QoS and Security - nps-ros2/mininet_testbed GitHub Wiki
ROS2 QoS Policy
The ROS2 QoS policy consists of settings for History, Depth, Reliability, and Durability, see https://index.ros.org/doc/ros2/Concepts/About-Quality-of-Service-Settings/. Here is the QoS syntax for scenario files:
History
controls history depth. Modes arekeep_all
andkeep_last
. Forkeep_last
, useDepth
.Depth
defines history depth whenHistory
mode iskeep_last
.Reliability
regulates reliability of data received. Modes arereliable
andbest_effort
. Forreliable
, DDS will track transmissions and attempt to repair lost transmissions. Forbest_effort
, DDS will not track transmissions and will not attempt to repair lost transmissions.Durability
provides durability by transmitting previously transmitted data to readers that join late. Modes aretransient_local
andvolatile
.
ROS2 Security Policy
ROS2 offers Security through DDS, see https://design.ros2.org/articles/ros2_dds_security.html. Specifically:
- Authentication: identity of participant
- Access control: restrict authenticated participant
- Crypotography: encrypt, sign, hash
ROS2 offers several implementations of DDS, see https://index.ros.org/doc/ros2/Concepts/DDS-and-ROS-middleware-implementations. Example implementations include eProsima FastRTPS (default) and RTI Connext (needs license).
Establish your security policy by providing a keystore, keys, and certificates for your robots and topics. To assist with this, ROS2 provides an sros package which includes a security
command line tool and instructions at https://github.com/ros2/sros2. Instruct ROS2 to access your security settings by defining shell variables.
Example
In this example we work through the example 1 mininet scenario but with traffic encrypted.
-
Create keystore
example1_keys
under path~/gits/mininet_testbed/security
:cd ~/gits/mininet_testbed mkdir -p security cd security ros2 security create_keystore example1_keys
-
Create certificates for each robot:
cd ~/gits/mininet_testbed/security ros2 security create_key example1_keys /R1 ros2 security create_key example1_keys /R2 ros2 security create_key example1_keys /R3 ros2 security create_key example1_keys /R4 ros2 security create_key example1_keys /R5
-
Define environment variables for security: Put this in your
.bashrc
file to instruct ROS2 to use these security policies:# ROS2 security export ROS_SECURITY_ROOT_DIRECTORY=~/gits/mininet_testbed/security/example1_keys export ROS_SECURITY_ENABLE=true export ROS_SECURITY_STRATEGY=Enforce
-
Validate packet encryption by capturing and examining packets using Wireshark.
-
For managing access control policy, please see https://github.com/ros2/sros2/blob/crystal/SROS2_Linux.md#access-control.
WiFi Security
Mininet-WiFi supports common security protocols, e.g. WEP, WPA, WPA2. These modes apply to Infrastructure mode, not Ad hoc mode, see the Mininet-WiFi manual https://usermanual.wiki/Pdf/mininetwifidraftmanual.297704656/view Section 1.7.1