Biblio

Throughout the Department of Defense, there are ongoing efforts to increase cybersecurity and improve data transfer in unmanned robotic systems (UxS). This paper explores the performance of the Robot Operating System (ROS) 2, which is built with the Data Distribution Service (DDS) standard as a middleware. Based on how quality of service (QoS) parameters are defined in the robotic middleware interface, it is possible to implement strict delivery requirements to different nodes on a dynamic nodal network with multiple unmanned systems connected. Through this research, different scenarios with varying QoS settings were implemented and compared to baseline values to help illustrate the impact of latency and throughput on data flow. DDS security settings were also enabled to help understand the cost of overhead and performance when secured data is compared to plaintext baseline values. Our experiments were performed using a basic ROS 2 network consisting of two nodes (one publisher and one subscriber). Our experiments showed a measurable latency and throughput change between different QoS profiles and security settings. We analyze the trends and tradeoffs associated with varying QoS and security settings. This paper provides performance data points that can be used to help future researchers and developers make informative choices when using ROS 2 for UxS.

With the wide application of modern robots, more concerns have been raised on security and privacy of robotic systems and applications. Although the Robot Operating System (ROS) is commonly used on different robots, there have been few work considering the security aspects of ROS. As ROS does not employ even the basic permission control mechanism, applications can access any resources without limitation, which could result in equipment damage, harm to human, as well as privacy leakage. In this paper we propose an access control mechanism for ROS based on an extended policy-based access control (PBAC) model. Specifically, we extend ROS to add an additional node dedicated for access control so that it can provide user identity and permission management services. The proposed mechanism also allows the administrator to revoke a permission dynamically. We implemented the proposed method in ROS and demonstrated its applicability and performance through several case studies.

Robotic Operating System(ROS) security research is currently in a preliminary state, with limited research in tools or models. Considering the trend of digitization of robotic systems, this lack of foundational knowledge increases the potential threat posed by security vulnerabilities in ROS. In this article, we present a new tool to assist further security research in ROS, ROSploit. ROSploit is a modular two-pronged offensive tool covering both reconnaissance and exploitation of ROS systems, designed to assist researchers in testing exploits for ROS.

Nowadays, robots are widely ubiquitous and integral part in our daily lives, which can be seen almost everywhere in industry, hospitals, military, etc. To provide remote access and control, usually robots are connected to local network or to the Internet through WiFi or Ethernet. As such, it is of great importance and of a critical mission to maintain the safety and the security access of such robots. Security threats may result in completely preventing the access and control of the robot. The consequences of this may be catastrophic and may cause an immediate physical damage to the robot. This paper aims to present a security risk assessment of the well-known PeopleBot; a mobile robot platform from Adept MobileRobots Company. Initially, we thoroughly examined security threats related to remote accessing the PeopleBot robot. We conducted an impact-oriented analysis approach on the wireless communication medium; the main method considered to remotely access the PeopleBot robot. Numerous experiments using SSH and server-client applications were conducted, and they demonstrated that certain attacks result in denying remote access service to the PeopleBot robot. Consequently and dangerously the robot becomes unavailable. Finally, we suggested one possible mitigation and provided useful conclusions to raise awareness of possible security threats on the robotic systems; especially when the robots are involved in critical missions or applications.