[ros-users] ROS & DDS

Ingo Lütkebohle iluetkeb at gmail.com
Mon Feb 24 08:29:58 UTC 2014

The DDS Security Proposal put forward by RTI (judging from the presentation
Geoff linked) looks okay, at first blush, though obviously a lot depends on
the details. I recommend everybody interested in this topic to look at the
beginning of the presentation, because it introduces the various aspects of
security quite nicely (in particular, encryption!=security!)

One thing I'm uncertain about, from the presentation, is whether inside
attacks are prevented. It looks as if not (see slide 16), because of
performance concerns. That seems a reasonable trade-off to make for the
kind of systems we're looking at here, but it should be kept in mind. It
would be nice if this were something that would be configurable on a
per-topic basis -- I can't tell if that's the case.

Is there information on which other vendors, if any, implement this

Am 22.02.2014 09:16 schrieb "Geoffrey Biggs" <geoffrey.biggs at aist.go.jp>:

> On 21/02/14 08:45, Brian Gerkey wrote:
> > On Thu, Feb 20, 2014 at 3:26 PM, Aravind Sundaresan
> > <asundaresan at gmail.com> wrote:
> >> We are using ROS in a DARPA program where we need the communication
> between
> >> the master and nodes as well as the messaging to be secure. Is there
> anybody
> >> else who finds this important? Does DDS provide secure communications?
> >
> > You're not alone in wanting secure communications for robotics.  We
> > would be remiss in a major rewrite to completely ignore security
> > (which is not to say that we must implement security mechanisms, but
> > we'd better at least end up with a solid story about our approach to
> > security, with clear guidance to users).
> >
> > As I understand it, there's a proposed extension to the DDS spec,
> > currently under review, to add security.  Here's a relevant
> > presentation:
> >
> > http://www.slideshare.net/GerardoPardo/dds-security-standard
> >
> > But given that DDS is apparently used in so many mission-critical
> > applications, surely there's some encryption happening, perhaps in
> > non-standard vendor-specific ways that vary by implementation?  Or
> > perhaps they're using DDS like we use ROS, where you're expected
> > secure your network.
> The answer to this is more along the lines of the original target
> audience of DDS operating private/closed networks. When all your
> communication happens within a single Navy frigate on dedicated
> communication wires, security is less problematic. DDS growing beyond
> its original audience has caused many vendors to start thinking about
> how to do security. A VPN is one option, but obviously many users want
> something a bit lighter weight.
> Geoff
> _______________________________________________
> ros-users mailing list
> ros-users at lists.ros.org
> http://lists.ros.org/mailman/listinfo/ros-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ros.org/pipermail/ros-users/attachments/20140224/234d3c2e/attachment.html>

More information about the ros-users mailing list