Who Controls Your Robot? An Evaluation of ROS Security Mechanisms

The Robot Operation System (ROS) is widely used in academia as well as the industry to build custom robot applications. Successful cyberattacks on robots can result in a loss of control for the legitimate operator and thus have a severe impact on safety if the robot is moving uncontrollably. A high level of security thus needs to be mandatory. Neither ROS 1 nor 2 in their default configuration provide protection against network based attackers. Multiple protection mechanisms have been proposed that can be used to overcome this. Unfortunately, it is unclear how effective and usable each of them are. We provide a structured analysis of the requirements these protection mechanisms need to fulfill by identifying realistic, network based attacker models and using those to derive relevant security requirements and other evaluation criteria. Based on these criteria, we analyze the protection mechanisms available and compare them to each other. We find that none of the existing protection mechanisms fulfill all of the security requirements. For both ROS 1 and 2, we discuss which protection mechanism are most relevant and give hints on how to decide on one. We hope that the requirements we identify simplify the development or enhancement of protection mechanisms that cover all aspects of ROS and that our comparison helps robot operators to choose an adequate protection mechanism for their use case.

[1]  Micael S. Couceiro,et al.  The role of security in human-robot shared environments: A case study in ROS-based surveillance robots , 2017, 2017 26th IEEE International Symposium on Robot and Human Interactive Communication (RO-MAN).

[2]  Sean Rivera,et al.  ROS-Defender: SDN-Based Security Policy Enforcement for Robotic Applications , 2019, 2019 IEEE Security and Privacy Workshops (SPW).

[3]  Peter Schartner,et al.  Secure communication for the robot operating system , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[4]  Peter Schartner,et al.  Application-level security for ROS-based applications , 2016, 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[5]  Jongkil Kim,et al.  Security and Performance Considerations in ROS 2: A Balancing Act , 2018, ArXiv.

[6]  Todd R. Andel,et al.  Cybersecurity issues in robotics , 2017, 2017 IEEE Conference on Cognitive and Computational Aspects of Situation Management (CogSIMA).

[7]  Vicente Matellán Olivera,et al.  Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS , 2016 .

[8]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[9]  Henrik I. Christensen,et al.  SROS: Securing ROS over the wire, in the graph, and through the kernel , 2016, ArXiv.

[10]  Berk Sunar,et al.  Credential Masquerading and OpenSSL Spy: Exploring ROS 2 using DDS security , 2019, ArXiv.

[11]  이철훈,et al.  실시간 운영체제에서 Data Distribution Service 설계 및 구현 , 2006 .

[12]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[13]  Stefanie Tellex,et al.  Scanning the Internet for ROS: A View of Security in Robotics Research , 2018, 2019 International Conference on Robotics and Automation (ICRA).

[14]  Micael S. Couceiro,et al.  On the Security of Robotic Applications Using ROS , 2018, Artificial Intelligence Safety and Security.

[15]  Yi Zhang,et al.  ROSRV: Runtime Verification for Robots , 2014, RV.

[16]  Peter Schartner,et al.  Security for the Robot Operating System , 2017, Robotics Auton. Syst..