Message Encryption in Robot Operating System: Collateral Effects of Hardening Mobile Robots

In human-robot interaction situations, robot sensors collect huge amounts of data from the environment in order to characterize the situation. Some of the gathered data ought to be treated as private, such as medical data (i.e., medication guidelines), personal and safety information (i.e., images of children, home habits, alarm codes, etc.). However, most robotic software development frameworks are not designed for securely managing this information. This paper analyzes the scenario of hardening one of the most widely used robotic middlewares, Robot Operating System (ROS). The study investigates a robot’s performance when ciphering the messages interchanged between ROS nodes under the publish/subscribe paradigm. In particular, this research focuses on the nodes which manage cameras and LIDAR sensors, which are two of the most extended sensing solutions in mobile robotics, and analyzes the collateral effects on the robot's achievement under different computing capabilities and encryption algorithms (3DES, AES and Blowfish) to robot performance. The findings present empirical evidence that simple encryption algorithms are lightweight enough to provide cyber-security even in low-powered robots when carefully designed and implemented. Nevertheless, these techniques come with a number of serious drawbacks regarding robot autonomy and performance if they are applied randomly. To avoid these issues, we define a taxonomy that links the type of ROS message, computational units, and the encryption methods. As a result, we present a model to select the optimal options for hardening a mobile robot using ROS.

[1]  Bhavani M. Thuraisingham,et al.  Cyberphysical systems security applied to telesurgical robotics , 2012, Comput. Stand. Interfaces.

[2]  D. K. Branstad,et al.  Data Encryption Standard: past and future , 1988, Proc. IEEE.

[3]  Y. S. Feruza,et al.  IT Security Review: Privacy, Protection, Access Control, Assurance and System Security , 2007 .

[4]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[5]  Geok See Ng,et al.  Empirical Assessment of Methods to Detect Cyber Attacks on a Robot , 2016, 2016 IEEE 17th International Symposium on High Assurance Systems Engineering (HASE).

[6]  Thomas Hardjono,et al.  Security In Wireless LANS And MANS (Artech House Computer Security) , 2005 .

[7]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[8]  Tadayoshi Kohno,et al.  A spotlight on security and privacy risks with future household robots: attacks and lessons , 2009, UbiComp.

[9]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[10]  Yi Zhang,et al.  ROSRV: Runtime Verification for Robots , 2014, RV.

[11]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods and Techniques , 2001 .

[12]  Carlos Balaguer,et al.  Cryptobotics: Why Robots Need Cyber Safety , 2015, Front. Robot. AI.

[13]  Morris J. Dworkin,et al.  Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping , 2012 .

[14]  Tetsu Iwata,et al.  Authenticated Encryption Mode for Beyond the Birthday Bound Security , 2008, AFRICACRYPT.

[15]  George Loukas,et al.  Performance Evaluation of Cyber-Physical Intrusion Detection on a Robotic Vehicle , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[16]  Bruce Schneier,et al.  Performance Comparison of the AES Submissions , 1999 .

[17]  Shajulin Benedict,et al.  Energy-aware performance analysis methodologies for HPC architectures - An exploratory study , 2012, J. Netw. Comput. Appl..

[18]  Andrew J. Davison,et al.  Real-Time Camera Tracking: When is High Frame-Rate Best? , 2012, ECCV.

[19]  Shaza D. Rihan,et al.  A Performance Comparison of Encryption Algorithms AES and DES , 2015 .

[20]  Peter Schartner,et al.  Application-level security for ROS-based applications , 2016, 2016 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS).

[21]  Priyadarshini Patil,et al.  A Comprehensive Evaluation of Cryptographic Algorithms , 2016 .

[22]  Bruce Schneier,et al.  Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[23]  Vicente Matellán Olivera,et al.  Cybersecurity in Autonomous Systems: Evaluating the performance of hardening ROS , 2016 .

[24]  Andriy Panchenko,et al.  Towards Practical Attacker Classification for Risk Analysis in Anonymous Communication , 2006, Communications and Multimedia Security.

[25]  Peter Schartner,et al.  Secure communication for the robot operating system , 2017, 2017 Annual IEEE International Systems Conference (SysCon).

[26]  Priyadarshini Patila,et al.  A Comprehensive Evaluation of Cryptographic Algorithms : DES , 3 DES , AES , RSA and Blowfish , 2016 .

[27]  Mohammad Reza Khayyambashi,et al.  Performance Evaluation of Authentication-Encryption and Confidentiality Block Cipher Modes of Operation on Digital Image , 2017 .

[28]  Morgan Quigley,et al.  ROS: an open-source Robot Operating System , 2009, ICRA 2009.

[29]  Mohey M. Hadhoud,et al.  Evaluating The Performance of Symmetric Encryption Algorithms , 2010, Int. J. Netw. Secur..

[30]  Mohie M. Hadhoud,et al.  Performance Evaluation of Symmetric Encryption Algorithms , 2008 .

[31]  David Mascareñas,et al.  A preliminary cyber-physical security assessment of the Robot Operating System (ROS) , 2013, Defense, Security, and Sensing.

[32]  M.Y. Javed,et al.  A Performance Comparison of Data Encryption Algorithms , 2005, 2005 International Conference on Information and Communication Technologies.