RTI Connext DDS Secure – Secure Messaging for Intelligent Machines

Secure Messaging for Intelligent Machines

Connext DDS Secure is the trusted connectivity framework for developing and integrating secure Industrial IoT systems. It protects systems through flexible, fine-grained security for optimal performance and efficiency, from device to cloud.



Connext DDS Secure offers high performance, scalability and availability by operating without centralised servers.

Intelligent systems must perform reliably in order to meet the added processing requirements posed by security functions such as encrypting and signing data. By taking a data-centric approach, Connext DDS Secure ensures that security overheads don’t reduce performance. It achieves optimised security and performance by authenticating and encrypting only sensitive data. It is thus used to design robust, reliable systems that safeguard without sacrificing real-time performance.

Fine-grained security offers flexibility of protecting different parts of the RTPS message.

Choose between non-secured, signed and encrypted topics to meet your performance needs. Not only can select topics be protected, but they can be protected at varying levels of granularity to provide further optimization. Fine-grained security allows architects to:

  • Sign/encrypt the entire RTPS message
  • Sign/encrypt select RTPS sub messages
  • Sign/encrypt the serialised user data

Connext DDS Secure complies with the Data Distribution Service (DDS) Security specification from the Object Management Group (OMG). This provides interoperability with other compliant DDS implementation, as well as portability of custom plugins.

Connext DDS Secure defends against unauthorised access, tampering and replay by providing authentication, authorisation, confidentiality and integrity.

  • X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)
  • Digital Signature Algorithm (DSA) with Diffie-Hellman and RSA for authentication and key exchange
Access Control
  • Specifications via permissions file signed by shared CA
  • Control over ability to join DDS Domains and Partitions, read or write Topics
  • Control on individual objects and Quality of Service (QoS) via plugins
  • Protected key distribution
  • AES128 and AES256 for encryption
  • HMAC-SHA1 and HMAC-SHA256 for message authentication and integrity
  • Log security events to a local file or distribute securely over Connext DDS