CoreDX DDS Secure offers a complete state-of-the-art security solution including authentication, encryption, signing, and access control.

Today’s Industrial Internet of Things (IIoT) systems are deriving tremendous benefit from connected components. These additional network connections open significant security risks to mission and business critical infrastructure and business systems.

DDS Security is an unprecedented step forward in secure publish-subscribe communications. The CoreDX DDS Secure product provides a standards compliant, state-of-the-art, end-to-end security solution to meet the requirements of today’s IIoT and military systems.

An Overview

CoreDX DDS Secure is an implementation of the OMG’s DDS Security specification, including the standardized plug-in API’s and the interoperable reference implementation of those plug-ins. It is designed to address all the threats to an unsecure DDS network. These threats include:

  • Unauthorized DDS Publishers, including those injecting “bad” data, those pretending to be an

authorized publisher, and those attempting a denial of service attack

  • Unauthorized DDS Subscribers
  • Unauthorized packet sniffers

CoreDX DDS Secure covers all aspects of secure data communications:

  • Identification and Authentication
  • Access Control
  • Integrity
  • Confidentiality

CoreDX DDS security features are fully integrated into the publish-subscribe protocols – not simply layered on top of a secure transport like SSL. This architecture allows for full flexibility of security configuration on a topic by topic level, as well as maintaining DDS features such as dynamic discovery, scaleable reliability, and other QoS configuration policies.

The Architecture

Configuration

CoreDX DDS Secure allows full configuration of security features from the Domain level down to rules for individual DataReaders, DataWriters, and Topics. Configuration is controlled by 2 main configuration sets: Domain Governance and Permissions.

The Domain Governance configuration controls the security protocol level, and where the security protocol is applied (built-in discovery messages, each Topic). It also controls overreaching Domains security configuration like access controls and if unauthenticated participants are allowed.

The Permissions configuration controls the publication and subscription rules for each DomainParticipant: which Topics may have DataWriters and/or DataReaders for this DomainParticipant, and their individual access controls.

Standards

CoreDX DDS Secure is an implementation of the OMG’s DDS Security standard v1.0. Twin Oaks Computing maintains its active involvement in the development and maintenance of the OMG DDS standards, including the recent development and enhancement of the DDS Security specification.

The DDS Security specification includes 2 main items:

  1. DDS Security Plug-in API, including API’s for:
    • Authentication
    • Access Control
    • Cryptography
    • Logging
  1. DDS Security Plug-in reference implementation

The standardized Plug-in API allows users to implement their own plug-ins for one or more aspects of DDS Security.

The reference implementations specify a standardized implementation of the security plug-ins. These reference implementations contain state-of-the art security protocols, and may be used as-is, or used as a reference for implementing new plug-in implementations.

For more information regarding CoreDX DDS Secure, please contact Nick Pridham at Hamersham at nick@hamersham.com or call 07717 790404