On the (In) Security of Secure ROS2

News

[15/09/2022] This work is accepted by ACM CCS 2022. We open-source our project code at https://github.com/victomteng1997/SROS2_Broadcast_Encryption

If you are interested, you may also refer to the design documentation: https://victomteng1997.github.io/2021/05/20/ROS2-encryption-design/

[15/07/2022] Our suggested mitigations (certificate revocation) have been integrated to ROS2 rolling. It will be further included in the next version of the ROS2 stable release. The official documentation is available at SROS2 project: https://github.com/ros2/sros2/blob/rolling/SROS2_Linux.md

[19/03/2022] We are working with ROS2 team to reproduce the vulnerabilities in production environment, and implement the mitigation solution.

[19/12/2021] We are contacted by ROS2 official for possible research cooperation to patch the identified vulnerabilities.

Revision-related

Please find our analysis: differences of communication functions across multiple ROS2 versions.

General Information

This website contains the supporting materials for the work "On the (In)Security of Secure ROS2", submitted to ACMCCS 2022. We present the ROS2 software analysis and model checking details in the ROS2 Modeling subpage, and simulation/physical experiment results in the Experimental Results subpage, on the top right corner of the website.

Attack Exploitability

Since the four vulnerabilities are identified from the software level, they are exploitable as long as the target system contains the vulnerability. For verification purposes, we repeat exploitation on each attack 100 times to verify their exploitability.

Attack Summaries

Page updated

Google Sites

Report abuse