| ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange |
I can't answer whether "ROS 2.0 really [is] more secure than ROS 1.0" as ROS2 is still under development and many things are being hashed out.
I will leave two comments here regarding (node graph) security and ROS1 and ROS2:
for ROS1, see Ruffin White's presentation about SROS at ROSCon16 (presentation slides and the video). SROS aims to secure both dataflows (node<->node, master<->node), as well as graph state (access control for node connections & node graph topography auditing) using (amongst other things) a combination of PKI and infrastructure such as AppArmor.
SROS is currently a Python-only affair, but I can tell you that similar efforts have already been undertaken for roscpp, and that I expect those to be released in the near future.
for ROS2 the situation is less clear. Discussions about security have taken place on the ng-ros SIG (see Cyber security of communications and being locked into DDS going forward fi). The ROS2 design documentation currently does not have an article on security aspects though.
However: the main middleware targeted by ROS2, DDS, is in the process of being extended with security infrastructure supporting authentication, access control, (graph state) auditing / monitoring and encryption of dataflows. The extensions are described as being in "beta 1", so haven't been ratified for inclusion into the main standard yet (but almost surely will be). See Documents Associated with DDS Security (DDS-SECURITY), Version 1.0 - Beta 2 for the relevant documents. Note that even though the extensions are still under evaluation, there are already vendors that have implemented support for them, such as RTI (RTI Connext DDS Secure).
This is at the middleware layer only, but that already covers a significant part of the possible attack vectors in a distributed system such as ROS.
Finally: security was explicitly (AFAIK, I was not part of the development team, nor am I now) not considered in the ROS1 design: its goal was to facilitate almost effortless information exchange between (potentially widely distributed) nodes in a computation graph, over a fully trusted network. While definitely important (perhaps even crucial) for the types of applications that ROS is being used for more and more these days, security measures tend to frustrate those goals. To quote a knowledgable source: "if you claim that you've found a security hole in ROS (1), you're lying: there is no security".
But do note that, as I wrote above, that situation is being rectified.
PS: from the way you phrase your question, I have the impression that you were either told by someone else that "ROS2 is really more secure than ROS1" or that you've read it somewhere. I'd be interested to know which it was, and / or where you read it. Given the state of development of ROS2, it's a claim which I'm not sure can be made at this point, and IMO we should be careful with such claims until things have reached a sufficient level of maturity.
Thank you for your response, I greatly appreciate your time here. I am part of a larger initiative that will adopt ROS 2 as the core standard for development. The question came from a vendor who wanted to know what the benefit was of moving to ROS 2 based upon a security aspect.
If you are concerned about certain aspects relating to security of either ROS1 or ROS2, or perhaps you have ideas on how they could be improved, it might be an idea to contact the OSRF about this. They're very open and always interested in collaboration in my experience.
Asked: 2016-11-04 11:09:04 -0500
Seen: 1,120 times
Last updated: Nov 05 '16
ROS Answers is licensed under Creative Commons Attribution 3.0 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
