ROS2 Security Workshop | ROSCon 2019
Security workshop - Demonstrating vulnerabilities and ways to protect your robots
This workshop will demonstrate different real-world attacks performed on robots while teaching techniques on how to secure them against those attacks. This will include teaching on how to design threat models for robotics, hardening the ROS ecosystem through SROS2 as well as using several penetration testing tools to verify that the robot is no longer vulnerable to those attacks.
When
Wednesday, 30th October 2019 (14:00-17:00)
ROSCon is a single-track 2-day conference, the 2019 edition will take place in Macao during the week preceeding IROS, from October 31st to November 1st. Starting with the 2019 edition, ROSCon has a pre-conference workshops half-day, this workshop will thus take place on the afternoon of October 30th.
Where
Conrad Macao, Cotai Central (room Turfan 4301 - 4303):
For further Venue info, please visit the official ROSCon website:
Program
Preliminary Program
- [14:00] What types of security issues can impact your robot: ROS 2 Threat Model
- [14:30] TurtleBot 3 Demo App Presentation
- [15:00] How to encrypt node-to-node communication using SROS2
- [15:15] Coffee break
- [15:45] Reconnaissance in ROS 2
- [16:15] When encryption is not enough! Robotic Applications and DoS attacks
- [16:45] Conclusion, Q&A: what’s next for the ROS 2 security community?
Materials
Materials
Prerequisites for the workshop
- Docker CE Installed - Instructions
- A Linux based host system (preferably Ubuntu 18.04)
- rocker and off-your-rocker
Examples
- Turtlebot3 Session:
Supplemental
- Aztarna:
- ROS2 Fuzzer:
- ROS2 Threat Model:
References
Publications
Aztarna, a footprinting tool for robots
Industry 4.0 is changing the commonly held assumption that robots are to be deployed in closed and isolated networks. When analyzed from a security point of view, the global picture is disheartening: robotics industry has not seriously allocated effort to follow good security practices in the robots produced. Instead, most manufacturers keep forwarding the problem to the end-users of these machines. As learned in previous technological revolutions, such as at the dawn of PCs or smartphones, action needs to be taken in time to avoid disastrous consequences. In an attempt to provide the robotics and security communities with the right tools to perform assessments, in this paper we present aztarna, a footprinting tool for robotics. We discuss how such tool can facilitate the process of identifying vestiges of different robots, while maintaining an extensible structure aimed for future fingerprinting extensions. With this contribution, we aim to raise awareness and interest of the robotics community, robot manufacturers and robot end-users on the need of starting global actions to embrace security. We open source the tool and disclose preliminary results that demonstrate the current insecurity landscape in industry. We argue that the robotic ecosystem is in need of generating a robot security community, conscious about good practices and empowered by the right tools.
Mayoral Vilches Vı́ctor, Olalde Mendia, G., Perez Baskaran, X., Hernández Cordero, A., Usategui San Juan, L., Gil-Uriarte, E., … Alzola Kirschgens, L. (2018). Aztarna, a footprinting tool for robots. ArXiv e-Prints, arXiv:1812.09490.
External Links
- ROS2
- SROS2
Who
Speakers
Ruffin White | UCSD
Ruffin White is a Ph.D. student in the Contextual Robotics Institute at University of California San Diego, under the direction of Dr. Henrik Christensen. Having earned his Masters of Computer Science at the Institute for Robotics \& Intelligent Machines, Georgia Institute of Technology, he remains an active contributor to ROS and a collaborator with the Open Source Robotics Foundation. His research interests include mobile robotics, with an focus on secure sub-systems design, as well as advancing repeatable and reproducible research in the field of robotics by improving development tools and standards for robotic software.
Mikael Arguedas | Unaffiliated
Mikael received his joint MSc from GeorgiaTech and ENSEA (France) in 2015 with a major in Electronics and Computer Engineering and a minor in Computer Science. He worked as a research assistant at GTRI and developed Computer Vision algorithms for detection of rigid and deformable objects. Before that, Mikael received a BS in Embedded Systems, Robotics and RTOS from IUT Cachan in 2011. He has been working on various ROS projects during the last few years. He worked at Open Robotics from 2015 to 2018 where he worked on ROS2 and more relevantly authored the SROS2 tools.
Thomas Moulard | AWS Robotics 
Dr. Thomas Moulard is a Sr. Software Engineer at AWS Robotics, Amazon Web Services. Dr. Moulard received a Ph.D. from LAAS-CNRS in Toulouse, France in 2012 and was a Japan Society for the Promotion of Science (JSPS) Postdoctoral Research Fellow at the AIST from 2012 to 2014. From 2016 to 2018, Dr. Moulard worked for Alphabet/Google first as a software engineer on an undisclosed robotics project and then, as the Technical Lead of the Daydream Data Infrastructure team, designing cloud services to evaluate computer vision algorithms performance. In 2018, Dr. Moulard joined the AWS RoboMaker team. AWS RoboMaker is a service that makes it easy to develop, test, and deploy intelligent robotics applications at scale.
Víctor Mayoral Vilches | Alias Robotics
Víctor is a Robotics Engineer at Alias Robotics. He obtained two BS degrees, one in Telecommunications Engineering and another in Computer Science at Universidad Rey Juan Carlos I in Madrid, Spain. After that he received an MSc in Telecommunications Engineering with periods of stay at the Norwegian University of Science and Technology (NTNU) in Trondheim, Norway and at the Hanyang University in Seoul, South Korea. Later, he dropped out his PhD and co-founded Erle Robotics in 2015 which was acquired in 2016. Víctor has experience building different robots (from drones to industrial robotic arms) and has contributed to ROS 2 actively since 2014. Currently, he works a robotics engineer and studies the security of a variety of robot technologies.