TROS: Protecting Humanoids ROS from Privileged Attackers

The spread adoption of humanoid social robots in different application fields is growing the interest of hackers who could violate the privacy of people, or—even worse—threaten humans’ life from physical and emotional/social point of views. Different vectors of attack exist, which are more easily exploitable if physical access to the target robot is available. This is very likely for humanoids that typically reside in untrusted environments where physically access to the robot is allowed and expected, thus permitting anyone to exploit the Linux kernel vulnerability (e.g., through the insertion of a USB pen drive) with the objective of tampering sensitive data. The Robot Operating System (ROS) is at the core of humanoids. Thus, it is crucial for their security. The most-recent solutions introduced in ROS2, SROS, and H-ROS are not sufficient for facing powerful adversaries. In this paper, we first identify the uncovered ROS weaknesses, which are particularly worrying in the case of humanoids. Then, we present our patched ROS solution called Trusted-ROS ( TROS ) leveraging hardware-assisted trusted computing to shield data managed by ROS, which otherwise would reside in robot’s memory unencrypted. The design of TROS is reported, together with a prototype implementation using a simulated version of the NAO humanoid secured through an Intel SGX hardware. Finally, we evaluated the proposed solution from both security and performance perspectives in order to demonstrate the practicability of our approach.