Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Survey on Privacy Attacks Against Digital Twin Systems in AI-Robotics

Ivan A. Fernandez, Subash Neupane, Trisha Chakraborty, Shaswata Mitra, Sudip Mittal, Nisha Pillai, Jingdao Chen, Shahram Rahimi

TL;DR

This paper surveys privacy attacks targeting AI-enabled robotic digital twins, highlighting exfiltration pathways for both ML-based and physics-based (first-principles) models. It categorizes attack surfaces, including exfiltration via inference APIs, cyber channels, and LLM-related prompts/data leakage, and discusses extensions to MITRE ATLAS to cover first-principles exfiltration. The authors propose defensive strategies ranging from encryption and differential privacy to data governance and ethical assurances, emphasizing the need for trusted autonomy. By framing the discussion around responsible design and governance, the work underscores the practical impact of privacy risks on safety-critical robotic systems and calls for integrated security, ethics, and governance throughout the DT lifecycle.

Abstract

Industry 4.0 has witnessed the rise of complex robots fueled by the integration of Artificial Intelligence/Machine Learning (AI/ML) and Digital Twin (DT) technologies. While these technologies offer numerous benefits, they also introduce potential privacy and security risks. This paper surveys privacy attacks targeting robots enabled by AI and DT models. Exfiltration and data leakage of ML models are discussed in addition to the potential extraction of models derived from first-principles (e.g., physics-based). We also discuss design considerations with DT-integrated robotics touching on the impact of ML model training, responsible AI and DT safeguards, data governance and ethical considerations on the effectiveness of these attacks. We advocate for a trusted autonomy approach, emphasizing the need to combine robotics, AI, and DT technologies with robust ethical frameworks and trustworthiness principles for secure and reliable AI robotic systems.

A Survey on Privacy Attacks Against Digital Twin Systems in AI-Robotics

TL;DR

This paper surveys privacy attacks targeting AI-enabled robotic digital twins, highlighting exfiltration pathways for both ML-based and physics-based (first-principles) models. It categorizes attack surfaces, including exfiltration via inference APIs, cyber channels, and LLM-related prompts/data leakage, and discusses extensions to MITRE ATLAS to cover first-principles exfiltration. The authors propose defensive strategies ranging from encryption and differential privacy to data governance and ethical assurances, emphasizing the need for trusted autonomy. By framing the discussion around responsible design and governance, the work underscores the practical impact of privacy risks on safety-critical robotic systems and calls for integrated security, ethics, and governance throughout the DT lifecycle.

Abstract

Industry 4.0 has witnessed the rise of complex robots fueled by the integration of Artificial Intelligence/Machine Learning (AI/ML) and Digital Twin (DT) technologies. While these technologies offer numerous benefits, they also introduce potential privacy and security risks. This paper surveys privacy attacks targeting robots enabled by AI and DT models. Exfiltration and data leakage of ML models are discussed in addition to the potential extraction of models derived from first-principles (e.g., physics-based). We also discuss design considerations with DT-integrated robotics touching on the impact of ML model training, responsible AI and DT safeguards, data governance and ethical considerations on the effectiveness of these attacks. We advocate for a trusted autonomy approach, emphasizing the need to combine robotics, AI, and DT technologies with robust ethical frameworks and trustworthiness principles for secure and reliable AI robotic systems.
Paper Structure (25 sections, 3 figures, 1 table)

This paper contains 25 sections, 3 figures, 1 table.

Table of Contents

  1. Introduction and Motivation
  2. Background
  3. Digital Twin Paradigm
  4. Physical Space
  5. Virtual Space
  6. Communication Space
  7. Analysis
  8. Digital Twin-Integrated Robotics
  9. Component-level DTs
  10. System-level DTs
  11. SoS-level DTs
  12. Attacks on DT-Integrated AI Robots
  13. Exfiltration via Model Inference API
  14. Exfiltration via Cyber Means
  15. LLM Meta Prompt Extraction
  16. ...and 10 more sections

Figures (3)

  • Figure 1: Generic Framework of Data-Driven Robotic Digital Twin: Physical spaces comprise robotic sensors that collect data. Virtual space utilizes the data collected from physical space via a communication link between them. Predictions are generated by the AI models within vitual space, which are then analyzed before decisions are made by stakeholders.
  • Figure 2: Overview of autonomous capabilities adapted from Boulet et al. boulet2017autonomous. Two dimensions of the Autonomy Levels for Unmanned Systems (ALFUS) model huang2005framework are shown. We make two key additions to the original: (1) "Future Capability" is replaced with "Trusted Autonomy" and (2) note that AI robots performing complex tasks in unpredictable environments must be enabled by some combination of AI/ML and DT technologies.
  • Figure 3: A graphical illustration of different privacy exfiltration techniques. A represents exfiltration via cyber means, B represents exfiltration via Model inference API, while C represents possible attacks within LLM space.