Enhancing Security in ROS

Caiazza, Gianluca; White, Ruffin; Cortesi, Agostino

doi:10.1007/978-981-13-3702-4_1

Cited by 3 publications

(2 citation statements)

References 10 publications

(10 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While this is not the norm as far as ROS system design is concerned, there is a strict limit to what users can do to secure their ROS systems without a cryptographic system. Previous research has fully mapped out this limit [27] [13] [7]. We make no assumptions about the security of any ROS packages or a user's ability to patch the system's underlying software.…”

Section: Threat Modelmentioning

confidence: 99%

ROS-Immunity: Integrated Approach for the Security of ROS-enabled Robotic Systems

Rivera¹,

Iannillo²,

State³

2020

Preprint

View full text Add to dashboard Cite

The Robotic Operating System (ROS) is the de-facto standard for the development of modular robotic systems. However, ROS is notorious for the absence of security mechanisms, only partially covered by recent advancements. Indeed, an attacker can easily break into ROS-enabled systems and hijacks arbitrary messages. We propose an integrated solution, ROS-Immunity, with small overhead that allows ROS users to harden their systems against attackers. The solution consists of three components: robustness assessment, automatic rule generation, and distributed defense with a firewall. ROSImmunity is also able to detect on-going attacks that exploit new vulnerabilities in ROS systems. We evaluated our solution against four use-cases: a self-driving car, a swarm robotic system, a centralized assembly line, and a real-world decentralized one. ROS-Immunity was found to have minimal overhead, with only an additional 7-18% extra system power per robot required to operate it. Furthermore, ROS-Immunity was able to prevent a wide variety of ROS system attacks with a worst-case false positive rate of only 17% and a typical false positive rate of 8%. Finally, ROS-Immunity was found to be able to react to and stop attackers after at most 2.4 seconds, when confronted with unknown vulnerabilities.

show abstract

Section: Threat Modelmentioning

confidence: 99%

ROS-Immunity: Integrated Approach for the Security of ROS-enabled Robotic Systems

Rivera¹,

Iannillo²,

State³

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…As discussed by Caiazza el al. [14], the remote agent could then pick and choose the minimal required set of sub-tokens to be shared to gain access. This potentially adds to the complexity of the CA provisioning and expiration of permissions, as well as the coordination of exchange tokens during runtime.…”

Section: Future Workmentioning

confidence: 99%

Network Reconnaissance and Vulnerability Excavation of Secure DDS Systems

White

Caiazza

Jiang

et al. 2019

2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Self Cite

View full text Add to dashboard Cite

Data Distribution Service (DDS) is a realtime peerto-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

show abstract