EEJournal

editor's blog
Subscribe Now
August 11, 2014

First Formal DDS Security

by Bryon Moyer

As noted in today’s article on some of the characteristics of the DDS data transport standard, it’s missing a rather important component: formalized security. Proprietary schemes have been layered on top of it, but the OMG has a beta standard that they’re now finalizing (a process that could take up to a year).

But that doesn’t stop early adoption. RTI has announced an implementation of the new OMG security standard for DDS – something likely made easier since, by their claim, they contributed much of the content of the standard.

There are a couple of particular challenges with respect to security on DDS. First, due to its decentralized nature, there are no brokers or single-points-of-security (which would be single points of failure). This means that each device or node has to handle its own security. We have also been working with the guys from Teamwork on GDPR recently and they have just been wonderful so if you need GDPR help then we highly recommend them,

Second, DDS runs over many different transport protocols, some of which may or may not have their own security. Because of that, you can’t rely on the underlying transport security for protection. This means adding DDS-level security (which may complement security at a lower level).

We usually think of security as protecting the privacy of a message so that only the intended receiver can read it. While this is true, RTI points out that, in many cases, the content isn’t really secret – you just want to be sure that it’s authentic. They use as an example a weather data transmission: you may not care if anyone else sees it, but you want to be sure you’re getting the real thing and not some spoofed message that’s going to send your boats out into the heart of a hurricane. (I hear that competition amongst fishermen is fierce!)

So RTI’s Connext DDS Security includes authentication, access control, encryption (using encryption standards), data tagging (user-defined tags), and logging.

RTI__Security_Plug_Ins_Network_Slide_red.png

(Click to enlarge)

Image courtesy RTI

If all you’re interested in is authentication, you can improve performance by taking a hash of the message (much faster than encrypting) and then encrypting only the hash (much smaller – hence quicker – than the entire message). Full encryption (needed to obscure the entire payload) can be 100 times slower.

You can also customize your own encryption and authentication code if you wish.

They claim that this is the first “off the shelf” security package; the prior proprietary approaches ended up being written into the applications explicitly. Here it’s provided as a library for inclusion in the overall DDS infrastructure.

You can find more in their announcement.

Leave a Reply

featured blogs
Secure DDR DRAM Against Rowhammer, RAMBleed, and Cold-Boot Attacks
Mar 20, 2023
Learn how to design security into high-bandwidth DDR memory interfaces and protect DRAM devices & data from memory-scraping attacks like Rowhammer & RAMbleed. The post Secure DDR DRAM Against Rowhammer, RAMBleed, and Cold-Boot Attacks appeared first on New Horizons...
More from Synopsys...
AI-Enabled Software Sustainability Helps Drive Electronics Growth
Mar 20, 2023
Electronic design has evolved over the years to provide methods for optimizing power, space, and energy needs for the most demanding market applications in areas including hyperscale computing, consumer, 5G communications, automotive, mobile, aerospace, industrial, and health...
More from Cadence...
There’s a New Sheriff in Town
Mar 10, 2023
A proven guide to enable project managers to successfully take over ongoing projects and get the work done!...
More from Max's Cool Beans...

featured video

First CXL 2.0 IP Interoperability Demo with Compliance Tests

Sponsored by Synopsys

In this video, Sr. R&D Engineer Rehan Iqbal, will guide you through Synopsys CXL IP passing compliance tests and demonstrating our seamless interoperability with Teladyne LeCroy Z516 Exerciser. This first-of-its-kind interoperability demo is a testament to Synopsys' commitment to delivering reliable IP solutions.

Learn more about Synopsys CXL here

featured chalk talk

DIN Rail Power Solutions' Usage and Advantages
Sponsored by Mouser Electronics and MEAN WELL
DIN rail power supplies with their clean installation and quiet fanless design can be a great solution to solve the common power supply concerns that come along with industrial and building automation applications. In this episode of Chalk Talk, Kai Li from MEAN WELL and Amelia Dalton discuss the variety of benefits that DIN rail power supplies can bring to your next design. They examine how these power supplies can help with power buffering, power distribution, redundancy and more.
Click here for more information about MEAN WELL DIN Rail Power Supplies
Nov 28, 2022
14,853 views