demircagri51-source/ros2-security

# 🛡️ A9 项目：ROS2 Humble 安全风险分析与 SROS2 缓解策略 本仓库包含对运行在 ROS2 Humble 上的机械臂 (UR5e) 的完整安全分析、渗透测试（漏洞利用）、加密缓解策略以及性能评估。 **作者：** Çağrı **指导教师：** Dr. Yunus Emre ÇOĞURCU **环境：** Ubuntu 22.04, ROS2 Humble, Gazebo Classic, MoveIt2 ## 🎯 项目目标 1. **漏洞发现：** 证明默认的 ROS2 DDS 流量是以明文形式传输的。 2. **漏洞利用：** 执行“Rogue Node”攻击，实现命令注入并导致状态不一致。 3. **缓解策略：** 使用“零信任”强制策略实施 SROS2 (DDS-Security)。 4. **性能评估：** 测量由 AES-256-GCM 加密引入的加密开销（CPU、RAM、延迟）。 ## 📂 仓库结构 * `/scripts`：包含系统启动脚本、恶意漏洞利用 bash 脚本以及基于 Python 的性能测量工具。 * `/src`：用于 UR5e 仿真和控制器的 workspace 源代码。 * `/rosbags`：来自各种仿真运行的已保存轨迹和关节状态数据。 ## 🛠️ 前置条件与安装说明 请确保您已安装 ROS2 Humble 及必要的安全包： ``` sudo apt update sudo apt install ros-humble-sros2 python3-psutil wireshark -y 🔓 Phase 1: Baseline Setup (Vulnerable State) To run the simulation in its default, unencrypted state: Open a terminal and source your workspace. Launch the robot simulation: cd ~/a9_ws ./scripts/starter_kit_baslat.sh Note: At this stage, capturing the loopback (lo) interface traffic via Wireshark will reveal critical joint telemetry (e.g., shoulder_pan_joint) in pure plaintext. ⚔️ Phase 2: Attack Reproduction (Exploitation) With the baseline system running, we simulate an "Insider Threat" injecting malicious trajectories directly into the low-level controllers, bypassing the MoveIt2 planner. Open a new terminal. Execute the rogue node script: Bash cd ~/a9_ws ./scripts/rogue_node_attack.sh Impact: The physical robot in Gazebo will flail erratically, while the RViz operator interface will falsely display the robot in a secure home state. This demonstrates critical State Inconsistency and Loss of Control. 🔐 Phase 3: SROS2-Enabled Defense (Mitigation) To neutralize the Rogue Node, we establish a Root Certificate Authority (CA) and distribute Enclaves to enforce a "Zero Trust" architecture. 1. Generate Keystore and Enclave: Bash cd ~/a9_ws ros2 security create_keystore a9_keystore ros2 security create_enclave a9_keystore /a9_master_enclave 2. Launch with Security Enforced: Close all previous terminals. Open a new terminal and apply the strict security environment variables before launching: Bash export ROS_SECURITY_ENABLE=true export ROS_SECURITY_STRATEGY=Enforce export ROS_SECURITY_KEYSTORE=~/a9_ws/a9_keystore export ROS_SECURITY_ENCLAVE_OVERRIDE=/a9_master_enclave ./scripts/starter_kit_baslat.sh Verification: Running the rogue_node_attack.sh in an unauthorized terminal will now fail completely. The DDS-Security Access Control plugin drops all unauthenticated packets at the network layer. Wireshark analysis will confirm all traffic is now AES-256-GCM encrypted (SEC_BODY). 📊 Phase 4: Performance Evaluation To measure the cryptographic overhead introduced by SROS2, we run custom python monitors. Ensure the system is running in the SROS2 Enforced Mode (Phase 3), then open a new authorized terminal (apply the same export variables as above) and run the monitors: Measure Latency & Handshake Overhead: Bash cd ~/a9_ws python3 scripts/latency_sros.py --ros-args -p use_sim_time:=true Measure CPU & RAM Overhead: Bash cd ~/a9_ws python3 scripts/cpu_monitor.py 📈 Results Summary Metric Baseline (Unencrypted) SROS2 (Enforced) Overhead / Impact Communication Latency 5.00 ms 6.00 ms + 1.00 ms Average CPU Load 61.31 % 62.60 % + 1.29 % Average RAM Load 25.72 % 26.02 % + 0.30 % Connection Startup Instant (0s) ~ 1-2 Seconds Cryptographic Handshake Conclusion: The AES-256-GCM encryption provides absolute network confidentiality and access control with a negligible CPU overhead (+1.29%) and latency increase (+1.00 ms), proving highly viable for resource-constrained industrial robotics. ```

标签：AES-256-GCM, DDS安全, Gazebo, JSONLines, MoveIt2, OPA, PKINIT, ROS2, ROS2 Humble, SROS2, UR5e, Wireshark, 中间人攻击, 加密性能评估, 句柄查看, 命令注入, 安全防护, 密码管理, 工控安全, 应用安全, 性能测试, 恶意节点, 智能机器人, 机器人安全, 机器人操作系统, 漏洞分析, 状态不一致, 结构化查询, 网络安全, 网络安全实验, 自动化安全, 路径探测, 逆向工具, 防御绕过, 隐私保护, 零信任, 靶场