QoS and Security - nps-ros2/mininet_testbed GitHub Wiki

ROS2 QoS Policy

The ROS2 QoS policy consists of settings for History, Depth, Reliability, and Durability, see https://index.ros.org/doc/ros2/Concepts/About-Quality-of-Service-Settings/. Here is the QoS syntax for scenario files:

  • History controls history depth. Modes are keep_all and keep_last. For keep_last, use Depth.
  • Depth defines history depth when History mode is keep_last.
  • Reliability regulates reliability of data received. Modes are reliable and best_effort. For reliable, DDS will track transmissions and attempt to repair lost transmissions. For best_effort, DDS will not track transmissions and will not attempt to repair lost transmissions.
  • Durability provides durability by transmitting previously transmitted data to readers that join late. Modes are transient_local and volatile.

ROS2 Security Policy

ROS2 offers Security through DDS, see https://design.ros2.org/articles/ros2_dds_security.html. Specifically:

  • Authentication: identity of participant
  • Access control: restrict authenticated participant
  • Crypotography: encrypt, sign, hash

ROS2 offers several implementations of DDS, see https://index.ros.org/doc/ros2/Concepts/DDS-and-ROS-middleware-implementations. Example implementations include eProsima FastRTPS (default) and RTI Connext (needs license).

Establish your security policy by providing a keystore, keys, and certificates for your robots and topics. To assist with this, ROS2 provides an sros package which includes a security command line tool and instructions at https://github.com/ros2/sros2. Instruct ROS2 to access your security settings by defining shell variables.

Example

In this example we work through the example 1 mininet scenario but with traffic encrypted.

  • Create keystore example1_keys under path ~/gits/mininet_testbed/security:

    cd ~/gits/mininet_testbed
mkdir -p security
cd security
ros2 security create_keystore example1_keys

  • Create certificates for each robot:

    cd ~/gits/mininet_testbed/security
ros2 security create_key example1_keys /R1
ros2 security create_key example1_keys /R2
ros2 security create_key example1_keys /R3
ros2 security create_key example1_keys /R4
ros2 security create_key example1_keys /R5

  • Define environment variables for security: Put this in your .bashrc file to instruct ROS2 to use these security policies:

    # ROS2 security
export ROS_SECURITY_ROOT_DIRECTORY=~/gits/mininet_testbed/security/example1_keys
export ROS_SECURITY_ENABLE=true
export ROS_SECURITY_STRATEGY=Enforce

  • Validate packet encryption by capturing and examining packets using Wireshark.

  • For managing access control policy, please see https://github.com/ros2/sros2/blob/crystal/SROS2_Linux.md#access-control.

WiFi Security

Mininet-WiFi supports common security protocols, e.g. WEP, WPA, WPA2. These modes apply to Infrastructure mode, not Ad hoc mode, see the Mininet-WiFi manual https://usermanual.wiki/Pdf/mininetwifidraftmanual.297704656/view Section 1.7.1