Hey everyone! ![]()
I’ve been working on something I’m pretty excited about and wanted to share it with the community.
RoboShield is a real-time RTPS security watchdog I wrote in Rust. It basically sits on the wire (like on a NanoPi R2S with dual ethernet) and sniffs DDS/RTPS packets to catch stuff like rogue nodes joining your network, someone flooding /cmd_vel, or unauthorized publishers trying to hijack topics.
GitHub: GitHub - Amin-Ahmed-G/robotshield · GitHub
What it does
- Parses raw RTPS submessages (DATA, HEARTBEAT, ACKNACK, etc.) from UDP captures using
libpcap - Checks every packet’s GUID prefix against a TOML-based whitelist
- Tracks per-topic message rates with a sliding window to catch flood attacks
- Logs alerts as structured JSON (for SIEM tools or just grepping through logs)
Why not just use SROS2?
SROS2 is great, but setting up PKI certificates for every node on a fleet of robots is painful, and the crypto overhead can mess with tight real-time loops. RoboShield works out-of-band — plug it between your robot and the network, zero changes to your existing nodes.
Performance
I ran some benchmarks and got ~1.36 μs average processing time per packet (parse + policy check on an x86 dev machine) in release mode, which is way under what you’d need for even 1kHz control loops. NanoPi R2S hardware benchmarks are planned next.
I’m a 4th year Robotics & Automation student and this started as a security research project targeting ICRA/IEEE RAS. Would love to hear any feedback, especially from folks who’ve dealt with DDS security in production!
Feel free to connect with me on LinkedIn as well!
Cheers,
Amin ![]()