Next Article in Journal
Efficient Fine-Grained LuT-Based Optimization of AES MixColumns and InvMixColumns for FPGA Implementation
Previous Article in Journal
Automatic Modulation Classification of Mixed Signals Based on Phase Noise-Insensitive High-Order Cumulant and Distribution Characteristics in Radio-over-Fiber System
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Electronics
Volume 14
Issue 24
10.3390/electronics14244909
Review Report
electronics-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Exploring Hardware Vulnerabilities in Robotic Actuators: A Case of Man-in-the-Middle Attacks

Electronics 2025, 14(24), 4909; https://doi.org/10.3390/electronics14244909
by Raúl Jiménez Naharro *,†,‡, Fernando Gómez-Bravo †,‡ and Rafael López de Ahumada Gutiérrez †,‡
Reviewer 1:
Zebing Mao
Reviewer 2:
Qiong Li
Reviewer 3:
Zongan Li
Reviewer 4: Anonymous
Electronics 2025, 14(24), 4909; https://doi.org/10.3390/electronics14244909
Submission received: 7 October 2025 / Revised: 8 December 2025 / Accepted: 10 December 2025 / Published: 14 December 2025
(This article belongs to the Section Circuit and Signal Processing)

Round 1

Reviewer 1 Report (Previous Reviewer 1)

Comments and Suggestions for Authors

This study experimentally investigates hardware-level vulnerabilities in robotic actuators, focusing on man-in-the-middle attacks implemented via Trojan hardware on asynchronous communication buses using the Dynamixel protocol. It proposes and validates a detection method based on response-time analysis implemented on an FPGA, achieving high accuracy in identifying inserted attack modules.

Comments:

The paper does not present statistical confidence intervals or variance measures for response-time differences—essential for quantifying detection robustness.

The experiments appear limited to a single actuator and board setup. Replicating results across multiple actuators or FPGA devices would strengthen the external validity.

There is no analysis of environmental perturbations (e.g., temperature, power fluctuation, or mechanical load), which could confound timing-based detection.

False positive/negative rates are reported but without clear justification of threshold calibration, which could vary across devices or conditions.

The study assumes fixed actuator latency—unrealistic in dynamic robotic systems where latency can vary due to joint load, network congestion, or control loop interference.

Author Response

The replay is in the attached file

Author Response File: Author Response.pdf

Reviewer 2 Report (Previous Reviewer 4)

Comments and Suggestions for Authors

This manuscript investigates the impact of man-in-the-middle attacks implemented by Trojan hardware on robotic control systems and proposes detection methods to identify corresponding attacks. Building upon its predecessor, this manuscript has undergone enhancements, with the cited references providing robust support for the manuscript's perspective. I affirm that the manuscript has undergone adequate refinements and is thus worthy of acceptance in your esteemed journal.

Author Response

Thank you for your revision

Reviewer 3 Report (New Reviewer)

Comments and Suggestions for Authors

(1) The name of the institute associated with the authors should be shown totally in English. Not everyone knows the exact meaning of "UHU" and " de Sistemas".
(2) The exact meaning , the impact , and the reason of using them for " LED instructions", "Move instructions", and "Ping instructions" may be discussed in detail.
(3) Is it possible that the delay is generally due to the hardware  limitation or little memory capacity ? The authors may have to verify this.
(4) The authors may have to highlight what kinds of model or theory they have used for the simulation.  

Author Response

The response to the reviewer is in the attached file.

Author Response File: Author Response.pdf

Reviewer 4 Report (New Reviewer)

Comments and Suggestions for Authors

1. The overall structure of the article is complete, covering the entire research process from the problem background, related work, vulnerability analysis, defense mechanism design, experimental verification to the conclusion and future work. It conforms to the writing mode and basic requirements of scientific research papers.

2. From the perspective of the significance of the topic selection, with the popularization of robot technology, the article cites multiple documents from 2023 to 2025, indicating that this field is currently a research hotspot and has certain research significance.

3. The experiments in the article only focused on a single motor model or a single operating condition (load), and the results are not strong enough to support the article. It is recommended to conduct more experiments to verify the robustness of the proposed method.

4. Regarding the need for manual setting of thresholds in the defense model, future discussion sections could consider incorporating machine learning and other methods to achieve adaptive adjustment, thereby improving the system's adaptability.

5. The quality of the figures in the article needs improvement. For example, in Figure 11, there is too much white space between the red and blue lines and the line type is too thin, which makes the readers' perception poor.

Author Response

The response to the reviewer is in the attached file.

Author Response File: Author Response.pdf

This manuscript is a resubmission of an earlier submission. The following is a list of the peer review reports and author responses from that submission.


Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

This research investigates hardware-level vulnerabilities in robotic actuators by developing a man-in-the-middle (MITM) attack using Trojan hardware on an FPGA, specifically targeting the Dynamixel communication protocol. It also proposes and experimentally validates a defense strategy based on monitoring response time anomalies to detect such attacks, demonstrating its effectiveness with minimal hardware overhead.

Here are my comments:

The attacker’s capabilities are loosely described. e.g., physical access assumptions, timing constraints.

Study robustness by injecting artificial noise or jitter and show the false positive/negative rates under different conditions.

The paper treats the Trojan hardware as relatively large using an FPGA, but practical Trojans in real threats are often stealthy and much smaller.

The cumulative resource and latency overheads when scaling to dozens of motors are not assessed quantitatively.

This paper missed reviewing recent studies in introdution, like Predicting flow status of a flexible rectifier using cognitive computing; Modeling fabric-type actuator using point clouds by deep learning; Recent advances and perspectives in deep learning techniques for 3D point cloud data processing.

The defense does not prevent attacks, only detects them post-factum. Also, a sufficiently skilled attacker could potentially mimic the expected timing behavior and evade detection.

Industrial-grade servos and robots use different, sometimes proprietary, communication standards where timing behavior differs substantially.

Reviewer 2 Report

Comments and Suggestions for Authors

The provided manuscript touches the relevant topic of man in the middle model of attack for the communication lines of actuators in robotic systems. The study is interesting to readers and meets the requirements of novelty. The Article provides interesting practical and experimental results, is well structured and well described. But the formatting of tables and elements of the structure should meet the template of electronics journal.
There are recommendations of improvement that should be addressed.

1. Please extend the Abstract section and Keywords. The first half of Abstract is informative, but the final statement (that not studied yet) can be detailed by adding the target in form of communication lines inside robotic systems (because general implementation of Man in the Middle for various hardware systems are described well and even in MDPI journals). The semicolon ';' should be replaced by dot '.' (line 18).
The second part of the abstract is also informative, but can be extend by adding the technology details (such as the DYNAMIXEL Protocol).
Toe the Keywords section it is possible to add the 'Robotic systems' or 'actuator communication lines' (to help of relevant search for your publication).

2. It is reasonable to rename section 2 by adding word of Analysis to highlight the place of your study within this section. For example, Analysis of Hardware Attacks.
The first classification can be also extended by adding of possible actions of industrial espionage and reverse engineering (if you consider it applicable).

3. Please reorganize tables 1, 2, and 3 according to MDPI requirements. Also, the comment (description) text should be before the table.
It is also possible to improve the readability of figures with the text. Figure 9 can be represented as the composite figure (with symbols a, b, c, ...)

4. It is reasonable to add the Discussion section before the Conclusions to describe here the recommendations of protection the robotic systems against attacks that are obtained in subsections 3.2 and 4.2 as the reproducible step by step sequence of recommendations. It also will help you to extend the manuscript because currently it is really concentrated (it is ok, but readers may wait the additional instructions).

5. Please also consider following recommendations of improvements.
- Consider removing 'The' from the title (or even reformulate a bit the title).
- For affiliations 1, 2, and 3 the initials are missed after emails. Affiliation text when email of author is specified should also provide initials (the shortings of the author's name) that should be also presented in same form in section Author Contributions (follows after Conclusions section and was missed in current version of the manuscript).
- The section Author Contributions is missed, please add. The rest sections from the MDPI electronics template can be also added, including Conflicts of Interest section (and probably Abbreviations).
- There are semicolons in the text that can be replaced by the dot (lines 18, 122, 222-223, 306, 320, 425)
- Please recheck the correctness of punctuation of enumerations (lines 24-31, 33-39, 66-74, 85-89, 95-97, 187-190, 196-200, 225-228, 254-263, 281-284, 383-386). If the colon is used, each item in enumeration should starts as the regular text (not capital) and should be ended by semicolon. Otherwise (your current formatting) before the enumeration the dot should be used instead of colon. But the part of enumerations it is better to update.
- The í in Title of section 4 (line 229) can be replaced by simple i.

Reviewer 3 Report

Comments and Suggestions for Authors

The manuscript investigates hardware-based man-in-the-middle (MitM) attacks on robotic actuators using the Dynamixel protocol, demonstrating how a malicious FPGA module can intercept or alter commands undetected. The authors propose a timing-based defense mechanism that detects attacks by monitoring response delays. The methods seems to have high accuracy but there are limitations in environmental robustness and protocol generality. More specifically, my comments for the authors are the following:

  • The study only considers external attackers, ignoring insider threats (e.g., malicious manufacturers or employees), which are equally critical.

  • The attack module’s simplicity (e.g., no encryption bypass or advanced evasion techniques) may not reflect real-world sophisticated adversaries.

  • The defense assumes the attacker only modifies/block commands. What if the attacker also manipulates the status packets to fake "normal" response times?

  • The defense assumes actuator response times are stable, which may not hold in noisy environments or under varying loads. Authors should discuss environmental factors.
  • The "acceptable delay range" is empirically derived but lacks of statistical validation.
  • The paper claims universality but lacks cross-protocol validation.
  • There are no comparisons with existing hardware security methods.
  • 110 repetitions per command may not capture long-term timing drift (e.g., actuator wear).

Reviewer 4 Report

Comments and Suggestions for Authors

This manuscript investigates the impact of man-in-the-middle attacks implemented by Trojan hardware on robotic control systems and proposes detection methods to identify corresponding attacks. Please refer to the comments below for potential improvements:
- Suggest adding some content in the [Introduction] section to introduce the contribution of this manuscript, so that readers can quickly find key information.
- Suggest adding a section on [Related Work] to introduce the existing research on these issues, and what are the advantages and disadvantages of these studies? Only through these analyses can we determine better that the research direction of this manuscript is reasonable.
- I noticed that some Spanish words were used in the article, such as "Methodologíes" in the title of section 4, which is a Spanish word. I suggest thoroughly checking the rest of this manuscript and maintaining the use of one language for writing.
- Can you add some content to introduce the similarities and differences of hardware resources in different subsections of this manuscript?
- The content in Section 5 [Conclusion] is too long. It is suggested to add a subsection in Section 4 and move some of the content from Section 5 to this new subsection.

Comments on the Quality of English Language

Some parts of the manuscript use Spanish, it is recommended to use English words and grammar as much as possible.

Back to TopTop