[cybersecurity] Improving the networking section.

Murilo Marinho · Murilo Marinho · commit 65b581ef2eeb · 2025-12-05T11:00:45.000Z
diff --git a/docs/source/cybersecurity/cryptography.rst b/docs/source/cybersecurity/cryptography.rst
@@ -7,6 +7,29 @@ Public-key cryptosystems
 
     This is obviously a simplified discussion of the topic.
 
+ROS2 Security
++++++++++++++
+
+.. seealso::
+
+    Official information: https://docs.ros.org/en/jazzy/Concepts/Intermediate/About-Security.html
+
+There are facilities in :program:`ROS2` to enable secure communication. The communication uses cryptography which
+will be shown in the following section. It is important to know that such capability exists. It will have a number
+of steps needed to create the necessary certificates to guarantee security among nodes.
+
+After that is set up, nodes and program:`ros2cli` tools can be called with additional security.
+
+.. seealso::
+
+    Official information https://docs.ros.org/en/jazzy/Tutorials/Advanced/Security/Introducing-ros2-security.html
+
+Altering these settings can have unwanted side effects to other parts of the tutorial so we will leave this topic
+only briefly mentioned. In addition, understanding these topics requires first understanding public-key cryptography, shown below.
+
+Scope of this section
++++++++++++++++++++++
+
 Most of the important infrastructure for software for robotics relies heavily the concept of public-key cryptosystems.
 Many attribute this concept to as early as `1977 <https://patents.google.com/patent/US4405829>`_, in one type of encryption
 algorithm (`RSA <https://en.wikipedia.org/wiki/RSA_cryptosystem>`_) that is still in use.
diff --git a/docs/source/cybersecurity/network.rst b/docs/source/cybersecurity/network.rst
@@ -1,17 +1,57 @@
-Network topologies
-==================
+Network
+=======
 
 .. include:: ../the_topic_is_under_heavy_construction.rst
 
 There is plenty of software that can be used to protect your network. One of these is :program:`ufw`, the `uncomplicated
 firewall <https://en.wikipedia.org/wiki/Uncomplicated_Firewall>`_. These are good to some extent and I suppose will
-always be part of the security suite of companies and institutions.
+always be part of the security suite of companies and institutions. However, firewalls have a specific role and must
+be assisted by other forms of network safety.
 
-Also, as part of :program:`ROS2` there is the concept of `ROS_DOMAIN_ID <https://docs.ros.org/en/foxy/Concepts/About-Domain-ID.html>`_.
+A brief word on ROS2 networking
++++++++++++++++++++++++++++++++
+
+.. seealso::
+
+    Official information https://docs.ros.org/en/jazzy/Concepts/Intermediate/About-Domain-ID.html
+
+:program:`ROS2` has the so-called ``ROS_DOMAIN_ID``.
 Although this concept exists, it should not be confused with a security measure. Each participant in the network can
 easily switch to another ``ROS_DOMAIN_ID`` without authentication or central management. It can be seen as merely a
 local filter.
 
+To find :program:`ROS2` nodes, :program:`ROS2` makes use of `multicast <https://en.wikipedia.org/wiki/Multicast>`_. The `port <https://en.wikipedia.org/wiki/Port_(computer_networking)>`_ used
+will depend on the ``ROS_DOMAIN_ID``. More tinkering is needed if you want to specify which network interface will be
+used by :program:`ROS2`. This could also depend on the `underlying DDS implementation <https://robotics.stackexchange.com/questions/98466/how-to-specify-the-network-interface-ros2-uses-for-communication>`_.
+
+In :program:`ROS2`, nodes communicate peer-to-peer, in the sense that there's no central node as it used to exist in :program:`ROS1`.
+Each node will be assigned two ports to communicate. The specific port number will depend on the ``ROS_DOMAIN_ID``. This
+is how the domains can be filtered. However, this is not a strict isolation.
+
+.. seealso::
+
+    Official information https://docs.ros.org/en/jazzy/Concepts/Intermediate/About-Quality-of-Service-Settings.html
+
+Another benefit of :program:`ROS2` is being able to choose connection types. For instance, :program:`ROS1` supported
+only `TCP <https://en.wikipedia.org/wiki/Transmission_Control_Protocol>`_ which can be slow. In contrast, :program:`ROS2`
+accepts different levels of expectations in transmission protocols, and can suppose `UDP <https://en.wikipedia.org/wiki/User_Datagram_Protocol>`_
+which is usually more suitable for streaming information, such as camera images and sensor data.
+
+Given that :program:`ROS2` will also work through properly configured unreliable networks (e.g. Wi-Fi at some distance),
+you might be confronted with cases in which your nodes seemingly stop working. In this case, you have to choose the
+correct Quality of Service (QoS) settings to make sure your nodes can communicate reliably.
+
+Network Topologies
+++++++++++++++++++
+
+.. important::
+
+    None of these measures provide full protection on their own. An attacker with an ethernet cable and access to a local
+    port can easily access the entire robot infrastructure of unsuspecting laboratories. It is important to make sure
+    that all robot software, whenever possible, is fully security patched. In addition, it's important to make sure
+    that all user account passwords with a decent level of security. Leaving the robot with the factory password means
+    an attacker can easily login locally or remotely.
+
 An aspect that is often ignored in robotics labs are the physical network topologies, which are important for safety.
 This safety is not only for cybersecurity reasons. Yes, your robot's computer can be attacked if it's exposed. However,
 in development environments, you might inadvertently move someone else's robot. In these scenarios it will be much
@@ -22,7 +62,7 @@ This section will be based on my experience with multiple robotic systems. Two r
 and :footcite:p:`Marinho2024`.
 
 Case 1 - No isolation
-+++++++++++++++++++++
+---------------------
 
 A common network architecture in small companies and laboratories is shown below.
 
@@ -63,7 +103,7 @@ computer, that can easily be the first door into any other resource in the netwo
 somehow to a robot it does not make it less of a computer. It just, usually, makes it easier to exploit the computer.
 
 Case 2 - Subnet isolation
-+++++++++++++++++++++++++
+-------------------------
 
 A somewhat better network architecture is shown below, because there is one extra layer of isolation. The main difference
 here is that different parts of the company have their own subnets.
@@ -103,7 +143,7 @@ Although ``ROS_DOMAIN_ID`` can help to filter out unwanted messages, it is too e
 it is expected that people with a minimal understanding of networking would isolate their setup further.
 
 Case 3 - Platform isolation
-+++++++++++++++++++++++++++
+---------------------------
 
 A possibly sufficient setup for most robotic demonstrators that need isolation is shown below.
 
@@ -134,6 +174,12 @@ In this setup, you can imagine each robotic demonstrator having their own, isola
 achieved physically using a `switching hub <https://en.wikipedia.org/wiki/Network_switch>`_. This type of physical isolation
 of interfaces tends to be beneficial in development environments where software infrastructure is often changing.
 
+This is also beneficial in terms of bandwidth. In large robotics laboratories when using a shared network the bandwidth
+will also be shared. This might be less of a problem when usage is not concentrated. However, it is common for these
+laboratories to have open days or engagement sessions with stakeholders. In these sessions, a large number of robots
+and sensors might need to share the same network. When the day arrives, it's already late to fix the network topology.
+Thence, it is recommended to reflect on situations such as these when assessing demonstrator needs.
+
 .. admonition:: References
 
     .. footbibliography::
