithms to detect, prevent, and mitigate the risk of cyberattacks. The group's research aims to create secure and resilient computing systems by employing computer security fundamentals and cyber-physical engineering applications. 
 
The group’s principal investigator, KAUST Assistant Professor of Computer Science Charalambos Konstantinou, praised his students for their recent success: “My students' win makes me feel excited and proud. To win at CSAW for the second consecutive year—with a mixed team of current and newly joined students—shows that, at SENTRY and KAUST, we build cybersecurity capacity and have the needed expertise in the field.

“My goal as my group’s advisor is to teach practical skills and habits to my students. And the high-caliber research we do in our lab is affirmed by winning such hands-on competitions,” he emphasized. “However, more critical for me is the ability to motivate, guide and mentor my students throughout their learning process. This will enable them to pursue their academic and professional goals, develop their path and defend their ideas and opinions.” 

“The team would like to thank our advisor, Prof. Konstantinou, for encouraging us to participate in this challenge and providing enough time and guidance throughout the competition. I also think if the group were not structured, cooperative and had good team skills, we would not have been able to reach the final round and win,” Alyah noted.
 
“We had great fun as a team. Given our previous experience with embedded systems competitions such as CSAW ESC, we were naturally intrigued by another embedded system competition,” Pan said. 

“We would like to thank the NYUAD CCS and CAIR for this great initiative and for letting us keep the competition robot for further experimentation,” Zografopoulos concluded.