臺灣博碩士論文加值系統

隨著科技的進步，自動化機器人系統在多個領域中的應用日益廣泛，從工業自動化到智能家居，它們逐步承擔替代人類進行重複性工作以及執行高風險任務的重要角色。在這背景下，ROS 2 (Robot Operating System 2) 作為專門為機器人應用開發而設計的軟體架構，為這些機器人系統提供了堅實的資料通訊基礎。憑藉其卓越的靈活性和擴展能力，自推出以來在短時間內已被全球的企業與學術界廣泛採用。面對這樣的發展，保證機器人系統在傳輸過程中的資料安全，尤其是當這些系統被應用於日常生活和處理敏感任務時，已成為一個不容忽視的關鍵問題。
本論文旨在改善ROS 2生態系統中資料傳輸的安全問題。考慮到機器人在日常生活中的廣泛應用，資料傳輸的安全至關重要。目前ROS 2生態系統內的資料訊息以明文形式傳輸，這可能使其傳輸之機密洩漏。儘管官方提供了安全通訊機制SROS2，但在高負載環境或低資源裝置上運行時，SROS2 的效能會受到影響。因此，本論文提出了一個輕量化的改善機制，採用了RSA (Rivest Shamir Adleman)進行身份驗證，使用DNS (Domain Name System)伺服器來存儲公鑰，並利用AES-CCM (Advanced Encryption Standard - Counter with CBC MAC)對傳輸和接收的資料進行加密與解密。在ROS 2環境中實現了資料傳輸保護機制，確保通訊的機密性。

As technological advancements continue, automated robotic systems are expanding across various domains, from industrial automation to smart home applications. These systems are increasingly taking on essential roles, replacing human labor in repetitive or high-risk tasks. In this context, the Robot Operating System 2 (ROS 2) serves as a specialized software framework designed to support robotic applications, providing a robust foundation for data communication. Due to its notable flexibility and scalability, ROS 2 has quickly gained widespread adoption among global enterprises and academic institutions. Given this rapid development, ensuring the security of data transmissions within robotic systems—particularly when used for everyday tasks and sensitive operations—has become a critical concern.
This paper aims to address the security challenges associated with data transmission within the ROS 2 ecosystem. As robotics become more integrated into daily life, ensuring secure data transmission is paramount. Currently, data messages within the ROS 2 framework are transmitted in plaintext, which poses a risk of unauthorized access. Although the official security protocol SROS2 is available, its performance can be compromised under high-load conditions or on resource-constrained devices. To address these issues, this paper proposes a lightweight enhancement mechanism. It utilizes RSA (Rivest-Shamir-Adleman) for authentication, employs DNS (Domain Name System) servers for storing public keys, and applies AES-CCM (Advanced Encryption Standard - Counter with CBC MAC) for the encryption and decryption of data. This approach is implemented to safeguard data transmissions in the ROS 2 environment, ensuring the confidentiality of communications.

摘要...ii
Abstract...ii
誌謝...iii
目錄...iv
圖目錄...vi
第一章 緒論...1
1.1 研究背景與動機...1
1.2 研究簡述...2
1.3 論文架構...2
第二章 相關研究與技術...3
2.1 相關研究...3
2.2 第二代機器人作業系統 (Robot Operating System 2)...4
2.2.1 ROS 2的基本概念...4
2.2.2 ROS 2通訊機制...4
2.2.3 ROS 2的特色與前代之差異...8
2.3 Challenge-Response...9
2.4 Rivest Shamir Adleman (RSA)...10
2.4.1 RSA簽章訊息...10
2.4.2 RSA 加解密...11
2.5 Domain Name System (DNS)...13
2.6 AES-CCM...15
2.6.1 AES...15
2.6.2 AES-CTR...16
2.6.3 CBC-MAC...18
2.6.4 AES-CCM...21
2.7 Session Key...23
第三章 研究內容與方法...24
3.1 本論文之系統架構...24
3.2 身份驗證...25
3.3 Session Key...27
3.4 訊息加解密...28
第四章 實驗與評估...29
4.1 實驗與結果...29
4.1.1 身份驗證...29
4.1.2 訊息加密...32
4.2 實驗評估...33
4.2.1 攻擊者擷取...33
第五章 結論與未來展望...34
參考文獻...35
Extended Abstract...37

[1]“沛博科技Perobot - 服務自動化專家.” available from: http://www.perobot.com.tw/pepper/index
[2]Corporation R.-M. O., “端菜服務 送餐機器人 Bella | 台灣專業端菜服務 送餐機器人 Bella設備製造商,” 鴻匠科技股份有限公司. available from: https://www.hong-chiang.com.tw/zh-TW/category/K01.html
[3]M. Quigley et al., “ROS: an open-source Robot Operating System,” presented at the ICRA Workshop on Open Source Software, Jan. 2009.
[4]“ROS 2 Documentation — ROS 2 Documentation: Humble documentation.” available from: https://docs.ros.org/en/humble/index.html
[5]K. Moriarty, B. Kaliski, J. Jonsson, and A. Rusch, “PKCS #1: RSA Cryptography Specifications Version 2.2,” Internet Engineering Task Force, Request for Comments RFC 8017, Jan. 2016. doi: 10.17487/RFC8017.
[6]“Domain names - concepts and facilities,” Internet Engineering Task Force, Request for Comments RFC 1034, Jan. 1987. doi: 10.17487/RFC1034.
[7]D. McGrew and D. Bailey, “AES-CCM Cipher Suites for Transport Layer Security (TLS),” Internet Engineering Task Force, Request for Comments RFC 6655, Jul. 2012. doi: 10.17487/RFC6655.
[8]T. Tanadechopon and B. Kasemsontitum, “Proposed Technique for Data Security with the AES Algorithm in Robot Operating System (ROS),” in 2023 27th International Computer Science and Engineering Conference (ICSEC), Sep. 2023, pp. 153–156. doi: 10.1109/ICSEC59635.2023.10329645.
[9]Y. Patel, P. H. Rughani, and D. Desai, “Analyzing Security Vulnerability and Forensic Investigation of ROS2: A Case Study,” in Proceedings of the 8th International Conference on Robotics and Artificial Intelligence, in ICRAI ’22. New York, NY, USA: Association for Computing Machinery, Jan. 2023, pp. 6–12. doi: 10.1145/3573910.3573912.
[10]ros2/sros2. (Aug. 16, 2024). Python. ROS 2. available from: https://github.com/ros2/sros2
[11]M. Aartsen et al., “Analyzing Interoperability and Security Overhead of ROS2 DDS Middleware,” in 2022 30th Mediterranean Conference on Control and Automation (MED), Jun. 2022, pp. 976–981. doi: 10.1109/MED54222.2022.9837282.
[12]“Data Distribution Service (DDS) | Object Management Group.” available from: https://www.omg.org/omg-dds-portal/
[13]M. S. Ragheb, W. Elmedany, and M. S. Sharif, “The Effectiveness of DKIM and SPF in Strengthening Email Security,” in 2023 10th International Conference on Future Internet of Things and Cloud (FiCloud), Aug. 2023, pp. 422–426. doi: 10.1109/FiCloud58648.2023.00068.
[14]徐瑋婕、游允帥，“在ROS 2 中使用AES 演算法實現安全通訊”， 第二十二屆離島資訊技術與應用研討會(ITAOI 2024)， 2024年5月。
[15]“Understanding topics — ROS 2 Documentation: Humble documentation.” available from: https://docs.ros.org/en/humble/Tutorials/Beginner-CLI-Tools/Understanding-ROS2-Topics/Understanding-ROS2-Topics.html
[16]“Understanding services — ROS 2 Documentation: Humble documentation.” available from: https://docs.ros.org/en/humble/Tutorials/Beginner-CLI-Tools/Understanding-ROS2-Services/Understanding-ROS2-Services.html
[17]“Understanding actions — ROS 2 Documentation: Humble documentation.” available from: https://docs.ros.org/en/humble/Tutorials/Beginner-CLI-Tools/Understanding-ROS2-Actions/Understanding-ROS2-Actions.html
[18]Y. Maruyama, S. Kato, and T. Azumi, “Exploring the performance of ROS2,” Oct. 2016, pp. 1–10. doi: 10.1145/2968478.2968502.
[19]M. Just, “Challenge-Response Identification,” in Encyclopedia of Cryptography and Security, H. C. A. van Tilborg and S. Jajodia, Eds., Boston, MA: Springer US, 2011, pp. 198–199. doi: 10.1007/978-1-4419-5906-5_73.
[20]M. Mumtaz, J. Akram, and L. Ping, “An RSA Based Authentication System for Smart IoT Environment,” in 2019 IEEE 21st International Conference on High Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS), Aug. 2019, pp. 758–765. doi: 10.1109/HPCC/SmartCity/DSS.2019.00112.
[21]A. Shaikh, R. Tewari, and M. Agrawal, “On the effectiveness of DNS-based server selection,” in Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213), Apr. 2001, pp. 1801–1810 vol.3. doi: 10.1109/INFCOM.2001.916678.
[22]J. R. Levine, M. Delany, E. P. Allman, and J. Fenton, “DomainKeys Identified Mail (DKIM) Author Domain Signing Practices (ADSP),” Internet Engineering Task Force, Request for Comments RFC 5617, Aug. 2009. doi: 10.17487/RFC5617.
[23]S. Heron, “Advanced Encryption Standard (AES),” Network Security, vol. 2009, no. 12, pp. 8–12, Dec. 2009, doi: 10.1016/S1353-4858(10)70006-4.
[24]M. Dworkin, “Recommendation for Block Cipher Modes of Operation: Methods and Techniques,” National Institute of Standards and Technology, NIST Special Publication (SP) 800-38A, Dec. 2001. doi: 10.6028/NIST.SP.800-38A.
[25]D. Whiting, R. Housley, and N. Ferguson, “Counter with CBC-MAC (CCM),” Internet Engineering Task Force, Request for Comments RFC 3610, Sep. 2003. doi: 10.17487/RFC3610.
[26]P. R. Karn and W. A. Simpson, “Photuris: Session-Key Management Protocol,” Internet Engineering Task Force, Request for Comments RFC 2522, Mar. 1999. doi: 10.17487/RFC2522.