Autonomous Robots and Security
Photo by Richard Clark on Unsplash
I have been having more and more exciting ideas for the Jetson Nano e.g a walking robot powered by reinforcement learning or a small drone that navigates around around the house (because why not) monitoring it or even making a fully automated farm!
But with all these ideas, one thought always sits at the back of my mind what if someone gains access to my device?.
This is a question I have been avoiding for a loooooong time but the time is now because if I cannot guarantee the security of my automated devices then I am inviting danger upon myself.
So, this is going to be a high level overview of some ways to protect your embedded and/or autonomous devices.
As time goes on, I will dive deeper into some topics listed here or new things I discover, let us begin:
Pick a suitable networking / communication protocol⌗
I know your robot is meant to be autonomous but you still need ways to communicate with it in cases of an emergency and also to make sure the robot is doing what it’s meant to be doing at a certain time.
There are many available networking protocols for edge devices, let’s take a look at some:
MQTT (Message Queuing Telemetry Transport) Protocol:⌗
MQTT is the oldest machine-to-machine (M2M) protocol, being introduced in 1999. It uses a queuing architecture, each MQTT client subscribes to a Broker. This protocol is good for reliable message delivery, especially in large networks of small devices.
In terms of security you are limited to TLS/SSL (Transport Layer Security / Secure Sockets Layer) which is time tested but I like to have options when defining a critical part of my autonomous device’s infrastructure.
Although due to it’s how light weight the protocol is, I would consider it for very basic devices e.g. temperature sensors, humidity sensors etc.
HTTP (Hyper Text Transfer Protocol):⌗
You have most likely heard about this protocol even though you may not know the ins and outs of it. This is the protocol our web communications are based on.
Unlike the others presented here, this is a text based protocol rather than a binary one.
Concerning security, alot has written about HTTP security and I mean alot. I cannot conceivably go over those talking points again.
What I can do is tell you what kinds of applications I would consider HTTP for and the only one that comes to mind is communication between local user-facing devices.
Note: When I say user-facing devices, I mean “Non-IOT” devices like laptops, desktops, servers etc.).
I would NOT use this for things like M2M communications as the protocol requirements may overwhelm the limited resources of most embedded devices.
CoAP (Constrained Application) Protocol:⌗
CoAP is another lightweight M2M protocol. It supports both request/response and publisher/ subscriber communication methods. It is more feature rich than MQTT, for example it supports content negotiation.
CoAP has 2 options for security DTLS (Datagram TLS) and IPSec (Internet Protocol Security):
- DTLS is similar in concept to TLS but for UDP communications (whereas TLS is for TCP).
- IPSec encrypts and authenticates packets of data and provides secure communication over an IP network. It is used with VPNs.
I would consider using CoAP my embedded network devices (like an arduino powered device).
One good thing is the performance requirements to use this protocol (e.g packet header information) are quite low.
AMQP (Advanced Message Queuing Protocol):⌗
AMQP is yet another M2M protocol and like CoAP, it supports both request/response and publish/subscribe communication methods. It offers alot of features like flexible routing, transctions etc. Reliability is at the core of this protocol.
This protocol has 3 options for security TLS/SSL, IPSec and SASL (Simple Authentication and Security Layer):
- TLS/SSL we already know about
- IPSec we just discussed
- SASL this is another IP layer security mechanism, it helps with things like authentication. It is geared towards continous connection protocols (where streams of information are exchanged)
I would definitely use AMQP for network communications involving sophisticated (to my standards anyway) robots e.g for controlling a robots arm remotely.
Monitor your network for discrepencies⌗
Devices on networks usually have a predictable pattern of operations. It is always a good idea to be on the look-out for discrepancies.
Think of this like looking for holes in your fence or looking for wary transactions on your credit card bill.
Some things to track⌗
- Machine availability
- Available Routes
- Packet Delay
- Bandwidth Measurements (e.g. Capacity, Throughput etc.)
And finally…
Action logging for your device / robot⌗
Your device must have an accessible mechanism for logging all actions your networked devices make.
This is invaluable in times of trouble and they may even help you prevent unwanted actions from taking place.
Some things to think about are:⌗
-
Proper Log Formatting: this is the foundation of good logs, proper log formatting will help in arranging, storing and retrieving your logs. Without this your logs will just be taking up space.
-
Infrastructure: how are you collecting and storing your logs? is it in a scalable manner? How is your log data arranged/archived? Are the logs themselves backed up? These are just a few things to think of while creating a pipeline for your logs.
-
Viewing Tools: Your logs are only good if you can make sense of them. There are many tools that can help in reading and assessing the contents of your logs. Some tools can even help you trace errors from their source.
-
Nice-to-Have Functionalities:
- Being able to playback your logs and seeing what happens live (ROS can do this!).
- Email (or Instant Messaging ) alerts that can give you realtime information about your network
- etc.
These are just some examples of things that will take the security of your network to the next level.
Thanks for reading!
Sources⌗
- N. Naik, “Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP,” 2017 IEEE International Systems Engineering Symposium (ISSE), Vienna, 2017, pp. 1-7, doi: 10.1109/SysEng.2017.8088251. Link
- Alisha Cecil, “A Summary of Network Traffic Monitoring and Analysis Techniques”. Link