RUFFIN BECKWITH Senior Vice President World Golf Foundation.
Security fundamentals and ROS security - Ruffin · Security for the robot operating system....
Transcript of Security fundamentals and ROS security - Ruffin · Security for the robot operating system....
![Page 1: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/1.jpg)
Security fundamentals and ROS security
Bernhard Dieber, Sebastian Taurer
ROBOTICS – Institute for Robotics and MechatronicsJOANNEUM RESEARCH
Klagenfurt am Worthersee, Austria
01.10.2018
www.joanneum.at/roboticsTHE INNOVATION COMPANY
![Page 2: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/2.jpg)
Table of contents
1
ROBOTICS
Security basics
ROS (in)securityAttacks on ROSVideos
ROSPenTo Demonstration
THE INNOVATION COMPANY
![Page 3: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/3.jpg)
Institute for Robotics and Mechatronics
2
Founded 2015Focus on industrial roboticsand mechatronicshttps://www.joanneum.at/robotics
45 researchers in 2021 in 3groups
Mechatronic Systems
Robot Systems
Cognitive Robotics
[Taurer et al., 2018]THE INNOVATION COMPANY
![Page 4: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/4.jpg)
Cyber threats in robotics
3
Classically, robots have worked in isolationModern robots work in highly interconnected environmentsIndustry-grade robots are not harmless machinesRobots pose risks to property and lifeInsecure robots may be manipulated remotelyIndustrial security is breached frequently [Byres et al., 2004,Cheminod et al., 2013, Stouffer et al., 2015,Karnouskos, 2011, Nelson, 2016, Fairley, 2016]
THE INNOVATION COMPANY
![Page 5: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/5.jpg)
CIA+: The security objectives
4
ConfidentialityOnly the intended recipients can read dataHide the contents of messages from third-party observersEnabled by: Encryption
IntegrityPrevent data from being tampered/modified by a third partyPrevent spoofing/masquerading and the so called ”man in themiddle” attacksEnabled by: Integrity checks, hashes
AuthenticityA given entity’s claimed identity can be provenEnabled by: Certificates, digital signatures
AvailabilityEnsure that the system is working within defined boundaries
THE INNOVATION COMPANY
![Page 6: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/6.jpg)
CIA priorities
5
In production, the priorities are reversed compared to the classicaloffice environment. Availability is key!
Prio Office environment Production environment1 Confidentiality Availability2 Integrity Integrity3 Availability Confidentiality
THE INNOVATION COMPANY
![Page 7: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/7.jpg)
ROS1 security issues
6
ROS has no built-in security [McClean et al., 2013]Missing authentication, authorization and confidentialityfunctionsROS is an easy target
Exploit XMLRPC-APIUse stealth publisher attack to inject data or isolate subscribersUse service isolation for DoSUse malicious parameter attack to manipulate parametrizationfor individual nodes
THE INNOVATION COMPANY
![Page 8: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/8.jpg)
Master API1
7
XMLRPC API to interact with ROS masterEnables discovering publishers and servicesgetSystemState → get overview of whole networklookupNode → get URI of specific nodelookupService → get URI of specific serviceregister{Subscriber,Publisher} → subscribe, advertiseunregister{Subscriber,Publisher} → unsubscribe, unadvertiseNo authentication/authorization
1http://wiki.ros.org/ROS/Master_APITHE INNOVATION COMPANY
![Page 9: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/9.jpg)
Node API2
8
Communication mainly node2node (some Master→Node calls)publisherUpdate → send update on available publisersrequestTopic → perform subscriptionparamUpdate → send new parameter server valuesshutdown → kill nodeNo authentication/authorizationAfter XMLRPC-handshake, topic communication is doneusing a binary wire protocol (unencrypted)
2http://wiki.ros.org/ROS/Slave_APITHE INNOVATION COMPANY
![Page 10: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/10.jpg)
Communication structure in ROS
9
THE INNOVATION COMPANY
![Page 11: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/11.jpg)
M P S A
getSystemState, caller id[1, statusMessage, [ [topic, [P]] [topic, [S]] [] ]]
lookupNode, caller id , S[1, statusMessage, sURI]
lookupNode, caller id , P[1, statusMessage, pURI]
Phase 1Phase 1 Prepare attack
Figure: Sequence diagram of a Stealth Publisher AttackTHE INNOVATION COMPANY
![Page 12: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/12.jpg)
P S A
S chooses UDPROS
publisherUpdate, ”/master”, topic, [aURI][1,statusMessage, 0]
requestTopic, S, topic, ”TCPROS”requestTopic, S, topic, ”TCPROS”
[1,statusMessage,[”TCPROS”, pHost, pPort]][1,statusMessage,[”TCPROS”, aHost, aPort]]
TCPROS header hSTCPROS header hSTCPROS header hP
TCPROS header hPTopic message
Phase 2Phase 2 Run attack
Figure: Sequence diagram of a Stealth Publisher Attack (2)
THE INNOVATION COMPANY
![Page 13: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/13.jpg)
C M S A
getSystemState, ”caller”[1, ”current system state”, [ [] [] [service, [S]] ]]
lookupService, ”caller”, service[1,”rosrpc URI:” service-URI, service-URI]
unregisterService,S, service, service-URI1,”Unregistered ” S ” as provider of ” service, 1
TCPROS-HeaderTCPROS-HeaderService-Request
Service-ResponselookupService, C , service
[-1, ”no provider”, ””]
Figure: Sequence diagram of a Service Isolation AttackTHE INNOVATION COMPANY
![Page 14: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/14.jpg)
M N A
subscribeParam, caller id , nURI, ”param1”
[1,statusMessage, param1Value]
getParam, calleri d , paramKey
[1,statusMessage, param1Value]
lookupNode, calleri d , N
[1, statusMessage, nURI]
unsubscribeParam, N, nURI, paramKey
[1, statusMessage, numUnsubscribed]
paramUpdate, ”/master”, paramKey , newValue
[1,” ”, 0]
Figure: Sequence diagram of a malicious parameter update attack
THE INNOVATION COMPANY
![Page 15: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/15.jpg)
Some Videos
14
Disabling safety functionsDisturbing a MiR robot
THE INNOVATION COMPANY
![Page 16: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/16.jpg)
ROSPenTo
15
Penetration testing tool for ROShttps://github.com/jr-robotics/ROSPenTo
Analyze multiple ROS networksReroute communicationIsolate servicesManipulate parametersAlternative: roschaosCountermeasures: [Dieber et al., 2017, White et al., 2016],http://secure-ros.csl.sri.com/
Video
THE INNOVATION COMPANY
![Page 17: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/17.jpg)
References I
16
Byres, E., Dr, P. E., & Hoffman, D. (2004).The myths and facts behind cyber security risks for industrial control systems.In In Proc. of VDE Kongress.
Cheminod, M., Durante, L., & Valenzano, A. (2013).Review of security issues in industrial networks.Industrial Informatics, IEEE Transactions on, 9(1), 277–293.
Dieber, B., Breiling, B., Taurer, S., Kacianka, S., Rass, S., & Schartner, P. (2017).Security for the robot operating system.Robotics and Autonomous Systems, 98, 192–203.
Fairley, P. (2016).Cybersecurity at u.s. utilities due for an upgrade: Tech to detect intrusions into industrial control systemswill be mandatory [news].IEEE Spectrum, 53(5), 11–13.
Karnouskos, S. (2011).Stuxnet worm impact on industrial cyber-physical system security.In 37th Annual Conference of the IEEE Industrial Electronics Society (IECON 2011) (pp. 4490–4494).
McClean, J., Stull, C., Farrar, C., & MascareÃśas, D. (2013).A preliminary cyber-physical security assessment of the robot operating system (ros).In Proc. SPIE, volume 8741 (pp. 874110–874110–8).
THE INNOVATION COMPANY
![Page 18: Security fundamentals and ROS security - Ruffin · Security for the robot operating system. Robotics and Autonomous Systems, 98, 192–203. Fairley, P. (2016). Cybersecurity at u.s.](https://reader033.fdocuments.us/reader033/viewer/2022042321/5f0b40e07e708231d42f9a43/html5/thumbnails/18.jpg)
References II
17
Nelson, N. (2016).The Impact of Dragonfly Malware on Industrial Control Systems.Technical report, SANS Institute.
Stouffer, K., Pillitteri, V., Lightman, S., Abrams, M., & Hahn, A. (2015).Guide to Industrial Control Systems (ICS) Security.Technical report, National Institute of Standards and Technology.NIST Special Publication 800-82, Revision 2.
Taurer, S., Dieber, B., & Schartner, P. (2018).Secure data recording and bio-inspired functional integrity for intelligent robots.In Proceedings of the 2018 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS2018).
White, R., Christensen, H., & Quigley, M. (2016).Sros: Securing ros over the wire, in the graph, and through the kernel.In Proceedings of the IEEE-RAS International Conference on Humanoid Robots (HUMANOIDS).
THE INNOVATION COMPANY