-
SROS2: Usable Cyber Security Tools for ROS 2
Authors:
Victor Mayoral Vilches,
Ruffin White,
Gianluca Caiazza,
Mikael Arguedas
Abstract:
ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding security to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-ce…
▽ More
ROS 2 is rapidly becoming a standard in the robotics industry. Built upon DDS as its default communication middleware and used in safety-critical scenarios, adding security to robots and ROS computational graphs is increasingly becoming a concern. The present work introduces SROS2, a series of developer tools and libraries that facilitate adding security to ROS 2 graphs. Focusing on a usability-centric approach in SROS2, we present a methodology for securing graphs systematically while following the DevSecOps model. We also demonstrate the use of our security tools by presenting an application case study that considers securing a graph using the popular Navigation2 and SLAM Toolbox stacks applied in a TurtleBot3 robot. We analyse the current capabilities of SROS2 and discuss the shortcomings, which provides insights for future contributions and extensions. Ultimately, we present SROS2 as usable security tools for ROS 2 and argue that without usability, security in robotics will be greatly impaired.
△ Less
Submitted 4 August, 2022;
originally announced August 2022.
-
Cybersecurity in Robotics: Challenges, Quantitative Modeling, and Practice
Authors:
Quanyan Zhu,
Stefan Rass,
Bernhard Dieber,
Victor Mayoral Vilches
Abstract:
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This book aims to st…
▽ More
Robotics is becoming more and more ubiquitous, but the pressure to bring systems to market occasionally goes at the cost of neglecting security mechanisms during the development, deployment or while in production. As a result, contemporary robotic systems are vulnerable to diverse attack patterns, and an a posteriori hardening is at least challenging, if not impossible at all. This book aims to stipulate the inclusion of security in robotics from the earliest design phases onward and with a special focus on the cost-benefit tradeoff that can otherwise be an inhibitor for the fast development of affordable systems. We advocate quantitative methods of security management and design, covering vulnerability scoring systems tailored to robotic systems, and accounting for the highly distributed nature of robots as an interplay of potentially very many components. A powerful quantitative approach to model-based security is offered by game theory, providing a rich spectrum of techniques to optimize security against various kinds of attacks. Such a multi-perspective view on security is necessary to address the heterogeneity and complexity of robotic systems. This book is intended as an accessible starter for the theoretician and practitioner working in the field.
△ Less
Submitted 9 September, 2021; v1 submitted 9 March, 2021;
originally announced March 2021.
-
Introducing the Robot Vulnerability Database (RVD)
Authors:
Víctor Mayoral Vilches,
Lander Usategui San Juan,
Bernhard Dieber,
Unai Ayucar Carbajo,
Endika Gil-Uriarte
Abstract:
Cybersecurity in robotics is an emerging topic that has gained significant traction. Researchers have demonstrated some of the potentials and effects of cyber attacks on robots lately. This implies safety related adverse consequences causing human harm, death or lead to significant integrity loss clearly overcoming the privacy concerns in classical IT world. In cybersecurity research, the use of v…
▽ More
Cybersecurity in robotics is an emerging topic that has gained significant traction. Researchers have demonstrated some of the potentials and effects of cyber attacks on robots lately. This implies safety related adverse consequences causing human harm, death or lead to significant integrity loss clearly overcoming the privacy concerns in classical IT world. In cybersecurity research, the use of vulnerability databases is a very reliable tool to responsibly disclose vulnerabilities in software products and raise willingness of vendors to address these issues. In this paper we argue, that existing vulnerability databases are of insufficient information density and show some biased content with respect to vulnerabilities in robots. This paper presents the Robot Vulnerability Database (RVD), a directory for responsible disclosure of bugs, weaknesses and vulnerabilities in robots. This article aims to describe the design and process as well as the associated disclosure policy behind RVD. Furthermore the authors present preliminary selected vulnerabilities already contained in RVD and call to the robotics and security communities for contribution to the endeavour of eliminating zero-day vulnerabilities in robotics.
△ Less
Submitted 12 November, 2021; v1 submitted 24 December, 2019;
originally announced December 2019.
-
ROS2Learn: a reinforcement learning framework for ROS 2
Authors:
Yue Leire Erro Nuin,
Nestor Gonzalez Lopez,
Elias Barba Moral,
Lander Usategui San Juan,
Alejandro Solano Rueda,
Víctor Mayoral Vilches,
Risto Kojcev
Abstract:
We propose a novel framework for Deep Reinforcement Learning (DRL) in modular robotics to train a robot directly from joint states, using traditional robotic tools. We use an state-of-the-art implementation of the Proximal Policy Optimization, Trust Region Policy Optimization and Actor-Critic Kronecker-Factored Trust Region algorithms to learn policies in four different Modular Articulated Robotic…
▽ More
We propose a novel framework for Deep Reinforcement Learning (DRL) in modular robotics to train a robot directly from joint states, using traditional robotic tools. We use an state-of-the-art implementation of the Proximal Policy Optimization, Trust Region Policy Optimization and Actor-Critic Kronecker-Factored Trust Region algorithms to learn policies in four different Modular Articulated Robotic Arm (MARA) environments. We support this process using a framework that communicates with typical tools used in robotics, such as Gazebo and Robot Operating System 2 (ROS 2). We evaluate several algorithms in modular robots with an empirical study in simulation.
△ Less
Submitted 18 March, 2019; v1 submitted 14 March, 2019;
originally announced March 2019.
-
gym-gazebo2, a toolkit for reinforcement learning using ROS 2 and Gazebo
Authors:
Nestor Gonzalez Lopez,
Yue Leire Erro Nuin,
Elias Barba Moral,
Lander Usategui San Juan,
Alejandro Solano Rueda,
Víctor Mayoral Vilches,
Risto Kojcev
Abstract:
This paper presents an upgraded, real world application oriented version of gym-gazebo, the Robot Operating System (ROS) and Gazebo based Reinforcement Learning (RL) toolkit, which complies with OpenAI Gym. The content discusses the new ROS 2 based software architecture and summarizes the results obtained using Proximal Policy Optimization (PPO). Ultimately, the output of this work presents a benc…
▽ More
This paper presents an upgraded, real world application oriented version of gym-gazebo, the Robot Operating System (ROS) and Gazebo based Reinforcement Learning (RL) toolkit, which complies with OpenAI Gym. The content discusses the new ROS 2 based software architecture and summarizes the results obtained using Proximal Policy Optimization (PPO). Ultimately, the output of this work presents a benchmarking system for robotics that allows different techniques and algorithms to be compared using the same virtual conditions. We have evaluated environments with different levels of complexity of the Modular Articulated Robotic Arm (MARA), reaching accuracies in the millimeter scale. The converged results show the feasibility and usefulness of the gym-gazebo 2 toolkit, its potential and applicability in industrial use cases, using modular robots.
△ Less
Submitted 18 March, 2019; v1 submitted 14 March, 2019;
originally announced March 2019.
-
Volatile memory forensics for the Robot Operating System
Authors:
Víctor Mayoral Vilches,
Laura Alzola Kirschgens,
Endika Gil-Uriarte,
Alejandro Hernández,
Bernhard Dieber
Abstract:
The increasing impact of robotics on industry and on society will unavoidably lead to the involvement of robots in incidents and mishaps. In such cases, forensic analyses are key techniques to provide useful evidence on what happened, and try to prevent future incidents. This article discusses volatile memory forensics for the Robot Operating System (ROS). The authors start by providing a general…
▽ More
The increasing impact of robotics on industry and on society will unavoidably lead to the involvement of robots in incidents and mishaps. In such cases, forensic analyses are key techniques to provide useful evidence on what happened, and try to prevent future incidents. This article discusses volatile memory forensics for the Robot Operating System (ROS). The authors start by providing a general overview of forensic techniques in robotics and then present a robotics-specific Volatility plugin named linux_rosnode, packaged within the ros_volatility project and aimed to extract evidence from robot's volatile memory. They demonstrate how this plugin can be used to detect a specific attack pattern on ROS, where a publisher node is unregistered externally, leading to denial of service and disruption of robotic behaviors. Step-by-step, common practices are introduced for performing forensic analysis and several techniques to capture memory are described. The authors finalize by introducing some future remarks while providing references to reproduce their work.
△ Less
Submitted 22 December, 2018;
originally announced December 2018.
-
Aztarna, a footprinting tool for robots
Authors:
Víctor Mayoral Vilches,
Gorka Olalde Mendia,
Xabier Perez Baskaran,
Alejandro Hernández Cordero,
Lander Usategui San Juan,
Endika Gil-Uriarte,
Odei Olalde Saez de Urabain,
Laura Alzola Kirschgens
Abstract:
Industry 4.0 is changing the commonly held assumption that robots are to be deployed in closed and isolated networks. When analyzed from a security point of view, the global picture is disheartening: robotics industry has not seriously allocated effort to follow good security practices in the robots produced. Instead, most manufacturers keep forwarding the problem to the end-users of these machine…
▽ More
Industry 4.0 is changing the commonly held assumption that robots are to be deployed in closed and isolated networks. When analyzed from a security point of view, the global picture is disheartening: robotics industry has not seriously allocated effort to follow good security practices in the robots produced. Instead, most manufacturers keep forwarding the problem to the end-users of these machines. As learned in previous technological revolutions, such as at the dawn of PCs or smartphones, action needs to be taken in time to avoid disastrous consequences. In an attempt to provide the robotics and security communities with the right tools to perform assessments, in this paper we present aztarna, a footprinting tool for robotics. We discuss how such tool can facilitate the process of identifying vestiges of different robots, while maintaining an extensible structure aimed for future fingerprinting extensions. With this contribution, we aim to raise awareness and interest of the robotics community, robot manufacturers and robot end-users on the need of starting global actions to embrace security. We open source the tool and disclose preliminary results that demonstrate the current insecurity landscape in industry. We argue that the robotic ecosystem is in need of generating a robot security community, conscious about good practices and empowered by the right tools.
△ Less
Submitted 21 September, 2019; v1 submitted 22 December, 2018;
originally announced December 2018.
-
Robotics CTF (RCTF), a playground for robot hacking
Authors:
Gorka Olalde Mendia,
Lander Usategui San Juan,
Xabier Perez Bascaran,
Asier Bilbao Calvo,
Alejandro Hernández Cordero,
Irati Zamalloa Ugarte,
Aday Muñiz Rosas,
David Mayoral Vilches,
Unai Ayucar Carbajo,
Laura Alzola Kirschgens,
Víctor Mayoral Vilches,
Endika Gil-Uriarte
Abstract:
Robots state of insecurity is onstage. There is an emerging concern about major robot vulnerabilities and their adverse consequences. However, there is still a considerable gap between robotics and cybersecurity domains. For the purpose of filling that gap, the present technical report presents the Robotics CTF (RCTF), an online playground to challenge robot security from any browser. We describe…
▽ More
Robots state of insecurity is onstage. There is an emerging concern about major robot vulnerabilities and their adverse consequences. However, there is still a considerable gap between robotics and cybersecurity domains. For the purpose of filling that gap, the present technical report presents the Robotics CTF (RCTF), an online playground to challenge robot security from any browser. We describe the architecture of the RCTF and provide 9 scenarios where hackers can challenge the security of different robotic setups. Our work empowers security researchers to a) reproduce virtual robotic scenarios locally and b) change the networking setup to mimic real robot targets. We advocate for hacker powered security in robotics and contribute by open sourcing our scenarios.
△ Less
Submitted 12 November, 2021; v1 submitted 1 October, 2018;
originally announced October 2018.
-
Time Synchronization in modular collaborative robots
Authors:
Carlos San Vicente Gutiérrez,
Lander Usategui San Juan,
Irati Zamalloa Ugarte,
Iñigo Muguruza Goenaga,
Laura Alzola Kirschgens,
Víctor Mayoral Vilches
Abstract:
A new generation of robot systems which are modular, flexible and safe for human-robot interaction are needed. Existing cobots seem to meet only the later and require a modular approach to improve their reconfigurability and interoperability. We propose a new sub-class of cobots named M-cobots which tackle these problems. In particular, we discuss the relevance of synchronization for these systems…
▽ More
A new generation of robot systems which are modular, flexible and safe for human-robot interaction are needed. Existing cobots seem to meet only the later and require a modular approach to improve their reconfigurability and interoperability. We propose a new sub-class of cobots named M-cobots which tackle these problems. In particular, we discuss the relevance of synchronization for these systems, analyze it and demonstrate how with a properly configured M-cobot, we are able to obtain a) distributed sub-microsecond clock synchronization accuracy among modules, b) timestamping accuracy of ROS 2.0 messages under 100 microseconds and c) millisecond-level end-to-end communication latencies, even when disturbed with networking overloads of up to 90% of the network capacity.
△ Less
Submitted 19 September, 2018;
originally announced September 2018.
-
Towards a distributed and real-time framework for robots: Evaluation of ROS 2.0 communications for real-time robotic applications
Authors:
Carlos San Vicente Gutiérrez,
Lander Usategui San Juan,
Irati Zamalloa Ugarte,
Víctor Mayoral Vilches
Abstract:
In this work we present an experimental setup to show the suitability of ROS 2.0 for real-time robotic applications. We disclose an evaluation of ROS 2.0 communications in a robotic inter-component (hardware) communication case on top of Linux. We benchmark and study the worst case latencies and missed deadlines to characterize ROS 2.0 communications for real-time applications. We demonstrate expe…
▽ More
In this work we present an experimental setup to show the suitability of ROS 2.0 for real-time robotic applications. We disclose an evaluation of ROS 2.0 communications in a robotic inter-component (hardware) communication case on top of Linux. We benchmark and study the worst case latencies and missed deadlines to characterize ROS 2.0 communications for real-time applications. We demonstrate experimentally how computation and network congestion impacts the communication latencies and ultimately, propose a setup that, under certain conditions, mitigates these delays and obtains bounded traffic.
△ Less
Submitted 7 September, 2018;
originally announced September 2018.
-
Real-time Linux communications: an evaluation of the Linux communication stack for real-time robotic applications
Authors:
Carlos San Vicente Gutiérrez,
Lander Usategui San Juan,
Irati Zamalloa Ugarte,
Víctor Mayoral Vilches
Abstract:
As robotics systems become more distributed, the communications between different robot modules play a key role for the reliability of the overall robot control. In this paper, we present a study of the Linux communication stack meant for real-time robotic applications. We evaluate the real-time performance of UDP based communications in Linux on multi-core embedded devices as test platforms. We p…
▽ More
As robotics systems become more distributed, the communications between different robot modules play a key role for the reliability of the overall robot control. In this paper, we present a study of the Linux communication stack meant for real-time robotic applications. We evaluate the real-time performance of UDP based communications in Linux on multi-core embedded devices as test platforms. We prove that, under an appropriate configuration, the Linux kernel greatly enhances the determinism of communications using the UDP protocol. Furthermore, we demonstrate that concurrent traffic disrupts the bounded latencies and propose a solution by separating the real-time application and the corresponding interrupt in a CPU.
△ Less
Submitted 30 August, 2018;
originally announced August 2018.
-
Robot_gym: accelerated robot training through simulation in the cloud with ROS and Gazebo
Authors:
Víctor Mayoral Vilches,
Alejandro Hernández Cordero,
Asier Bilbao Calvo,
Irati Zamalloa Ugarte,
Risto Kojcev
Abstract:
Rather than programming, training allows robots to achieve behaviors that generalize better and are capable to respond to real-world needs. However, such training requires a big amount of experimentation which is not always feasible for a physical robot. In this work, we present robot_gym, a framework to accelerate robot training through simulation in the cloud that makes use of roboticists' tools…
▽ More
Rather than programming, training allows robots to achieve behaviors that generalize better and are capable to respond to real-world needs. However, such training requires a big amount of experimentation which is not always feasible for a physical robot. In this work, we present robot_gym, a framework to accelerate robot training through simulation in the cloud that makes use of roboticists' tools, simplifying the development and deployment processes on real robots. We unveil that, for simple tasks, simple 3DoF robots require more than 140 attempts to learn. For more complex, 6DoF robots, the number of attempts increases to more than 900 for the same task. We demonstrate that our framework, for simple tasks, accelerates the robot training time by more than 33% while maintaining similar levels of accuracy and repeatability.
△ Less
Submitted 30 August, 2018;
originally announced August 2018.
-
Towards an open standard for assessing the severity of robot security vulnerabilities, the Robot Vulnerability Scoring System (RVSS)
Authors:
Víctor Mayoral Vilches,
Endika Gil-Uriarte,
Irati Zamalloa Ugarte,
Gorka Olalde Mendia,
Rodrigo Izquierdo Pisón,
Laura Alzola Kirschgens,
Asier Bilbao Calvo,
Alejandro Hernández Cordero,
Lucas Apa,
César Cerrudo
Abstract:
Robots are typically not created with security as a main concern. Contrasting to typical IT systems, cyberphysical systems rely on security to handle safety aspects. In light of the former, classic scoring methods such as the Common Vulnerability Scoring System (CVSS) are not able to accurately capture the severity of robot vulnerabilities. The present research work focuses upon creating an open a…
▽ More
Robots are typically not created with security as a main concern. Contrasting to typical IT systems, cyberphysical systems rely on security to handle safety aspects. In light of the former, classic scoring methods such as the Common Vulnerability Scoring System (CVSS) are not able to accurately capture the severity of robot vulnerabilities. The present research work focuses upon creating an open and free to access Robot Vulnerability Scoring System (RVSS) that considers major relevant issues in robotics including a) robot safety aspects, b) assessment of downstream implications of a given vulnerability, c) library and third-party scoring assessments and d) environmental variables, such as time since vulnerability disclosure or exposure on the web. Finally, an experimental evaluation of RVSS with contrast to CVSS is provided and discussed with focus on the robotics security landscape.
△ Less
Submitted 12 November, 2021; v1 submitted 26 July, 2018;
originally announced July 2018.
-
Robot hazards: from safety to security
Authors:
Laura Alzola Kirschgens,
Irati Zamalloa Ugarte,
Endika Gil Uriarte,
Aday Muñiz Rosas,
Víctor Mayoral Vilches
Abstract:
Robotics landscape is experiencing big changes. Robots are spreading and will soon be everywhere. Systems traditionally employed in industry are being replaced by collaborative robots, while more and more professional and consumer robots are introduced in people's daily activities. Robots are increasingly intertwined with other facets of IT and envisioned to get much more autonomy, interacting phy…
▽ More
Robotics landscape is experiencing big changes. Robots are spreading and will soon be everywhere. Systems traditionally employed in industry are being replaced by collaborative robots, while more and more professional and consumer robots are introduced in people's daily activities. Robots are increasingly intertwined with other facets of IT and envisioned to get much more autonomy, interacting physically with humans. We claim that, following Personal Computers (PCs) and smartphones, robots are the next technological revolution and yet, robot security is being ignored by manufacturers. The present paper aims to alert about the need of dealing not only with safety but with robot security from the very beginning of the forthcoming technological era. We provide herein a document that reviews robot hazards and analyzes the consequences of not facing these issues. We advocate strongly for a security-first approach as a must to be implemented now.
△ Less
Submitted 12 November, 2021; v1 submitted 11 June, 2018;
originally announced June 2018.
-
Introducing the Robot Security Framework (RSF), a standardized methodology to perform security assessments in robotics
Authors:
Víctor Mayoral Vilches,
Laura Alzola Kirschgens,
Asier Bilbao Calvo,
Alejandro Hernández Cordero,
Rodrigo Izquierdo Pisón,
David Mayoral Vilches,
Aday Muñiz Rosas,
Gorka Olalde Mendia,
Lander Usategi San Juan,
Irati Zamalloa Ugarte,
Endika Gil-Uriarte,
Erik Tews,
Andreas Peter
Abstract:
Robots have gained relevance in society, increasingly performing critical tasks. Nonetheless, robot security is being underestimated. Robotics security is a complex landscape, which often requires a cross-disciplinar perspective to which classical security lags behind. To address this issue, we present the Robot Security Framework (RSF), a methodology to perform systematic security assessments in…
▽ More
Robots have gained relevance in society, increasingly performing critical tasks. Nonetheless, robot security is being underestimated. Robotics security is a complex landscape, which often requires a cross-disciplinar perspective to which classical security lags behind. To address this issue, we present the Robot Security Framework (RSF), a methodology to perform systematic security assessments in robots. We propose, adapt and develop specific terminology and provide guidelines to enable a holistic security assessment following four main layers (Physical, Network, Firmware and Application). We argue that modern robotics should regard as equally relevant internal and external communication security. Finally, we advocate against "security by obscurity". We conclude that the field of security in robotics deserves further research efforts.
△ Less
Submitted 12 November, 2021; v1 submitted 11 June, 2018;
originally announced June 2018.
-
Time-Sensitive Networking for robotics
Authors:
Carlos San Vicente Gutiérrez,
Lander Usategui San Juan,
Irati Zamalloa Ugarte,
Víctor Mayoral Vilches
Abstract:
We argue that Time-Sensitive Networking (TSN) will become the de facto standard for real-time communications in robotics. We present a review and classification of the different communication standards which are relevant for the field and introduce the typical problems with traditional switched Ethernet networks. We discuss some of the TSN features relevant for deterministic communications and eva…
▽ More
We argue that Time-Sensitive Networking (TSN) will become the de facto standard for real-time communications in robotics. We present a review and classification of the different communication standards which are relevant for the field and introduce the typical problems with traditional switched Ethernet networks. We discuss some of the TSN features relevant for deterministic communications and evaluate experimentally one of the shaping mechanisms in an exemplary robotic scenario. In particular, and based on our results, we claim that many of the existing real-time industrial solutions will slowly be replaced by TSN. And that this will lead towards a unified landscape of physically interoperable robot and robot components.
△ Less
Submitted 11 September, 2018; v1 submitted 20 April, 2018;
originally announced April 2018.
-
Extending the OpenAI Gym for robotics: a toolkit for reinforcement learning using ROS and Gazebo
Authors:
Iker Zamora,
Nestor Gonzalez Lopez,
Victor Mayoral Vilches,
Alejandro Hernandez Cordero
Abstract:
This paper presents an extension of the OpenAI Gym for robotics using the Robot Operating System (ROS) and the Gazebo simulator. The content discusses the software architecture proposed and the results obtained by using two Reinforcement Learning techniques: Q-Learning and Sarsa. Ultimately, the output of this work presents a benchmarking system for robotics that allows different techniques and al…
▽ More
This paper presents an extension of the OpenAI Gym for robotics using the Robot Operating System (ROS) and the Gazebo simulator. The content discusses the software architecture proposed and the results obtained by using two Reinforcement Learning techniques: Q-Learning and Sarsa. Ultimately, the output of this work presents a benchmarking system for robotics that allows different techniques and algorithms to be compared using the same virtual conditions.
△ Less
Submitted 7 February, 2017; v1 submitted 19 August, 2016;
originally announced August 2016.