editor's blog
Subscribe Now

First Formal DDS Security

As noted in today’s article on some of the characteristics of the DDS data transport standard, it’s missing a rather important component: formalized security. Proprietary schemes have been layered on top of it, but the OMG has a beta standard that they’re now finalizing (a process that could take up to a year).

But that doesn’t stop early adoption. RTI has announced an implementation of the new OMG security standard for DDS – something likely made easier since, by their claim, they contributed much of the content of the standard.

There are a couple of particular challenges with respect to security on DDS. First, due to its decentralized nature, there are no brokers or single-points-of-security (which would be single points of failure). This means that each device or node has to handle its own security.

Second, DDS runs over many different transport protocols, some of which may or may not have their own security. Because of that, you can’t rely on the underlying transport security for protection. This means adding DDS-level security (which may complement security at a lower level).

We usually think of security as protecting the privacy of a message so that only the intended receiver can read it. While this is true, RTI points out that, in many cases, the content isn’t really secret – you just want to be sure that it’s authentic. They use as an example a weather data transmission: you may not care if anyone else sees it, but you want to be sure you’re getting the real thing and not some spoofed message that’s going to send your boats out into the heart of a hurricane. (I hear that competition amongst fishermen is fierce!)

So RTI’s Connext DDS Security includes authentication, access control, encryption (using encryption standards), data tagging (user-defined tags), and logging.

RTI__Security_Plug_Ins_Network_Slide_red.png

(Click to enlarge)

Image courtesy RTI

If all you’re interested in is authentication, you can improve performance by taking a hash of the message (much faster than encrypting) and then encrypting only the hash (much smaller – hence quicker – than the entire message). Full encryption (needed to obscure the entire payload) can be 100 times slower.

You can also customize your own encryption and authentication code if you wish.

They claim that this is the first “off the shelf” security package; the prior proprietary approaches ended up being written into the applications explicitly. Here it’s provided as a library for inclusion in the overall DDS infrastructure.

You can find more in their announcement.

Leave a Reply

featured blogs
Dec 2, 2020
The folks at LEVL are on a mission is to erase your network footprint. Paradoxically, they do this by generating their own 48-bit LEVL-IDs for your devices....
Dec 2, 2020
To arrive at your targeted and optimized PPA, you will need to execute several Innovus runs with a variety of design parameters, commands, and options. You will then need to analyze the data which... [[ Click on the title to access the full blog on the Cadence Community site...
Dec 1, 2020
UCLA’s Maxx Tepper gives us a brief overview of the Ocean High-Throughput processor to be used in the upgrade of the real-time event selection system of the CMS experiment at the CERN LHC (Large Hadron Collider). The board incorporates Samtec FireFly'„¢ optical cable ...
Nov 25, 2020
[From the last episode: We looked at what it takes to generate data that can be used to train machine-learning .] We take a break from learning how IoT technology works for one of our occasional posts on how IoT technology is used. In this case, we look at trucking fleet mana...

featured video

Accelerate Automotive Certification with Synopsys Functional Safety Test Solution

Sponsored by Synopsys

With the Synopsys Functional Safety Test Solution architecture, designers of automotive SoCs can integrate an automated, end-to-end BIST solution to accelerate ISO compliance and time-to-market.

Click here for more information about Embedded Test & Repair

featured paper

How to optimize an OpenCL Kernel for the data center using Silexica's SLX FPGA

Sponsored by Silexica

FPGAs are being increasingly employed as co-processors in data centers. This application note explains how SLX FPGA accelerates a Fintech design example, leveraging Xilinx’s Vitis Platform’s bottom-up flow, Alveo U200 accelerator card, and Vitis quantitative finance library.

Click here to download the whitepaper

Featured Chalk Talk

Embedded Display Applications Innovation

Sponsored by Mouser Electronics and Texas Instruments

DLP technology can add a whole new dimension to your embedded design. If you considered DLP in the past, but were put off by the cost, you need to watch this episode of Chalk Talk where Amelia Dalton chats with Philippe Dollo of Texas Instruments about the DLP LightCrafter 2000 EVM. This new kit makes DLP more accessible and less expensive to design in, and could have a dramatic impact on your next embedded design.

Click here for more information about Texas Instruments DLP2000 Digital Micromirror Device (DMD)