.. include:: ../vars.rst

***************************************
Support for RTI Real-Time WAN Transport
***************************************

|RWT| is compatible with the |RTI_SP|. The integrity of
the Binding Ping messages can be protected using a pre-shared key as
described in :ref:`p4_integrations/real-time_wan_transport:Binding Ping Messages
Security`. When using |CDS|, the communication with this service can be
protected by a pre-shared key as described in
:ref:`p4_integrations/real-time_wan_transport:Security Considerations when Using
Cloud Discovery Service`.

Binding Ping Messages Security
==============================

|RWT| uses special RTPS messages called Binding Ping messages to open NAT
bindings and to resolve UUID locators into public IP transport addresses. These
PING messages are exchanged between |DPs| before they authenticate with each
other (see :ref:`p2_core/authentication:Authentication`), and they contain the
UUID and the RTPS port of the locator with which they are associated (see
:link_um:`Binding Ping Messages in the Core Libraries User's Manual
<BindingPing_Security_WAN.htm>`).

An outside attacker can try to modify Binding Ping messages in transit, in
order to cause a failure in the protocol that establishes WAN connectivity
between |DPs|. For details on this protocol, see :link_um:`Advanced Concepts in
the Core Libraries User's Manual <AdvancedConcepts_WAN.htm>`.

To protect against this attack, the integrity of the Binding Ping messages
can be protected by using a pre-shared key that must be set in all |DPs| using
the :property:`cryptography.rtps_protection_key` property
(see :numref:`RTI Security Plugins Properties for Configuring Cryptography`).
When this property is set, |RWT| computes the HMAC over the Binding Ping
message using a shared secret derived from the pre-shared key.

The following example enables security to protect the integrity of the
Binding Ping messages in the `ExternalParticipant` QoS Profile, as described
in :link_um:`Peer-to-Peer Communication with a Participant that has a Public
Address in the Core Libraries User's Manual <P2P_Public_Address.htm>`.

.. literalinclude:: ../snippets/rwt_example.xml
  :language: xml
  :start-after: <!-- ExternalParticipant BINDING_PINGS -->
  :end-before: EOF
  :emphasize-lines: 48-49
  :caption: External Participant Configuration to Protect Binding Pings


Security Considerations when Using Cloud Discovery Service
==========================================================

|CDS| (CDS), in combination with |RWT| (RWT), plays a key
role in facilitating the NAT traversal process. The service does this by
resolving the public IP transport addresses associated with the UUID locators
received from a |DP| (|P1|) as part of its participant announcements (PA). For
further details, see :link_um:`Transport Locators in the Core Libraries User's
Manual <TransportLocators_WAN.htm>`.

Once |CDS| resolves the public IP transport addresses, it modifies the
participant announcement sent by |P1| to include these public addresses as part
of the locators and sends the updated participant announcement to the other
|DPs| so that they can establish communication with |P1|. :link_cds_um:`NAT
Traversal in the Cloud Discovery Service User's Manual <nat.html>` provides
additional details on the protocol for NAT traversal with |CDS|.

An outside attacker can try to modify or replay the participant announcement
messages sent by |CDS| to the |DPs|, in order to cause a failure in the protocol
that establishes WAN connectivity between |DPs|. To protect against these
attacks, you can protect the exchange of participant announcements between |CDS|
and the |DPs| through a pre-shared key (the Participant Discovery Protection
Key) that must be set in all |DPs| and |CDS|:

* |DPs| can set this pre-shared key using the
  :property:`authentication.participant_discovery_protection_key` property (see
  :numref:`RTI Security Plugins Properties for Configuring Authentication`).
* |CDS| can set this pre-shared key by updating the :xmltag:`property` tag
  inside :xmltag:`security` tag (see
  :link_cds_um:`Security Configuration in the Cloud Discovery Service User's
  Manual <configuration.html#security>`).

Configuring the Participant Discovery Protection Key is mandatory to use |CDS|
with |DPs| that enable the |SP| and |RWT|.


.. attention::

  The current version of |CDS| does not support the |AuthPlugin| as described in
  :ref:`p2_core/authentication:Authentication`. To protect the integrity of
  participant announcements exchanged, configure the Participant Discovery
  Protection Key, as demonstrated in :numref:`li-cds-config-protect`.

The following examples enable security to protect the integrity of the
participant announcements in the `InternalParticipant` QoS Profile, as described
in :link_um:`Peer-to-Peer Communication with Participants behind Cone NATs Using
RWT and CDS in the Core Libraries User's Manual <P2P_Behind_Cone.htm>`, and
configure |CDS| accordingly.

.. literalinclude:: ../snippets/rwt_example.xml
  :language: xml
  :start-after: <!-- InternalParticipant BINDING_PINGS -->
  :end-before: EOF
  :emphasize-lines: 44,45,48,49
  :caption: Internal Participant Configuration to Protect Participant Announcements and Binding Pings


.. _li-cds-config-protect:
.. literalinclude:: ../snippets/rwt_example.xml
  :language: xml
  :start-after: <!-- CDS rtps_protection_key and participant_discovery_protection_key -->
  :end-before: EOF
  :emphasize-lines: 18,19,22,23
  :caption: Cloud Discovery Service Configuration to Protect Participant Announcements and Binding Pings


Note that, in addition to the Participant Discovery Protection Key, the examples
above also set the RTPS Protection Key to protect Binding Pings. Setting
this key is required if the :property:`cryptography.rtps_protection_key` property
is used by your |DPs|.


Protection Against a Cloud Discovery Service Participant Announcement Replay Attack
-----------------------------------------------------------------------------------

To protect against participant announcement replay attacks, |CDS| computes an
HMAC over the participant announcements it sends, using an epoch that is
increased with every new participant announcement message:

.. math::

  m = \mathrm{HMAC}_k\left(\mathtt{PA} \parallel \mathtt{nonce\_prefix} \parallel \mathtt{epoch}\right)

Where:

  * ``k`` is a shared secret derived from the Participant Discovery Protection Key
  * ``nonce_prefix`` is a number bounded to the |CDS| or |DP| sending the
    participant announcement
  * ``epoch`` is a number that is increased with every new participant announcement

The concatenation of the ``nonce_prefix`` and the ``epoch`` is a nonce that
should be unique during the system's life. In the case of regular |DPs|, the
``nonce_prefix`` is randomly generated on the |DP| creation, with low chance of
collision. In the case of |CDS|, the ``nonce_prefix`` is derived from the |CDS|
service name (see :link_cds_um:`XML Tags for Configuring RTI Cloud Discovery
Service <configuration.html#xml-tags-for-configuring-project>`).

.. attention::

  Different instances of |CDS| must have different service names. Otherwise, the
  ``nonce_prefix`` would collide and your system may experience issues with
  discovery and connectivity loss.

The ``epoch`` is initialized with a timestamp obtained from the monotonic clock
of the host where |CDS| is running. After validating the HMAC, a |DP| will not
accept participant announcements from |CDS| with an ``epoch`` smaller than or
equal to the last ``epoch`` received. This is how the replay attack is avoided.

With this epoch initialization schema, restarting the |CDS| instance will be okay
because the ``epoch`` will be initialized to a value greater than the last
one used before the |CDS| instance was restarted. However, a restart of the host
where |CDS| runs will be problematic because the new instantiation of |CDS| will
use an ``epoch`` smaller than the last one published since the monotonic clock
counter is reset after the host restart. The result is that the participant
announcements sent by the |CDS| instance will be ignored by the |DPs| already
present in the system, and new |DPs| will be vulnerable against replayed |CDS|
messages.

To prevent this situation, you can set the
:property:`dds.participant.discovery_config.signature_validation_persistent_state_file`
property in |CDS| to store the value of the ``epoch`` in a file every time it is
increased. A |CDS| instance will initialize its epoch to the value contained in
the file, if the file exists. For further details on |CDS| security
configuration, see :link_cds_um:`Security Configuration in the Cloud Discovery
Service User's Manual <configuration.html#security>`).

The configuration of |CDS| can be updated to use this property as follows:

.. literalinclude:: ../snippets/rwt_example.xml
  :language: xml
  :start-after: <!-- CDS signature_validation_persistent_state_file -->
  :end-before: EOF
  :emphasize-lines: 18,19,22,23,26,27
  :caption: Cloud Discovery Service Configuration to Protect Against Participant Announcement Replay Attacks