T.
Janarthanan
, and S. Zargari,
“Forensic Investigation in Robots”,
Latin-American Journal of Computing (LAJC), vol. 11, no. 2, 2024.
is the publish-subscribe communication model, which main
purpose is to effectively simplify complex components and
establish precise interfaces for their connections. This model
uses a topic-based approach, creating virtual channels (or
topics) for individual instances. Thus, subscribers can use
such topics to access the transmitted information. For
example, in the ROS environment, a sensor node capturing
images from a camera would publish this visual data on a
specific topic, allowing any node requiring this information to
subscribe to the relevant topic. Within the publish-subscribe
framework, the specific identities of the publisher and the
subscriber are relatively unimportant, facilitating seamless
swapping within a ROS network. This feature also streamlines
the addition of existing nodes or their adaptation for new
applications.
B. ROS Communication
In a ROS environment, the entire communication process
adheres to the publish-subscribe paradigm for each action-
related topic [5] [7]. The master keeps a comprehensive
catalogue of all available services. ROS also supports client-
server communication through services, enabling a service
client to request connection details for a specific service [5]
[6]. Since ROS communication can flexibly use both TCP
(ROSTCP) and UDP (ROSUDP) protocols, a service,
identified by a unique name, can be accessed interactively and
synchronously by a client, serving various purposes, such as
obtaining one-time information. During its initialization, a
publisher node contacts the master to declare the topics it
plans to publish [4]. Then, a subscriber communicates its topic
requirements to the master. When the master finds a
compatible match between a publisher and a subscriber, it
informs the subscriber about potential publishers for the
designated topic. Subsequent communication between these
nodes occurs directly, bypassing the ROS master.
For complex tasks, such as directing a mobile robot, ROS
uses a communication pattern utilizing five topics. In this case,
the process begins with the client sending a goal to the server,
which in turn provides continuous updates and feedback
through dedicated topics, including the robot's location. The
outcome of the task is communicated via a result topic, while
a cancel topic allows for the termination of the task.
C. Security Challenges in Robots
Industry experts have already noted that although
manufacturers initially prioritized the physical safety of
human operators, and their interaction with robotic systems,
robot cybersecurity is currently critical due to their exposure
to a broader range of vulnerabilities [8]. Likewise, according
to ABI Research [9], the number of connected industrial
robots will reach 4.3 million units by 2025, highlighting their
expanding attack surface, making them increasingly prone to
cyberattacks, physical tampering, and ethical issues. While
becoming more interconnected, autonomous, and capable of
managing critical tasks, it is clearer that robot widespread
adoption has significantly increased the complexity of
managing cybersecurity-related challenges, affecting both
industries and individuals. Particularly, individuals without
formal training may unintentionally introduce security risks
[3] [8] while developing robot platforms, applications,
hardware, and sensors. In fact, the landscape of robot
cybersecurity is defined by many attack surfaces, including
the physical robot, operating system, software or firmware,
remote control technologies, vendor Internet services, cloud
services, and networks [10].
Conversely, hackers may target robots for various
impactful reasons, such as manipulating them to introduce
defects in manufactured parts or assemblies; thereby
sabotaging production processes. They may also use
ransomware tactics to coerce manufacturers into paying
substantial ransoms to prevent the exposure of compromised
production lots. In some cases, hackers cause physical damage
to the robots or robotic cells themselves, posing a direct threat
to human workers. The stakes are further heightened by the
theft of critical information, intellectual property, and data
manipulation, leading to erroneous decision-making [3].
Moreover, robots are significantly vulnerable to cybersecurity
concerns due to limitations such as the absence of proper
authorization or authentication, encryption deficiencies, and
insufficient physical protection measures [11].
In contrast, ROS, serving as the foundational
infrastructure for numerous robots, could become a target in
operating system attacks aimed at exploiting vulnerabilities.
An in-depth analysis involving 176 threats from the robot
vulnerability database revealed that 92.6 per cent are
predominantly linked to software-related issues. This
highlights the elevated threat level posed by software in
robotics systems compared to hardware components [12].
Besides, in [13], researchers illustrate how genuine attacker
profiles targeting ROS-based robots can be discerned,
providing valuable insights for experts in selecting appropriate
ROS security solutions for mitigating man-in-the-middle
(MITM) attacks. Furthermore, vulnerabilities extend to multi-
robot active surveillance systems, where intruders can
manipulate or disable any ROS node within the network using
shutdown commands. Another study highlights the potential
for attackers to misguide robots by tampering with velocity
commands
[14]. ROS environments also face significant risks
due to unsecured communication ports. In [15], ROS-based
attacks involving plain-text communication over unsecured
ports are illustrated, potentially leading to unauthorized
access. Also, while [16] showcased the exploitation of APIs
by attackers to undermine ROS applications, [17] emphasized
the interception, manipulation and disruption of
communication between two ROS nodes which may cause not
only poor performance and disruption in operations, but also
a potential disclosure of sensitive information.
Therefore, a
s robots become more appealing targets for
hackers, the need to understand the ROS file structure and the
locations of data artefacts is essential for conducting forensic
investigations in this domain in order to reduce the impact of
security breaches and prevent future incidents.
D. ROS Forensic Investigation
ROS Forensics is an emerging field that rapidly explores
digital traces to extract valuable insights about security
vulnerabilities present in robots. These insights serve various
purposes, including investigating cybercrimes, uncovering
malicious activities, and providing evidence for legal
proceedings. Despite the increasing importance of ROS
Forensics in the context of robotics and the Internet of Things,
research in this area remains relatively undeveloped due to the
lack of understanding of the ROS file structure for identifying
artefacts within these systems for effective incident response
and thorough forensics examinations. Compared to studies on