{"id":"https://openalex.org/W4415935670","doi":"https://doi.org/10.1109/milcom64451.2025.11309897","title":"Supply Chain Exploitation of Secure ROS 2 Systems: A Proof-of-Concept on Autonomous Platform Compromise via Keystore Exfiltration","display_name":"Supply Chain Exploitation of Secure ROS 2 Systems: A Proof-of-Concept on Autonomous Platform Compromise via Keystore Exfiltration","publication_year":2025,"publication_date":"2025-10-06","ids":{"openalex":"https://openalex.org/W4415935670","doi":"https://doi.org/10.1109/milcom64451.2025.11309897"},"language":null,"primary_location":{"id":"doi:10.1109/milcom64451.2025.11309897","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11309897","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2511.00140","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5120270776","display_name":"Tahmid Hasan Sakib","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Tahmid Hasan Sakib","raw_affiliation_strings":["Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yago Romano Martinez","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yago Romano Martinez","raw_affiliation_strings":["Tennessee Technological University,Department of Computer Science,Cookeville,TN,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tennessee Technological University,Department of Computer Science,Cookeville,TN,USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":null,"display_name":"Carter Brady","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Carter Brady","raw_affiliation_strings":["Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034599612","display_name":"Syed Rafay Hasan","orcid":"https://orcid.org/0000-0003-0183-8086"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Syed Rafay Hasan","raw_affiliation_strings":["Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tennessee Technological University,Department of Electrical and Computer Engineering,Cookeville,TN,USA","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5074002608","display_name":"Terry N. Guo","orcid":"https://orcid.org/0000-0002-7330-2152"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Terry N. Guo","raw_affiliation_strings":["Tennessee Technological University,Center for Manufacturing Research,Cookeville,TN,USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tennessee Technological University,Center for Manufacturing Research,Cookeville,TN,USA","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5120270776"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33217604,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.241799995303154,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.241799995303154,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.15039999783039093,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10761","display_name":"Vehicular Ad Hoc Networks (VANETs)","score":0.07989999651908875,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/spoofing-attack","display_name":"Spoofing attack","score":0.73580002784729},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.6567999720573425},{"id":"https://openalex.org/keywords/testbed","display_name":"Testbed","score":0.4997999966144562},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.448199987411499},{"id":"https://openalex.org/keywords/supply-chain","display_name":"Supply chain","score":0.40070000290870667},{"id":"https://openalex.org/keywords/physical-access","display_name":"Physical access","score":0.400299996137619},{"id":"https://openalex.org/keywords/reliability","display_name":"Reliability (semiconductor)","score":0.3790000081062317},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.3555999994277954},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.3495999872684479}],"concepts":[{"id":"https://openalex.org/C167900197","wikidata":"https://www.wikidata.org/wiki/Q11081100","display_name":"Spoofing attack","level":2,"score":0.73580002784729},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7013000249862671},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6744999885559082},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.6567999720573425},{"id":"https://openalex.org/C31395832","wikidata":"https://www.wikidata.org/wiki/Q1318674","display_name":"Testbed","level":2,"score":0.4997999966144562},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.448199987411499},{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.4050999879837036},{"id":"https://openalex.org/C108713360","wikidata":"https://www.wikidata.org/wiki/Q1824206","display_name":"Supply chain","level":2,"score":0.40070000290870667},{"id":"https://openalex.org/C1304207","wikidata":"https://www.wikidata.org/wiki/Q7189582","display_name":"Physical access","level":3,"score":0.400299996137619},{"id":"https://openalex.org/C43214815","wikidata":"https://www.wikidata.org/wiki/Q7310987","display_name":"Reliability (semiconductor)","level":3,"score":0.3790000081062317},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.3555999994277954},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.3495999872684479},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.34200000762939453},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.34060001373291016},{"id":"https://openalex.org/C2780771206","wikidata":"https://www.wikidata.org/wiki/Q3271761","display_name":"Safeguard","level":2,"score":0.31610000133514404},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.3142000138759613},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.31369999051094055},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.3077999949455261},{"id":"https://openalex.org/C2780598303","wikidata":"https://www.wikidata.org/wiki/Q65921492","display_name":"Flexibility (engineering)","level":2,"score":0.29910001158714294},{"id":"https://openalex.org/C2780615140","wikidata":"https://www.wikidata.org/wiki/Q920419","display_name":"Upgrade","level":2,"score":0.2906999886035919},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.28760001063346863},{"id":"https://openalex.org/C12590798","wikidata":"https://www.wikidata.org/wiki/Q3933199","display_name":"Replication (statistics)","level":2,"score":0.2865000069141388},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.2791000008583069},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.27090001106262207},{"id":"https://openalex.org/C202775310","wikidata":"https://www.wikidata.org/wiki/Q1140366","display_name":"Trusted Platform Module","level":2,"score":0.27059999108314514},{"id":"https://openalex.org/C90509273","wikidata":"https://www.wikidata.org/wiki/Q11012","display_name":"Robot","level":2,"score":0.2680000066757202},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2669999897480011},{"id":"https://openalex.org/C9628104","wikidata":"https://www.wikidata.org/wiki/Q788009","display_name":"Autonomous system (mathematics)","level":2,"score":0.25870001316070557},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.25200000405311584}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/milcom64451.2025.11309897","is_oa":false,"landing_page_url":"https://doi.org/10.1109/milcom64451.2025.11309897","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2511.00140","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.00140","pdf_url":"https://arxiv.org/pdf/2511.00140","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2511.00140","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2511.00140","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2511.00140","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2511.00140","pdf_url":"https://arxiv.org/pdf/2511.00140","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"acceptedVersion","is_accepted":true,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W2169239645","https://openalex.org/W2579603034","https://openalex.org/W2099005886","https://openalex.org/W2617246254","https://openalex.org/W4411203074","https://openalex.org/W4280571816","https://openalex.org/W3013061016","https://openalex.org/W2619220155","https://openalex.org/W2761119957","https://openalex.org/W4308644262","https://openalex.org/W4403566328","https://openalex.org/W4396592343","https://openalex.org/W4412005543","https://openalex.org/W1966741850","https://openalex.org/W1970867218","https://openalex.org/W2136495567"],"related_works":[],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"a":[3,18,83,91],"proof-of-concept":[4],"supply":[5,150],"chain":[6,151],"attack":[7,132],"against":[8,162],"the":[9,55,59,146],"Secure":[10],"ROS":[11,31,85],"2":[12,32,61,86],"(SROS":[13],"2)":[14],"framework,":[15],"demonstrated":[16],"on":[17,82],"Quanser":[19],"QCar2":[20],"autonomous":[21,160],"vehicle":[22],"platform.":[23],"A":[24],"Trojan":[25],"infected":[26],"Debian":[27],"package":[28],"modifies":[29],"core":[30],"security":[33],"commands":[34],"to":[35,46,57,134,158],"exfiltrate":[36],"newly":[37],"generated":[38],"keystore":[39],"credentials":[40,53],"via":[41],"DNS":[42],"in":[43],"base64-encoded":[44],"chunks":[45],"an":[47,64,96],"attacker-controlled":[48],"nameserver.":[49],"Possession":[50],"of":[51],"these":[52],"enables":[54],"attacker":[56],"rejoin":[58],"SROS":[60,143],"network":[62],"as":[63],"authenticated":[65],"participant":[66],"and":[67,115,154,164],"publish":[68],"spoofed":[69],"control":[70],"or":[71,127],"perception":[72],"messages":[73],"without":[74],"triggering":[75],"authentication":[76],"failures.":[77],"We":[78],"evaluate":[79],"this":[80],"capability":[81],"secure":[84],"Humble":[87],"testbed":[88],"configured":[89],"for":[90,100,148],"four-stop-sign":[92],"navigation":[93],"routine":[94],"using":[95,142],"Intel":[97],"RealSense":[98],"camera":[99],"perception.":[101],"Experimental":[102],"results":[103],"show":[104],"that":[105],"control-topic":[106],"injections":[107],"can":[108,122],"cause":[109],"forced":[110],"braking,":[111],"sustained":[112],"high-speed":[113],"acceleration,":[114],"continuous":[116],"turning":[117],"loops,":[118],"while":[119],"perception-topic":[120],"spoofing":[121],"induce":[123],"phantom":[124],"stop":[125],"signs":[126],"suppress":[128],"real":[129],"detections.":[130],"The":[131],"generalizes":[133],"any":[135],"data":[136],"distribution":[137],"service":[138],"(DDS)-based":[139],"robotic":[140],"system":[141],"2,":[144],"highlighting":[145],"need":[147],"both":[149],"integrity":[152],"controls":[153],"runtime":[155],"semantic":[156],"validation":[157],"safeguard":[159],"systems":[161],"insider":[163],"impersonation":[165],"threats.":[166]},"counts_by_year":[],"updated_date":"2026-05-21T09:19:25.381259","created_date":"2025-11-05T00:00:00"}