Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting our team. We will be in touch shortly.Close

  1. Blog
  2. Article

Florencia Cabral Berenfus
on 25 May 2022

ROS 2 Humble security, a tour of the new and improved features

We’re excited about the recent release of ROS 2 Humble Hawksbill, a Long Term Support (LTS) distro, supported for the next five years. ROS 2 releases come out on every even-numbered year together with the LTS release of Ubuntu, this time with Ubuntu 22.04 (Jammy Jellyfish). 

Earlier this week, we shared a step-by-step guide to install ROS 2 Humble in Ubuntu 20.04 or 18.04 using LXD containers, that will allow you to easily install it on your current Ubuntu station. So, take a few minutes to check that out as well!

Let’s dive into the new developments available to you when you start using Humble. And if this is the first time you hear about ROS, here is a good place to start.

What is new in ROS 2 Humble?

ROS 2 Humble Hawksbill. Image source

Humble comes with a host of new code and tutorials. For instance, ‘launch’ incorporated the pytest plugin ‘launch_pytest’. And when using ‘launch_ros’ you can now provide ROS-specific node arguments directly, without a leading ‘–ros-args’ flag. ROS 2 Humble also offers new frontend support for composable nodes. Just as exciting are content-filtered topics that allow a more sophisticated subscription to topics. Finally, the ros2cli saw an expansion, with a new  ‘–launch-prefix’ argument. This feature allows passing a prefix to all executables in a launch file, useful in many debugging situations. These are just a few examples of the amazing work the ROS community has done to reach this milestone.

But particularly interesting to us are security enhancing developments, as they continuously  increase trust in ROS 2, with each release the most secure one yet. This time, we are seeing yet new enhancements to the security features of ROS with the addition of Certificate Revocation Lists (CRL) to the SROS2 toolbox. Let’s take a closer look at ROS 2 Humble security features.

What are CRLs, and what can they do for your robot?

For those of you who are new to security in ROS 2, a reminder that ROS 2 includes tools that help create and load the needed artefacts to enable DDS-security. The SROS2 package in particular provides the tools and instructions to enable these features. This is a great place to start using these tools on your robot.

Specifically, SROS2 introduced the concept of a security “enclave”, defined as a process or group of processes that will share the same identity and access control rules. As in public key infrastructure, the Certificate Authority (CA) acts as a trust anchor, validating the identities and permissions of participants. Again, there is great documentation available to satisfy your technical curiosity of all the elements in ROS 2 security, such as these tutorials.

But let us come back to CRL. In short, a Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing CA before their expiration date. A CRL works essentially as a blocklist of certificates that are no longer trusted. 

As of Humble, it is possible to include a CRL with an SROS2 security enclave. 

Certificate revocation is an essential component of the certificate process to establish and maintain trust. For example, a certificate can be revoked if its integrity is at risk. This could result from a key being compromised or lost due to modification of privileges, misuse, or termination.

Try ROS 2 Humble security today 

Try this new feature for yourself now! This tutorial follows the usual talker/listener example and will show you exactly how to set up a Certificate Revocation List on your robot today.

As always, we would love to hear about your ROS project! Reach out to us.

Related posts

Gabriel Aguiar Noury
5 June 2024

A look into Ubuntu Core 24: Robotics telemetry for your fleet

Internet of Things Article

Welcome to this blog series which explores innovative uses of Ubuntu Core. Throughout this series, Canonical’s Engineers will show what you can build with this Core 24 release, highlighting the features and tools available to you.  In this fourth blog, Mirko Ferrati, engineering manager from our Robotics team, will show you how to deploy ...

Andreea Munteanu
10 May 2024

An overview of machine learning security risks

AI Article

Data is at the heart of all machine learning (ML) initiatives – and bad actors know it. As AI continues to occupy the limelight of modern tech discourse, ML systems are becoming increasingly attractive targets for attack. With the Identity Theft Resource Center reporting a 72% spike in data breaches in 2023, it’s critical to ...

Alex Murray
24 April 2024

What’s new in security for Ubuntu 24.04 LTS?

Confidential computing Security

We’re excited about the upcoming Ubuntu 24.04 LTS release, Noble Numbat. Like all Ubuntu releases, Ubuntu 24.04 LTS comes with 5 years of free security maintenance for the main repository. Support can be expanded for an extra 5 years, and to include the universe repository, via Ubuntu Pro.  Organisations looking to keep their systems secu ...