ROS 2 DDS Chain of Trust Vulnerability Allowing Permission Document Forgery

A vulnerability exists in certain Data Distribution Service (DDS) implementations used by ROS 2, specifically Fast-DDS and CycloneDDS, that allows malicious nodes to forge permission documents. This issue arises from a non-compliant implementation of permission verification, where a single Certificate Authority (CA) is used for both identity and permissions. Exploitation involves crafting a permissions document signed with the node's own certificate, which is then accepted by other nodes due to the shared CA. The vulnerability is rooted in improper validation of S/MIME signatures using OpenSSL, enabling unauthorized delegation of permission signing authority.

Impact

Successful exploitation allows a DDS participant to manipulate permission documents, potentially leading to unauthorized actions within the DDS communication framework.

Reproduction

The vulnerability can be reproduced by creating a ROS 2 security keystore that uses a single CA for both identity and permissions. After setting up the keystore, a node can be authorized to publish on a topic while another node is restricted from subscribing. The malicious node can then modify its permissions document to gain unauthorized access, such as subscribing to a topic it was previously denied access to.

Remediation

DDS vendors should separate the roles of Identity and Permissions CAs into different certificates. Additionally, the verification process should be adjusted to prevent unauthorized delegation of signing authority.