Secure and Efficient Transmission of Vision-Based Feedback Control Signals

An ever-increasing number of autonomous vehicles use bandwidth-greedy sensors such as cameras and LiDARs to sense and act to the world around us. Unfortunately, signal transmission in vehicles is vulnerable to passive and active cyber-physical attacks that may result in loss of intellectual property, or worse yet, the loss of control of a vehicle, potentially causing great harm. Therefore, it is important to investigate efficient cryptographic methods to secure signal transmission in such vehicles against outside threats. This study is motivated by the observation that previous publications have suggested legacy algorithms, which are either inefficient or insecure for vision-based signals. We show how stream ciphers and authenticated encryption can be applied to transfer sensor data securely and efficiently between computing devices suitable for distributed guidance, navigation, and control systems. We provide an efficient and flexible pipeline of cryptographic operations on image and point cloud data in the Robot Operating System (ROS). We also demonstrate how image data can be compressed to reduce the amount of data to be encrypted, transmitted, and decrypted. Experiments on embedded computers verify that modern software cryptographic algorithms perform very well on large sensor data. Hence, the introduction of such algorithms should enhance security without significantly compromising the overall performance.

The figure shows a guidance, navigation, and control (GNC) system under attack by an adversary networked control systems (NCSs) [4]. By providing ease of installation, reduced maintenance costs, and flexible architectures, NCSs show promising advantages over systems with independent, dedicated communication channels [5].
For safety-critical tasks such as collision avoidance and autonomous docking, the GNC system must produce a detailed overview of the vehicle's environment. This is typically achieved with vision-based sensors such as cameras and LiDARs [6][7][8]. Because collision avoidance and autonomous docking are independent tasks performed by the guidance and navigation systems, respectively, they may require access to the same measurements. By using a dedicated computer for synchronized data acquisition, the raw data may be securely transmitted to the required systems, as seen in Fig. 1. Using local feature extraction to reduce the amount of data transmitted from the visionbased signal acquisition computer is possible. However, such a solution would blur the borders of the modular GNC design and increase system complexity. Alternatively, the data could be compressed before transmission, but compression may reduce the data quality and induce additional latency. It is therefore important to understand how compression algorithms affect the overall system performance.
The transmission of these signals, however, present attack surfaces which adversaries may exploit. Because of real-time requirements, the User Datagram Protocol (UDP) over the Internet Protocol (IP) is a common solution for signal transmission of large sensor data due to the simplicity of the protocols and the high bandwidth available [9]. Unfortunately, these protocols are inherently insecure and vulnerable to a number of cyber-physical attacks such as eavesdropping, bit manipulation, and packet injection by adversaries. If an adversary gains access to the signal transmissions in autonomous vehicles, he/she is free to eavesdrop on the data and gain access to confidential system information. Furthermore, the adversary could inject its own data into the signal transmission to manipulate the behavior of the vehicle, as seen in Fig. 1. Such attacks may, for example, result in the failure of collision avoidance systems with dramatic consequences; rather than tracking incoming obstacles, the vehicle may be fooled into 'avoiding' objects that do not exist.
Traditionally, cryptography has been used to solve such problems. To prevent unauthorized parties from accessing the transmitted data, the data streams should be encrypted. To prevent the injection of spoofed data, the origin of the data streams should be authenticated. However, the large throughput required when processing images and point clouds may result in large time delays. This paper aims to resolve this problem by demonstrating how state-of-the-art cryptographic algorithms result in considerably smaller time delays than existing works have suggested. We also seek to investigate whether compression before encryption can accelerate the cryptographic operations while also reducing the required throughput.

Related Work
Since NCSs connect system components across a network, they become vulnerable to cyber-physical attacks such as eavesdropping and deception attacks, as described in [10,11]. Therefore, the use of cryptographic algorithms such as the Data Encryption Standard (DES) [12], Triple DES (3DES) [13], Advanced Encryption Standard (AES) [14], Message Digest 5 (MD5) [15], and Keyed-Hash Message Authentication Code (HMAC) [16] has been suggested by [17][18][19] to secure the signal transmission in NCSs. In particular, Pang & Liu [18] suggested a 'secure transmission mechanism' consisting of a block cipher and a cryptographic hash function in a 'hash-then-encrypt' composition to provide security against deception attacks. However, the use of ad-hoc schemes to prevent deception attacks, such as the scheme proposed by Pang & Liu, has been shown to be cryptographically weak [20]. Instead, we argue that proper authenticated encryption, obtained through dedicated authenticated encryption algorithms or cryptographically strong compositions, e.g., those investigated by Bellare & Namprempre [21], should be used.
Case-studies examining implementation-specific software such as the Robot Operating System (ROS), for example, by Teixeira et al. [22], have discovered similar weaknesses to eavesdropping and data manipulation attacks. To counteract such attacks, well-known cryptographic algorithms such as 3DES, Blowfish [23], and AES have been applied in ROS [24][25][26]. Specifically, Rodrigues-Lera et al. [25] investigated the use of 3DES, AES, and Blowfish on images and LiDAR data in the ROS environment and found system performance to be adversely affected by the cryptographic operations. Due to the computational overhead, cryptographic algorithms induce latencies that are important to consider, especially if real-time requirements apply. Since the latency induced by cryptographic operations grows linearly with the data size, these latencies may be significant for large data such as images and point clouds.
The work described above examined the use of block ciphers accessed through open-source libraries. This leads Teixeira et al. to conclude that cryptography is not viable in all cases because the latency induced by encryption and decryption compromises real-time performance [22]. Interestingly, the use of state-of-the-art stream ciphers, such as those found in the eSTREAM portfolio [27] and the AEGIS cipher [28], has not been considered by any of the previous work. Stream ciphers are stateful ciphers that usually consist of an initialization phase and a keystream generation phase. While the initialization phase does result in an initial overhead compared to block ciphers, the keystream generation phase of a stream cipher is much more efficient than that of a block cipher. This is important because vision-based signals are large compared to more common data transmitted in feedback control systems. For example, the transmission of a state estimate containing position, velocities, and attitude at a rate of 100 Hz would require a bandwidth around 10 KB/s. In comparison, images and point-clouds transmitted at 10 Hz would require bandwidth at least three orders of magnitude greater. Therefore, for encryption of vision-based signals, we suggest the use of dedicated stream ciphers, for which we expect to produce considerably better results in terms of latency.

Main Contributions
The main objective of this study is to identify efficient cryptographic algorithms that avoid critical time delays in the feedback loop for autonomous vehicles. This is particularly important for vision-based signals processed by embedded systems onboard vehicles where the computational power is limited. To this end, we demonstrate that a stream of images and point clouds can be transmitted securely and efficiently between embedded systems by using modern cryptographic methods. We show how authenticated encryption can be used to obtain confidentiality, integrity, and data origin authenticity by combining stream ciphers and message authentication codes, or through a dedicated authenticated encryption algorithm. Finally, we demonstrate that by using the proposed algorithms, the use of compression before cryptographic operations results in larger time delays. Therefore, compression should only be applied if the network bandwidth is constrained. By suggesting the use of stream ciphers and authenticated encryption instead of block ciphers, this paper presents an important contribution to the development of secure autonomous vehicles. Experimental results verify that the proposed algorithms significantly outperform algorithms suggested by others and should be used in autonomous vehicles.
The software-oriented stream ciphers from the eSTREAM portfolio are assessed and compared against the de facto standard, i.e., the AES algorithm. The bestperforming encryption algorithms are then composed with the HMAC algorithm to obtain authenticated encryption and then compared with the AEGIS algorithm. Finally, we investigate whether the use of compression before cryptographic operations results in increased performance. The algorithms have been integrated into the ROS environment as a cryptographically strong pipeline that enables cryptographic operations on image and point cloud data. The proposed pipeline is flexible since the data type is irrelevant to the implementation. Efficiency is ensured since the computational complexity is inherited from the underlying cryptographic algorithms and grows linearly with the data size. Source code, data set, and instructions to run the algorithms in ROS have been made available in a public Github repository [29]. The dataset is based on data collection onboard a USV and was created by the authors. To assess algorithm performance, experiments were conducted on edge-computing embedded devices rather than highperformance desktop computers. Although the experiments are demonstrated for USVs, the embedded systems in use apply to a wide range of autonomous vehicles.

Outline
This paper is structured as follows. Section 2 introduces the implemented methods and discusses how they are realized in ROS. Section 3 describes the hardware, software, and sensor data used in the experiments, the laboratory setup, and experiment-specific details. It also includes results and discussions regarding the experiments. Finally, we summarize the most important findings and how they relate to the results achieved by other authors in Section 4.

Algorithms and Implementation
First, we introduce the proposed cryptographic pipeline, followed by an introduction to ROS. Then, an overview of the relevant algorithms is given. Finally, we describe how the algorithms are integrated into the ROS environment. The focus lies on the communication between the vision-based signal acquisition computer and the guidance and navigation computers but applies to all signal transmissions seen in Fig. 1.
Introducing our analogy, used throughout this paper, one of the computers acts as the talker while the other computer acts as the listener. The talker is the node that encrypts and transmits the sensor signals, while the listener is the node that receives and recovers the original message through decryption, as seen in Fig. 2. Authentication is included in the pipeline if the encryption algorithm does not provide data origin authenticity directly. That is, the talker node computes a tag based on the message before the message and tag are transmitted to the listener. Upon reception, the listener recomputes the tag and compares it with the received tag to validate the message's authenticity.

Communication and Sensor Interfacing in ROS
ROS is a flexible open-source framework for robot software development and is designed with distributed computing in mind. An essential part of ROS concerns how different computational processes can communicate and interchange messages. In this context, ROS nodes play an important role. In general, nodes are meant to operate at a fine-grained scale. Hence, robot control Fig. 2 The block diagram shows the proposed cryptographic pipeline implemented in ROS systems usually comprise several nodes. The use of multiple nodes also provides several benefits, such as reduced code complexity and additional fault tolerance as crashes are isolated to individual nodes. ROS topics are closely related to ROS nodes. Topics are named buses over which nodes exchange messages. ROS topics are intended for unidirectional streaming communication under the publisher and subscriber scheme. In general, nodes are not aware of to whom they are communicating. Instead, nodes subscribe to the topic containing data of interest generated by other nodes publishing data to the relevant topic. There can be multiple publishers and subscribers to a single topic. Furthermore, ROS supports both Transmission Control Protocol (TCP)/IPbased and UDP/IP-based message transport. The TCP/IPbased transport protocol, known as TCPROS, is the default communication protocol in ROS and streams data over persistent connections. The UDP/IP-based transport, known as UDPROS, is a low-latency, lossy alternative which separates messages into UDP packets. ROS nodes usually negotiate the desired transport at runtime. Nevertheless, it is possible to specify the choice of transport protocol manually.
This paper focuses on large sensor data such as images and point clouds, both categorized under the sensor msgs package in ROS. The cryptographic algorithms require that the data to be processed is contiguous in memory. Fortunately, data fields categorized under the sensor msgs package are already serialized. We may therefore manipulate the data fields directly with cryptographic operations. After encryption, the encrypted data is represented as a byte stream which is easily embedded in a ROS topic through the roscpp library. The roscpp library enables C++ programmers to quickly interface with ROS topics and is designed to be the highperformance library for ROS.

Cryptographic Algorithms
The cryptographic algorithms described in this paper are symmetric in the sense that a shared secret key is used for encryption and decryption, and authentication and validation, respectively. The only secret part of the cryptographic algorithms is material directly derived from the secret key, i.e., the algorithms are entirely public. An encryption algorithm is considered broken if there exists a reasonable attack that is more efficient than a brute-force attack, i.e., an exhaustive search through the key space. The input to the encryption algorithm is referred to as plaintext, while the output is referred to as ciphertext. By decrypting the ciphertext, the original plaintext is recovered as it was before encryption was applied.  [28] Symmetric encryption algorithms are divided into two categories: block ciphers and stream ciphers. Block ciphers are stateless substitutions parametrized by a K-bit key operating on B-bit blocks. Examples are DES [12] and AES [14], which are well-known block ciphers. Since encryption of the same plaintext would always result in the same ciphertext, block ciphers are usually operated in specific modes, such as the Cipher Block Chaining (CBC) mode and Cipher Feedback (CFB) mode. When a block cipher is operated in the CBC mode it is still considered a block cipher, while the CFB mode converts the block cipher into a stream cipher by introducing a state. Stream ciphers work by extending a relatively short secret key into a much longer pseudorandom keystream which is then mixed with the plaintext, usually through the exclusive-or (XOR) operation, to form the ciphertext. Since stream ciphers are stateful, a unique, public parameter known as the initialization vector (IV) is mixed with the secret key to produce an initial state of the stream cipher before a message is encrypted or decrypted. In this sense, the IV serves as a cryptographic synchronization mechanism.
An overview of the relevant cryptographic algorithms that were integrated into the ROS environment and assessed can be seen in Table 1. The AES algorithm serves as a benchmark such that the performance of the algorithms may be compared to known results from related works. The algorithm implementations described in [35] were used. Brief descriptions of the algorithms are given. For additional details, the readers are advised to consult the corresponding references given at the end of this paper.

Advanced Encryption Standard
In 1997, the DES algorithm had been in place for over 20 years, and questions regarding the security of DES had haunted DES since its inception. Rather than repeating the closed DES standardization process from the 1970s, the process of finding a new encryption standard, the AES, was decided to be public. Following a 3-year process, with careful examination of all the submissions concerning their security and performance, the Rijndael block cipher was selected in April 2000 and adopted as a federal information processing standard in early 2001 [14].
AES consists of multiple keyed rounds that operate on 128-bit blocks through a series of substitutions and permutations and quickly became the most popular encryption algorithm in-use. As a result of the widespread adoption of the standard, many processor architectures have implemented enhanced instruction sets, such as the x86 Intel AES New Instructions (AES-NI) and ARMv8 Cryptography Extension, that provide hardware acceleration of the AES operations.

eSTREAM Portfolio
During a discussion at the 2004 RSA Data Security Conference, the need for dedicated stream ciphers was questioned following the success of the AES. As an argument for the use of dedicated stream cipher designs, Shamir [27, page 1] identified two key areas in which dedicated stream ciphers could offer an advantage over block ciphers, namely: " (1) where exceptionally high throughput is required in software and (2) where exceptionally low resource consumption is required in hardware".
As a result of the discussion, the ECRYPT Stream Cipher Project, a multi-year effort that ran from 2004-2008, was launched. The goal was to stimulate work on stream ciphers, and the project resulted in several successful entrants. The collection of successful entrants became known as the eSTREAM portfolio. The ciphers were designed to derive an initial state from a public IV and a secret key and to be optimized for software implementation (Profile 1) or hardware implementation (Profile 2) to address (1) and (2), respectively. Since we integrate the algorithms into the ROS environment, we focus on the stream ciphers optimized for software implementation.
The software-oriented portion of the eSTREAM portfolio consists of the following stream ciphers: HC-128 designed by Wu [30], Rabbit designed by Boesgaard et al. [32], ChaCha20 designed by Bernstein [31], and Sosemanuk designed by Berbain et al. [33]. We note that ChaCha20 is an improved version, with additional security margins and slightly increased performance, of the Salsa20 cipher, which is the original member of the eSTREAM portfolio. While a detailed description of each of the algorithms is out of scope, we mention that the algorithms differ structurally. These differences lead to the belief that if a weakness is identified for one cipher, the other ciphers are likely to remain unaffected. The HC-128 stream cipher uses large permutation tables, and the contents of the permutation tables determine the state. The Rabbit stream cipher uses elements from Chaos Theory, while the ChaCha20 stream cipher is an Add-Rotate-XOR (ARX) cipher. Finally, the Sosemanuk stream cipher uses a composition of a linear feedback shift register associated with a primitive feedback polynomial and parts of the Serpent block cipher, the runner-up submission to the AES competition.

HMAC-SHA-256
Since encryption alone does not provide integrity nor data origin authenticity, a different cryptographic technique must be applied. A message authentication code (MAC) is a symmetric-key construction which takes an arbitrary length input and produces a fixed B-bit output called a tag. A MAC algorithm is considered broken if an adversary is capable of forging a valid tag on at least one message. This is called an existential forgery.
The Keyed-Hash Message Authentication Code (HMAC) [16] is an algorithm that constructs a MAC from an unkeyed cryptographic hash function. In our experiments, we use the Secure Hash Algorithm 256 (SHA-256) [34] as the cryptographic hash function per recommendation from the Internet Engineering Task Force [36]. By composing the HMAC algorithm with the encryption algorithms in the compositions described by [21], authenticated encryption is achieved. In our experiments, we use the 'Encrypt-then-MAC'-composition shown in Fig. 3a.

AEGIS
Instead of using a generic composition such as 'Encryptthen-MAC', we may use a dedicated authenticated encryption algorithm, as seen in Fig. 3b. The Competition for Authenticated Encryption: Security, Applicability and Robustness (CAESAR) was an effort that ran from 2014-2019. The goal was to identify authenticated encryption schemes that provided better performance than those in use at the time, most notably AES Galois / Counter Mode (GCM) and AES Counter with CBC-MAC (CCM). The AEGIS cipher designed by Bart Preneel and Hongjun Wu was a successful entrant and is part of the high-performance portfolio along with AES Offset Codebook Mode (OCB) designed by Rogaway et al. [37]. Unfortunately, AES OCB is encumbered by patents and is, therefore, not considered here. The AEGIS stream cipher was constructed with the AES round function in mind to take advantage of the AES-NI instruction set, but it also offers strong performance with table-driven variants of the AES round function and variants taking advantage of the ARMv8 Cryptography Extension. Since AEGIS provides authenticated encryption directly, there is no need to apply a separate MAC. Fig. 3 a Authenticated encryption is obtained through an 'Encrypt-then-MAC'composition. b Authenticated encryption is obtained through a dedicated authenticated encryption algorithm such as AEGIS

Compression Algorithms
Contrary to encryption, compression may or may not lead to loss of information. Accordingly, we classify compression algorithms as lossy or lossless. A compression algorithm is lossy if it induces a loss of information, while a lossless compression algorithm permits perfect reconstruction of the original data. When evaluating the performance of compression algorithms, metrics such as data compression ratio, data quality, and computational complexity are relevant. The data compression ratio measures the relative reduction in size produced by the compression algorithm. Lossy compression algorithms, e.g., Joint Photographic Experts Group (JPEG) [38], typically achieve high compression ratios ( > 10:1) without significantly reducing the data quality. Lossless compression algorithms such as Portable Network Graphics (PNG) [39] achieve much lower compression ratios, e.g., up to 4:1 [40]. The computational complexity of lossy compression algorithms is typically a function of the data size. In contrast, the computational complexity of lossless compression algorithms also depends on the entropy of the data. Therefore, we expect lossy compression algorithms to operate in constant time for the given data size, while we expect the time complexity of lossless compression algorithms to vary.

Implementations in ROS
To implement authenticated encryption in the ROS environment, the data field of the ROS message must be altered to make space for the ciphertext, IV, and the message tag, respectively. This can be done by resizing the data field. Once resized, the IV is placed at the front of the data field belonging to the image or point cloud message, respectively. The plaintext is encrypted and authenticated using either an authenticated encryption cipher such as AEGIS or the 'Encrypt-then-MAC' composition using a cipher and HMAC. As seen in Fig. 4, we only apply cryptographic operations on the data field belonging to the ROS message, thus leaving the header field unchanged before the complete ROS message is published to the ROS topic. Also, note Fig. 4 The figure shows how the original ROS message is secured through the use of authenticated encryption. The data field belonging to the encrypted ROS message also makes space for the IV and the message tag that AEGIS and the 'Encrypt-then-MAC' composition rely on different approaches to obtain authenticated encryption. Hence, they will differ in the way they are implemented in ROS. The pseudocode for the authenticated encryption and the authenticated decryption nodes when an 'Encrypt-then-MAC'-scheme is used can be seen in Algorithms 1 and 2, respectively. We implement image compression using lossless PNG and lossy JPEG compression, respectively. The compression algorithms are accessed through encoding/decoding functions in the OpenCV library. We use the ROS package cv bridge to bridge ROS and OpenCV image data and then embed the encoding/decoding functions into the cryptographic pipeline. When combining compression and authenticated encryption, the order of the services plays an important role. For example, an 'encrypt-then-compress' end if 13: end while scheme will result in low compression ratios because the ciphertext is very similar to white noise. In this scheme, lossless compression can be used but will result in very low compression ratios since there is no redundancy in white noise. Also, note that we cannot use lossy compression in such a scheme since it induces a loss of information. Consequently, the decryption algorithm is not given access to the original ciphertext and is therefore incapable of providing meaningful decryption. Therefore, we must apply the compression algorithms before the cryptographic operations. For this reason, we adopt a 'compress-then-encrypt' scheme in which authenticated encryption is applied to the output of the compression algorithm. We refer to the Github repository for any additional implementation-specific details [29].

Experimental Setup and Testing of Cryptographic Algorithms
Following the description of the cryptographic algorithms, compression algorithms, and implementationspecific details, we move over to experiments. We begin by describing the hardware, software, and experimental data. Then, we describe how each experiment was conducted and the obtained results. Finally, we make some remarks regarding the obtained results.

Hardware, Software, and Experimental Data
We perform the experiments on an Nvidia Jetson Xavier Developer Kit. The Jetson Xavier is an efficient edgecomputing unit with a small form factor, applicable for autonomous vehicles. It delivers 93.75 GB/s of highspeed I/O, which eases the burden of handling large amounts of data. Furthermore, the effect is adjustable between 10W and 30W, depending on the power mode. To utilize full performance, we set the power mode to "MAXN" to activate Images and point clouds were acquired using two electrooptical (EO) cameras and a LiDAR, respectively, onboard a small USV to test the algorithm performance on realworld data (see Fig. 5). The dataset contains image and point cloud data where the USV slowly navigates around the Trondheim Harbor (see Fig. 6). We use the Blackfly S GiGE camera with a 1280×1024 resolution. The images are recorded in monochrome pixel format at a frequency of 7.5 Hz. The LiDAR used is an Ouster OS-1 with a resolution of 2048 × 16 beams, running at 10 Hz. The data was recorded using the ROSbag tool to time stamp the data. The sensor data produced by the EO cameras and the LiDAR require a bandwidth of 9.75 MB/s and 31.5 MB/s, respectively. This data is then fed to the cryptographic pipeline to verify its value for real-world applications.
(a) (b) Fig. 6 The sensor data was recorded on-board an unmanned surface vehicle (USV) in the Trondheim Harbor. a shows a snapshot of the collected image data, and b shows a snapshot of the collected LiDAR data

Experiments and Results
The experimental setup consists of two Nvidia Jetson Xavier computers and one ethernet cable to enable wired, highspeed data transmission between the computing devices. To communicate and send data between nodes, ROS uses a master-slave setup. Only one node is assigned to be the master, and all other nodes must be configured to use this master. Using our analogy, the first computer, i.e., the master node, acts as the talker, while the second computer, i.e., the slave node, acts as the listener.

Experiment 1: Encryption Latency Measurements
In the first experiment, we are concerned with measuring the additional latency caused by encryption and decryption operations during the proposed cryptographic pipeline. We merge the latency caused by the encryption and decryption operations into one single cryptographic latency measurement, while network latency is ignored. Most of the computation is related to the core functionality accessed through initialization and processing. Minor parts relate to the allocation of input and output buffers and IV loading and incrementation for synchronization purposes. We refer to the public Github repository for additional details [29]. We benchmark AES in the CFB mode against the stream ciphers from the eSTREAM portfolio, i.e., HC-128, Sosemanuk, ChaCha20, and Rabbit. Both a table-driven (software-oriented) and a hardware-accelerated (ARMv8 Cryptography Extension) variant of AES CFB is benchmarked. Table 2 summarizes the cryptographic latency measurements for the encryption-only schemes on image and point cloud data across 1000 consecutive samples. These samples were used to calculate the mean and standard deviation. A visual representation of the results is shown in Fig. 7. Observe that the relative order between the algorithms is the same when comparing image and point cloud data. As shown, Rabbit produces the lowest latency closely followed by HC-128, while AES CFB produces the highest latency. In between, we find ChaCha20, Sosemanuk, and the hardware-accelerated variant of AES CFB, respectively.

Experiment 2: Authenticated Encryption Latency Measurements
The encryption algorithms assessed in Experiment 1 provide confidentiality only and do not ensure the integrity and authenticity of the message upon reception. Therefore, for Original works for the algorithms are found in Table 1 active attacks such as spoofing and message manipulation, we need to apply authenticated encryption. Consequently, we compare 'Encrypt-then-MAC' compositions with the authenticated encryption algorithm AEGIS in the second experiment. The 'Encrypt-then-MAC'-compositions consist of Rabbit and HC-128 composed with the HMAC-SHA-256 authentication algorithm, as they performed best in experiment 1. Both table-driven and hardware-accelerated variants of AEGIS are tested. As before, we merge the cryptographic operations into one single latency measurement. Table 3 summarizes the cryptographic latency measurements for the authenticated encryption schemes on image and point cloud data across 1000 consecutive samples. The samples were used to calculate the mean and standard deviation. A visual representation of the results is shown in Fig. 8. The hardware-accelerated variant of AEGIS proves to be the most efficient, followed by the table-driven AEGIS implementation, which is considerably faster than the HC-128+HMAC and Rabbit+HMAC schemes.

Experiment 3: Combining Image Compression and Cryptographic Operations
In the third experiment, we investigate whether compression before cryptographic operations is faster than cryptographic operations on the original data. Due to the remarkably efficient stream ciphers benchmarked so far, it is interesting to investigate if this is the case. Since we focus on authenticated encryption, and given the results from Experiment 2, AEGIS is used in a 'compress-thenencrypt' scheme. We assess the performance of 'compressthen-encrypt' schemes in which both lossy and lossless compression algorithms are composed with authenticated encryption. The lossy compression algorithm JPEG and the lossless compression algorithm PNG are used. The pipeline can be seen in Fig. 9. Table 4 summarizes the latencies based on image compression and cryptographic operations across 1000 consecutive samples. These samples were used to calculate the mean latency related to compression, cryptographic operations, and decompression, respectively. A visual representation of the results is shown in Fig. 10. On average, the original images were reduced by 74% and 30% when JPEG and PNG were used, respectively. Consequently, the cryptographic latency was reduced as well. However, this reduction is offset by the time it takes to perform compression and decompression. Note that lossless PNG compression and decompression produces significantly higher, and varying latencies than lossy JPEG, as expected.  Original works for the algorithms are found in Table 1 Fig . 9 The third experiment investigates a 'compress-then-encrypt' scheme where compression and authenticated encryption are combined. The latencies related to authenticated encryption and decryption operations, respectively, are merged into one measurement, i.e., the cryptographic latency

Remarks
The results show that the stream ciphers significantly outperform the AES block cipher, and we recommend the Rabbit and HC-128 stream ciphers if only confidentiality is required. However, when used in generic compositions, they are outperformed by the authenticated encryption algorithm AEGIS. We believe this is because the AEGIS algorithm derives a message tag from the internal state and does not require the instantiation and initialization of a separate MAC, which is the case for the generic compositions. As such, we recommend that AEGIS is used when authenticated encryption is required. The use of compression and decompression reduces the data size and, subsequently, the cryptographic latency. However, this gain is offset by the latency induced by compression and decompression, as seen in Experiment 3. The latency induced by the PNG compression was considerable, even at a relatively low compression ratio. While smaller compression ratios would result in reduced compression time, the size of the compressed image rapidly converges to the size of the original image. As such, we find PNG compression to be unsuitable for time-critical applications. Regarding JPEG, we find that the total latency of JPEG + AEGIS is higher than if AEGIS is applied directly. However, JPEG also reduces the bandwidth required significantly and might therefore be considered if bandwidth is constrained. Interestingly, if less efficient cryptographic schemes are used, e.g., AES CFB + HMAC, lossy compression may be beneficial. That is, the 'compress-then-encrypt' scheme may produce lower total latency than if cryptographic algorithms are applied directly. This is significant since it implies that the cryptographic algorithms proposed by previous work, e.g., [24][25][26], could benefit from lossy compression algorithms. This is no longer the case when AEGIS is used.
Another aspect to consider is the data quality. Since the data used in guidance, navigation, and control must be of high quality, i.e., near-lossless, we set the compression ratio low. Due to the low compression ratio, the Huffman encoding step of the JPEG algorithm must process a relatively large amount of data with O(n log n) run time [42]. This step is believed to be the bottleneck of the pipeline. With higher compression ratios, the JPEG algorithm is faster but never faster than using AEGIS directly. Additionally, increasing compression ratios will progressively deteriorate the data and thereby the performance of the GNC system.

Conclusions
With the increased use of vision-based sensors such as cameras and LiDARs in autonomous vehicles, it is essential to consider how the signals from these sensors can be secured efficiently. The vision-based signals pose a significant challenge because they require much greater throughput than traditional signals in feedback control. Previous research on how vision-based feedback control signals can be secured has been restricted to the use of block ciphers, which are much less efficient.
We address this problem by suggesting modern stream ciphers and demonstrate that these ciphers perform much better than the block ciphers proposed by previous work. We have also demonstrated that AEGIS gives the best results if authenticated encryption is required. Finally, we find that while compression may accelerate the cryptographic pipeline for algorithms proposed by other authors, this is no longer the case when AEGIS is used. As a result, compression algorithms should only be combined with AEGIS if network bandwidth is constrained. All algorithms have been implemented in ROS and made publicly available through a Github repository [29]. In the future, we plan to implement and conduct full-scale experiments to show that the proposed method indeed applies to more resource-demanding feedback control applications.  The original work of AEGIS is found in Table 1 a JPEG compression level is set to default value according to the OpenCV specification [41], i.e., 95/100 b PNG compression level is set to default value according to the OpenCV specification [41], i.e., 3/9 Fig. 10 Overall latencies when image data is compressed, encrypted, decrypted, and decompressed across 1000 samples in Experiment 3. Here, lossless PNG and lossy JPEG compression are combined with AEGIS to reduce the amount of image data to be encrypted, transmitted, and decrypted Consent for Publication The authors, Øystein Volden, Petter Solnør, Slobodan Petrovic, and Thor I. Fossen, give their consent for information about themselves to be published in the Journal of Intelligent & Robotic Systems. We understand that the text and any pictures or videos published in the article will be used only in educational publications intended for professionals, or if the publication or product is published on an open access basis. We understand that it will be freely available on the internet and may be seen by the general public. We understand that the pictures and text may also appear on other websites or in print, may be translated into other languages or used for commercial purposes. We understand that the information will be published without our child's name attached, but that full anonymity cannot be guaranteed. We have been offered the opportunity to read the manuscript. We acknowledge that it is not possible to ensure complete anonymity, and someone may be able to recognize me. However, by signing this consent form we do not in any way give up, waive or remove my rights to privacy. I may revoke my consent at any time before publication, but once the information has been committed to publication ("gone to press"), revocation of the consent is no longer possible.

Competing interests
The authors have no conflicts of interest to declare that are relevant to the content of this article.
Open Access This article is licensed under a Creative Commons Attribution 4.0 International License, which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if changes were made. The images or other third party material in this article are included in the article's Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article's Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons. org/licenses/by/4.0/.
Publisher's Note Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Øystein Volden received the MSc degree in Engineering Cybernetics from the Norwegian University of Science and Technology (NTNU) in 2020. He is currently a PhD candidate in Engineering Cybernetics at NTNU and is affiliated with the NTNU Centre for Autonomous Marine Operations and Systems. He works with topics related to computer vision, machine learning, and cybersecurity for unmanned surface vehicles.
Petter Solnør obtained his MSc degree in Engineering Cybernetics from the Norwegian University of Science and Technology (NTNU) in 2021. He is currently a PhD candidate at the Department of Engineering Cybernetics at NTNU and is affiliated with the NTNU Centre for Autonomous Marine Operations and Systems. He works on topics related to applied cryptography and cybersecurity in unmanned surface vehicles.
Slobodan Petrovic obtained his PhD degree from University of Belgrade, Serbia in 1994. He worked at Institute of Applied Mathematics and Electronics and Institute of Mathematics in Belgrade from 1986 to 2000. He also worked on various information securityrelated projects at Institute of Applied Physics, Madrid, Spain, from 2000 to 2004. From 2004 to 2015, he was with Gjøvik University College, Norway, and since January 1st, 2016, he is professor of information security at Norwegian University of Science and Technology (NTNU), where he teaches cryptology and intrusion detection and prevention. His research interests include cryptology, intrusion detection, and digital forensics. He is author of more than 50 scientific papers from the field of information security, digital forensics, and cryptology.
Thor I. Fossen is a naval architect and a cyberneticist. He received an MSc degree in Marine Technology in 1987 and a PhD degree in Engineering Cybernetics in 1991, both from the Norwegian University of Science and Technology (NTNU). He is currently a professor of guidance, navigation, and control. Fossen's expertise covers guidance systems, inertial navigation systems, nonlinear control and observer theory, vehicle dynamics, hydrodynamics, autopilots, and unmanned vehicles. He has authored three Wiley textbooks. Fossen is one of the co-founders and former Vice President R&D of the company Marine Cybernetics AS, which DNV acquired in 2012. He is also co-founder of SCOUT Drone Inspection AS (2017). He received the Automatica Prize Paper Award in 2002 and the Arch T. Colwell Merit Award in 2008 at the SAE World Congress. He has been elected to the Academy of Technological Sciences (1998) and elevated to IEEE Fellow (2016).