This study integrates the second-generation Robot Operating System (ROS 2) with embedded systems and proposes a secure one-to-one communication mechanism. The design incorporates access control, identity authentication, and message encryption using an out-of-band approach. By default, all UDP packets are blocked, disabling ROS 2’s underlying communication. To initiate communication, a node must first establish a TCP socket as an out-of-band channel to perform identity authentication and negotiate a session key. Upon successful authentication, the system whitelists the IP addresses to allow UDP traffic, enabling ROS 2 message exchange. Unauthorized nodes remain blocked, effectively enforcing access control. A hierarchical certificate authority and certificate chain verification ensure authenticity, while the session key guarantees the confidentiality and integrity of the communication.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Out-of-Band Session Key Exchange for Secure ROS 2 Message Delivery

  • Yun-Shuai Yu,
  • Zong-Jhen Chang,
  • Yeong-Sheng Chen

摘要

This study integrates the second-generation Robot Operating System (ROS 2) with embedded systems and proposes a secure one-to-one communication mechanism. The design incorporates access control, identity authentication, and message encryption using an out-of-band approach. By default, all UDP packets are blocked, disabling ROS 2’s underlying communication. To initiate communication, a node must first establish a TCP socket as an out-of-band channel to perform identity authentication and negotiate a session key. Upon successful authentication, the system whitelists the IP addresses to allow UDP traffic, enabling ROS 2 message exchange. Unauthorized nodes remain blocked, effectively enforcing access control. A hierarchical certificate authority and certificate chain verification ensure authenticity, while the session key guarantees the confidentiality and integrity of the communication.