Abstract
SROS1 is a proposed addition to the ROS1 API and ecosystem to support modern cryptography and security measures. An overview of current progress will be presented, explaining each major advancement, including: over-the-wire cryptography for all data transport, namespaced access control enforcing graph policies/restrictions, and finally process profiles using Linux Security Modules to harden a node’s resource access. This chapter not only seeks to raise community awareness of the vulnerabilities in ROS1, but to provide clear instruction along designed patterns of development for using proposed solutions provided by SROS1 to advance the state of security for open source robotics subsystems.
Keywords
- ROS
- Secure communications
- Access control
- Robotics
This is a preview of subscription content, access via your institution.
Buying options
Notes
- 1.
- 2.
- 3.
- 4.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
References
J. Åkerberg, M. Gidlund, T. Lennvall, J. Neander, M. Björkman, Efficient integration of secure and safety critical industrial wireless sensor networks (EURASIP J. Wirel. Commun, Netw, 2011)
J. Åkerberg, M. Gidlund, T. Lennvall, J. Neander, M. Björkman, Efficient integration of secure and safety critical industrial wireless sensor networks. EURASIP J. Wirel. Commun. Netw. 2011(1), 100 (2011)
M. Bauer, Paranoid penguin: an introduction to novell apparmor. Linux J. 2006(148), 13 (2006)
B. Breiling, B. Dieber, P. Schartner, Secure communication for the robot operating system, in 2017 Annual IEEE International Systems Conference (SysCon) (2017), pp. 1–6
M. Cheminod, L. Durante, A. Valenzano, Review of security issues in industrial networks, in IEEE Transactions on Industrial Informatics, vol. 9 (2013)
C.M. Chris Valasek, Remote Exploitation of an Unaltered Passenger Vehicle. Technical report, IOActive, (2015)
A. Cortesi, P. Ferrara, N. Chaki, Static analysis techniques for robotics software verification, in Proceedings of the 44th International Symposium on Robotics, IEEE ISR 2013, Seoul, Korea (South), October 24–26, 2013 (2013), pp. 1–6
S.K. Datta, R.P.F. Da Costa, C. Bonnet, J. Härri, ONEM2M architecture based IOT framework for mobile crowd sensing in smart cities, in 2016 European Conference on Networks and Communications (EuCNC) (IEEE, New York, 2016), pp. 168–173
T. Denning, C. Matuszek, K. Koscher, J.R. Smith, T. Kohno, A spotlight on security and privacy risks with future household robots: attacks and lessons, in Proceedings of the 11th International Conference on Ubiquitous Computing, UbiComp’09 (2009), pp. 105–114
B. Dieber, S. Kacianka, S. Rass, P. Schartner, Application-level security for ROS-based applications, in 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS) (IEEE, 2016), pp. 4477–4482
R. Dóczi, F. Kis, B. St, V. Pser, G. Kronreif, E. Jsvai, M. Kozlovszky, Increasing ros 1.x communication security for medical surgery robot, in 2016 IEEE International Conference on Systems, Man, and Cybernetics (SMC) (2016), pp. 4444–4449
B. Dowling, M. Fischlin, F. Günther, D. Stebila, A cryptographic analysis of the TLS 1.3 handshake protocol candidates, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS ’15 (ACM, New York, 2015), pp. 1197–1210. http://doi.acm.org/10.1145/2810103.2813653
D. Dzung, M. Naedele, T.P. von Hoff, M. Crevatin, Security for industrial communication systems. Proc. IEEE 93, 1152–1177 (2005)
W.K. Edwards, R.E. Grinter, At home with ubiquitous computing: Seven challenges, in Proceedings of the 3rd International Conference on Ubiquitous Computing, UbiComp ’01 (2001), pp. 256–272
P.E. Eric Byres, D. Hoffman, The myths and facts behind cyber security risks for industrial control systems, in VDE Kongress (2004)
I. Foster, A. Prudhomme, K. Koscher, S. Savage, Fast and vulnerable: a story of telematic failures, in Proceedings of the 9th USENIX Conference on Offensive Technologies. WOOT’15 (2015)
J. Huang, C. Erdogan, Y. Zhang, B. Moore, Q. Luo, A. Sundaresan, G. Rosu, Rosrv: Runtime verification for robots, in Proceedings of the 14th International Conference on Runtime Verification. LNCS, vol. 8734 (Springer International Publishing, Berlin, 2014), pp. 247–254
K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, Experimental security analysis of a modern automobile, in Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP ’10 (2010), pp. 447–462
F.J.R. Lera, J. Balsa, F. Casado, C. Fernández, F.M. Rico, V. Matellán, Cybersecurity in autonomous systems: Evaluating the performance of hardening ROS. Málaga, Spain-June 2016, 47 (2016)
I. Muscat, Web vulnerabilities: identifying patterns and remedies. Netw. Secur. 2016(2), 5–10 (2016), http://www.sciencedirect.com/science/article/pii/S1353485816300162
M. Nemec, M. Sys, P. Svenda, D. Klinec, V. Matyas, The return of coppersmith’s attack: practical factorization of widely used RSA moduli, in 24th ACM Conference on Computer and Communications Security (CCS’2017) (ACM, New York, 2017), pp. 1631–1648
G. Pardo-Castellote, OMG data-distribution service: architectural overview, in 23rd International Conference on Distributed Computing Systems Workshops, 2003. Proceedings (2003), pp. 200–206
D. Portugal, M.A. Santos, S. Pereira, M.S. Couceiro, On the security of robotic applications using ROS, in Artificial Intelligence Safety and Security (CRC Press, Boca Raton, 2017)
M. Quigley, K. Conley, B. Gerkey, J. Faust, T. Foote, J. Leibs, R. Wheeler, A.Y. Ng, ROS: an open-source robot operating system, in ICRA Workshop on Open Source Software, vol. 3 (Japan, Kobe, 2009), p. 5
A. Stubblefield, J. Ioannidis, A.D. Rubin et al., Using the fluhrer, mantin, and shamir attack to break wep, in NDSS (2002)
M. Vanhoef, F. Piessens, Key reinstallation attacks: Forcing nonce reuse in WPA2, in Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS ’17 (ACM, New York, 2017), pp. 1313–1328. http://doi.acm.org/10.1145/3133956.3134027
C. Wang, A. Carzaniga, D. Evans, A.L. Wolf, Security issues and requirements for internet-scale publish-subscribe systems, in Proceedings of the 35th Annual Hawaii International Conference on System Sciences, 2002. HICSS (IEEE, New York, 2002), pp. 3940–3947
R. White, M. Quigley, ,S ROS: Securing ROS Over the Wire, in the Graph, and Through the Kernel (ROSCon, Seoul South Korea, 2016), https://vimeo.com/187705073
R. White, M. Quigley, H. Christensen, SROS: Securing ROS over the wire, in the graph, and through the kernel, in Humanoids Workshop: Towards Humanoid Robots OS (Cancun, Mexico, 2016)
W. Xu, S. Bhatkar, R. Sekar, Taint-enhanced policy enforcement: a practical approach to defeat a wide range of attacks, in USENIX Security Symposium (2006), pp. 121–136
Acknowledgements
The authors would like to thank the Open Source Robotics Foundation for helping support the design and development of the SROS work presented. This work has been partially supported by CINI Cybersecurity National Laboratory within the project FilieraSicura: Securing the Supply Chain of Domestic Critical Infrastructures from Cyber Attacks.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
White, R., Caiazza, G., Christensen, H., Cortesi, A. (2019). SROS1: Using and Developing Secure ROS1 Systems. In: Koubaa, A. (eds) Robot Operating System (ROS). Studies in Computational Intelligence, vol 778. Springer, Cham. https://doi.org/10.1007/978-3-319-91590-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-319-91590-6_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-91589-0
Online ISBN: 978-3-319-91590-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)