| ROS Resources: Documentation | Support | Discussion Forum | Index | Service Status | ros @ Robotics Stack Exchange |
ROS2 with dds-security will enhance the security, but It will reduce the performance. I think not every entity(in ROS1 names node) need security , also means Overprotected. so how we trade-off the security and performance.
Ahoy there! A bit late of a reply, but for future readers:
With respect to engineering trade offs and performance benchmark analysis of ROS2 networks using Secure DDS, there are as of writing a number of previous works on this subject. Some recent publications include:
Security and Performance Considerations in ROS 2: A Balancing Act
Jongkil Kim, Jonathon M. Smereka, Calvin Cheung, Surya Nepal, Marthie Grobler
Robot Operating System 2: The need for a holistic security approach to robotic architectures
DiLuoffo V, Michalson WR, Sunar B.
Performance Study of the Robot Operating System 2 with QoS and Cyber Security Settings
Fernandez, J. and Allen, B. and Thulasiraman, P. and Bingham, B.
As an oversimplification summary: enabling of Secure DDS does incur some overhead costs, the impact of which may be application specific but also dependent upon the configuration of Secure DDS itself. Such impacts can be mitigated by tuning this configuration, but again, not without trade-offs, nor a free lunch.
For example, one could disable encryption for certain topics while retaining message authentication and integrity features. While this would no longer prevent an external observer from reading the contents of the clear text messages, it would still allow topic write access to remain access controlled. This could be beneficial for high bandwidth topics comprised of already publicly discernible data, such as global weather reports or current time, enabling better relocation of computational resources to encrypt more sensitive topics, such as robot sensor data or current global coordinates.
Just be wary of what topics you configure accordingly, as even innocuous seeming topic data can potentially leak sensitive information. For example, by filtering or integrating high frequency odometric ticks and inertial messages, an attacker could infer robot trajectories, and by transitivity any facility floor plans. As with most matters in cyber security, it all remains a matter of managing risk.
Asked: 2021-12-23 07:14:22 -0500
Seen: 64 times
Last updated: Sep 21 '22
ROS Answers is licensed under Creative Commons Attribution 3.0 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.