RTI Connext DDS Secure – Secure Messaging for Intelligent Machines
Secure Messaging for Intelligent Machines
Connext DDS Secure provides a standards-compliant, off-the-shelf messaging platform that delivers the security, performance, and safety required for deployment of the Industrial Internet of Things. It complies with the new Data Distribution Service (DDS) Security specification from the Object Management Group (OMG).
Features and Benefits:
- Provides authentication, authorisation, non-repudiation, confidentiality, and integrity
- Protects discovery information, metadata, and data
- Defends against unauthorised access, tampering, and replay
- Operates without centralised servers for high performance, scalability, and availability
- Runs over any transport including TCP, UDP, multicast, and shared memory
- Integrates with existing security infrastructures and hardware acceleration
- Secures unmodified existing DDS applications
Securing critical infrastructure is essential for safety and economic reasons and it must be pursued without sacrificing performance or reliability. The machines that make up medical, energy, manufacturing, transportation, and defence systems must perform at the speed of the physical-world processes they manage. Even brief unplanned outages can be disastrous.
Connext DDS Secure introduces a robust set of security capabilities to the Connext DDS Professional package. These include authentication, encryption, access control and logging. Secure multicast support enables efficient and scalable distribution of data to many subscribers. Performance is also optimised by fine-grain control over the level of security applied to each data flow, such as whether encryption or just message authentication is required.
An optional SDK allows implementation of custom security plugins. These can be used to integrate with existing authentication infrastructures, support additional encryption algorithms or leverage hardware acceleration. The Plugin SDK includes source code to the standard RTI plugins as an example.
Security is implemented above the transport layer and does not require a secure transport protocol such as TLS/SSL or DTLS. Any Connext DDS transport can be used securely, including UDP, TCP and shared memory. Support for UDP multicast (both reliable and best effort) enables very efficient data distribution when there are many subscribers to the same data.
Only data that must be private has to incur the overhead of encryption and decryption. This is much more efficient than TLS and other transport-layer security approaches that encrypt all data. For example, it is not necessary to encrypt the observable data reported by a weather station used to forecast power demand; the data only has to be signed with a Message Authentication Code (MAC) to prevent malicious manipulation.
Connext DDS Secure complies with the Data Distribution Service (DDS) Security specification from the Object Management Group (OMG). This provides interoperability with other compliant DDS implementation, as well as portability of custom plugins.