Out-of-Band Session Key Exchange for Secure ROS 2 Message Delivery
摘要
This study integrates the second-generation Robot Operating System (ROS 2) with embedded systems and proposes a secure one-to-one communication mechanism. The design incorporates access control, identity authentication, and message encryption using an out-of-band approach. By default, all UDP packets are blocked, disabling ROS 2’s underlying communication. To initiate communication, a node must first establish a TCP socket as an out-of-band channel to perform identity authentication and negotiate a session key. Upon successful authentication, the system whitelists the IP addresses to allow UDP traffic, enabling ROS 2 message exchange. Unauthorized nodes remain blocked, effectively enforcing access control. A hierarchical certificate authority and certificate chain verification ensure authenticity, while the session key guarantees the confidentiality and integrity of the communication.