RTI Connext DDS Secure – Secure Messaging for Intelligent Machines

Secure Messaging for Intelligent Machines

Connext DDS Secure is the trusted connectivity framework for developing and integrating secure, real-world systems. It protects systems through flexible, fine-grained security for optimal performance and efficiency, from device to cloud.



Connext DDS Secure offers high performance, scalability and availability by operating without centralised servers. It is the connectivity framework used to design robust, reliable systems that safeguard without sacrificing real-time performance.

Intelligent systems must perform reliably to meet the added processing requirements posed by security functions such as encrypting and signing data. By taking a data-centric approach, Connext DDS Secure ensures that security overheads do not reduce performance. It achieves optimised security and performance by authenticating and encrypting only sensitive data.

Optimised for autonomous and embedded systems, Connext DDS Secure provides a robust, flexible set of security capabilities to protect and defend systems.

Fine-grained security offers flexibility of protecting different parts of the RTPS message.

Choose between non-secured, signed and encrypted topics to meet your performance needs. Not only can select topics be protected, but they can be protected at varying levels of granularity to provide further optimisation. Fine-grained security allows architects to:

  • Sign/encrypt the entire RTPS message.
  • Sign/encrypt selected RTPS sub messages.
  • Sign/encrypt the serialised user data.

Connext DDS Secure complies with the Data Distribution Service Security specification from the Object Management Group. This provides interoperability with other compliant DDS implementation, as well as portability of custom plugins.

Connext DDS Secure defends against unauthorised access, tampering and replay by providing authentication, authorisation, confidentiality and integrity.

  • X.509 Public Key Infrastructure with a pre-configured shared Certificate Authority (CA).
  • Digital Signature Algorithm with Diffie-Hellman and RSA for authentication and key exchange.
Access Control
  • Specifications via permissions file signed by shared CA.
  • Control over ability to join DDS Domains and Partitions, read or write Topics.
  • Control on individual objects and Quality of Service via plugins.
  • Protected key distribution.
  • AES128 and AES256 for encryption.
  • HMAC-SHA1 and HMAC-SHA256 for message authentication and integrity.
  • Log security events to a local file or distribute securely over Connext DDS.