RTI Security Plugins User's Manual Logo
7.5.0
  • Available Documentation
  • About This Document
    • Paths Mentioned in Documentation
    • Extensions to the DDS Standard

Part 1: Welcome to Security Plugins

  • 1. Overview
    • 1.1. Description of DDS System Threats
      • 1.1.1. Unauthorized Subscription
      • 1.1.2. Unauthorized Publication
      • 1.1.3. Tampering And Replay
      • 1.1.4. Crossing Domains
    • 1.2. Applying DDS Protection
      • 1.2.1. Domain-Level Protection
        • 1.2.1.1. Domain-Level Protection Threat Model
        • 1.2.1.2. Domain-Level Protection From Outsider Adversaries
      • 1.2.2. Granular Protection Inside Domains
        • 1.2.2.1. Granular Protection Threat Model
        • 1.2.2.2. Applying Granular Protection Inside Domains
      • 1.2.3. Protecting the RTPS Protocol
        • 1.2.3.1. Protecting Bootstrapping
        • 1.2.3.2. Protecting Integrity
        • 1.2.3.3. Protecting Confidentiality
        • 1.2.3.4. Origin Authentication Protection
    • 1.3. Introduction to the Security Plugins
      • 1.3.1. Features of Security Plugins
      • 1.3.2. Supported Cryptographic Algorithms
        • 1.3.2.1. Cryptographic Algorithms Used for Data Flow Protection with Pre-Shared Key Protection
        • 1.3.2.2. Cryptographic Algorithms Used for Data Flow Protection
        • 1.3.2.3. Cryptographic Algorithms Used for Key Exchange
        • 1.3.2.4. Cryptographic Algorithms Used for Digital Signatures
      • 1.3.3. Choosing the Right Technology to Protect Your Data
  • 2. Using Security Plugins
    • 2.1. Securing Distributed Systems
    • 2.2. Securing a DomainParticipant

Part 2: Core Concepts

  • 3. Elements of a Security Plugins System
    • 3.1. QoS Properties
    • 3.2. Public Key Infrastructure (PKI)
      • 3.2.1. Identity Certificates
        • 3.2.1.1. Certificate Chaining
        • 3.2.1.2. Alternative CAs
        • 3.2.1.3. Dynamic Certificate Status and Revocation
        • 3.2.1.4. Multiple Certificate Revocation Lists
      • 3.2.2. Governance and Permissions
    • 3.3. Governance Document
      • 3.3.1. Specifying Domains
        • 3.3.1.1. Domain IDs
        • 3.3.1.2. Domain Tags
      • 3.3.2. Domain-Level Rules
      • 3.3.3. Topic-Level Rules
      • 3.3.4. Example Governance Document (XML)
      • 3.3.5. How the Governance Document is Interpreted
      • 3.3.6. XML Validation in the Governance Document
      • 3.3.7. Governance Compatibility Validation
    • 3.4. Permissions Document
      • 3.4.1. Example Permissions Document (XML)
      • 3.4.2. How the Permissions are Interpreted
      • 3.4.3. XML Validation in the Permissions Document
    • 3.5. Security Builtin Topics
      • 3.5.1. Authentication Builtin Topic (ParticipantStatelessMessage)
      • 3.5.2. Secure Key Exchange Builtin Topic (ParticipantVolatileMessageSecure)
      • 3.5.3. Builtin Secure Logging Topic
      • 3.5.4. Builtin Secure Discovery Topics
      • 3.5.5. Builtin Secure Liveliness Topic
      • 3.5.6. Builtin Secure ServiceRequest Topic
  • 4. Authentication
    • 4.1. Handshake
      • 4.1.1. Message Exchange
        • 4.1.1.1. Handshake Request
        • 4.1.1.2. Handshake Reply
        • 4.1.1.3. Handshake Final
      • 4.1.2. General Considerations
        • 4.1.2.1. Symmetric Authentication Failure
        • 4.1.2.2. Asymmetric Authentication Failure
      • 4.1.3. Identity Certificate Validation
        • 4.1.3.1. Step 1. Verifying the certificate validity on the current date and time
        • 4.1.3.2. Step 2. Verifying the certificate is not revoked
        • 4.1.3.3. Step 3. Verifying that the Identity CA issued the remote’s Identity Certificate
      • 4.1.4. GUID Validation
      • 4.1.5. Shared Key Derivation
    • 4.2. Authentication Builtin Topic (ParticipantStatelessMessage)
      • 4.2.1. Fragmentation Support for the Authentication Topic
    • 4.3. Related Governance Rules
      • 4.3.1. Domain-level rules
        • 4.3.1.1. allow_unauthenticated_participants (domain_rule)
        • 4.3.1.2. identity_credential_authority_validation
    • 4.4. Cryptographic Algorithms
      • 4.4.1. Digital Signature Algorithms
      • 4.4.2. Key Establishment Algorithms
    • 4.5. Advanced Authentication Concepts
      • 4.5.1. Protecting Participant Discovery
      • 4.5.2. Identity Certificate Chaining
      • 4.5.3. Re-Authentication
      • 4.5.4. Guidelines for Minimizing Authentication Negotiation Times
      • 4.5.5. Dynamic Certificate Revalidation
        • 4.5.5.1. Dynamic Certificate Expiration of Remote DomainParticipants
        • 4.5.5.2. Dynamic Certificate Expiration of the Local DomainParticipant
        • 4.5.5.3. Dynamic Certificate Revocation of Remote DomainParticipants
        • 4.5.5.4. Dynamic Certificate Revocation of Local DomainParticipants
      • 4.5.6. Dynamic Certificate Revocation of Remote DomainParticipants through Whitelisting
        • 4.5.6.1. Interactions with allow_unauthenticated_participants
        • 4.5.6.2. Whitelist mutability
        • 4.5.6.3. Interactions with ignore_participant API
        • 4.5.6.4. Whitelist format
      • 4.5.7. CRL Expiration
      • 4.5.8. Dynamic Certificate Renewal of a DomainParticipant
      • 4.5.9. Online Certificate Status Protocol
    • 4.6. Properties for Configuring Authentication
      • 4.6.1. Configuration Properties Affecting Any Authentication Plugin
      • 4.6.2. Configuration Properties Affecting Connext DDS Core Libraries Behavior
  • 5. Access Control
    • 5.1. Governance Document
    • 5.2. Permissions Document
      • 5.2.1. Rules for matching a subject name in the Permissions Document
      • 5.2.2. Topics
      • 5.2.3. Partitions
        • 5.2.3.1. Behavior of the partitions tag within an allow_rule
        • 5.2.3.2. Behavior of the partitions tag within a deny_rule
        • 5.2.3.3. Partition Mutability
      • 5.2.4. Data Tags
        • 5.2.4.1. Behavior of data_tags within an allow_rule
        • 5.2.4.2. Behavior of data_tags within a deny_rule
    • 5.3. Related Governance Rules
      • 5.3.1. Domain-level rules
        • 5.3.1.1. enable_join_access_control (within a domain_rule)
        • 5.3.1.2. topic_access_rules (domain_rule)
      • 5.3.2. Topic-level rules
        • 5.3.2.1. enable_read_access_control (topic_rule)
        • 5.3.2.2. enable_write_access_control (topic_rule)
        • 5.3.2.3. No Matching Rule
    • 5.4. Advanced Access-Control Concepts
      • 5.4.1. Participant-Level Permissions, Endpoint-Level Permissions, and Unsecure DomainParticipants
      • 5.4.2. Access Control and Unauthenticated Participants
    • 5.5. Properties for Configuring Access Control
  • 6. Cryptography
    • 6.1. Introduction
      • 6.1.1. Cryptography Plugin as an Enabler for Other Plugins
      • 6.1.2. Overview of How Cryptography Works in DDS
    • 6.2. Cryptographic Algorithms
      • 6.2.1. Participant Symmetric Cipher Algorithms
      • 6.2.2. Endpoint Symmetric Cipher Algorithms
    • 6.3. Secure Entities
      • 6.3.1. Architecture of Secure Entities
        • 6.3.1.1. Security Mechanisms
        • 6.3.1.2. Security Attributes
        • 6.3.1.3. Local Sender’s Key Material
        • 6.3.1.4. Remote Sender’s Key Material
      • 6.3.2. Lifecycle of Secure Entities
        • 6.3.2.1. Creation of the Secure Entity
        • 6.3.2.2. Discovery of a Remote Secure Entity
        • 6.3.2.3. Key Material Exchange
        • 6.3.2.4. Secure Communication
      • 6.3.3. Algorithms Involved in Protecting Secure Entities Traffic
        • 6.3.3.1. Limiting the Usage of a Specific Session Key
        • 6.3.3.2. Limiting the Usage of Specific Key Material
        • 6.3.3.3. Automatically Banishing Ignored Participants
    • 6.4. Secure Key Exchange Channel (ParticipantVolatileMessageSecure Topic)
      • 6.4.1. Secure Key Exchange Builtin Topic Characteristics And Security Attributes
      • 6.4.2. Secure Key Exchange
      • 6.4.3. Secure Key Redistribution
    • 6.5. Securing DDS Messages on The Wire
      • 6.5.1. RTPS Protocol Changes to Support Secure Entities Traffic
        • 6.5.1.1. Serialized Data Protection
        • 6.5.1.2. Instance Key Data Protection
        • 6.5.1.3. Submessage Protection
        • 6.5.1.4. RTPS Protection
        • 6.5.1.5. Origin Authentication Protection
      • 6.5.2. Cryptographic Information Added to RTPS Messages
        • 6.5.2.1. Crypto Header
        • 6.5.2.2. Crypto Content / Serialized Payload
        • 6.5.2.3. Crypto Footer
    • 6.6. Security Protections Applied by DDS Entities
      • 6.6.1. DomainParticipants
      • 6.6.2. User-Defined Endpoints (DataWriters/DataReaders)
      • 6.6.3. Builtin Secure Discovery Endpoints
        • 6.6.3.1. Secure Topic Query and Locator Reachability Support
      • 6.6.4. Builtin Secure Liveliness Endpoints
    • 6.7. Related Governance Rules
      • 6.7.1. Understanding ProtectionKinds
      • 6.7.2. Domain-Level Rules
        • 6.7.2.1. rtps_protection_kind (domain_rule)
        • 6.7.2.2. rtps_psk_protection_kind (domain_rule)
        • 6.7.2.3. discovery_protection_kind (domain_rule)
        • 6.7.2.4. liveliness_protection_kind (domain_rule)
        • 6.7.2.5. monitoring_metrics_protection_kind (domain_rule)
        • 6.7.2.6. monitoring_logging_protection_kind (domain_rule)
        • 6.7.2.7. service_request_protection_kind (domain_rule)
        • 6.7.2.8. instance_state_consistency_protection_kind (domain_rule)
        • 6.7.2.9. allowed_security_algorithms (domain_rule)
        • 6.7.2.10. enable_key_revision (domain_rule)
      • 6.7.3. Topic-Level Rules
        • 6.7.3.1. metadata_protection_kind (topic_rule)
        • 6.7.3.2. data_protection_kind (topic_rule)
        • 6.7.3.3. enable_discovery_protection (topic_rule)
        • 6.7.3.4. enable_liveliness_protection (topic_rule)
    • 6.8. Advanced Cryptography Concepts
      • 6.8.1. Reliability Behavior When MAC Verification Fails
      • 6.8.2. Configuring Reliability Protocol Settings of the Secure Key Exchange Topic
      • 6.8.3. Securing Application-Level Acknowledgments
      • 6.8.4. Origin Authentication Protection Implications
      • 6.8.5. Reencoding Protected Data when Regenerating Keys
      • 6.8.6. Interactions with Persistence Service
      • 6.8.7. Interactions with FlatData and Zero Copy
      • 6.8.8. Lightweight Security Pre-Shared Key RTPS Protection
      • 6.8.9. Interactions with Instance State Consistency
    • 6.9. Properties for Configuring Cryptography
      • 6.9.1. Configuration Properties Affecting Any Cryptography Plugin
  • 7. Security Events and Logging
    • 7.1. Connext DDS Builtin Logging System
      • 7.1.1. Logging Security Events through the Connext DDS Builtin Logging System
    • 7.2. Distributed Over DDS
      • 7.2.1. Configuring the Logging Distribution
      • 7.2.2. Builtin Secure Logging Topic
      • 7.2.3. Implementation Notes
        • 7.2.3.1. Publication of the Builtin Secure Logging Topic
        • 7.2.3.2. Custom QoS Profile for the Builtin Secure Logging Topic
    • 7.3. Advanced Logging Concepts
      • 7.3.1. Interface Between the Logging Plugin and the Connext DDS Builtin Logging System
      • 7.3.2. Subscribing to the Builtin Logging Topic
    • 7.4. Properties for Configuring Security Events and Logging
    • 7.5. Logging Messages
  • 8. Data Tagging
    • 8.1. Example Use Case
    • 8.2. Limitations
  • 9. Building and Running Security Plugins-Based Applications
    • 9.1. Linking Applications with the Security Plugins
      • 9.1.1. Dynamic Linking
      • 9.1.2. Static Linking
    • 9.2. Mixing Libraries Not Supported
    • 9.3. Properties for Enabling Security
    • 9.4. Advanced Concepts
      • 9.4.1. Creating/Deleting a DomainParticipant as a C++ Static Object
    • 9.5. Platform-Specific Notes
      • 9.5.1. Building Security Plugins-Based Applications for VxWorks 7
        • 9.5.1.1. Considerations for Building and Running Security Plugins in Kernel Modules
        • 9.5.1.2. Considerations for Building and Running Security Plugins in RTP Executables
    • 9.6. Libraries Required for Using the Builtin Security Plugins
    • 9.7. Libraries Required for Using the Lightweight Builtin Security Plugins

Part 3: Advanced Concepts

  • 10. Using STRIDE Threat Modeling to Analyze Security Risks in DDS Systems
    • 10.1. Introduction to Threat Modeling
    • 10.2. Simplified DDS Security Threat Model
    • 10.3. Introduction to STRIDE
    • 10.4. Detailed DDS Security Threat Model
      • 10.4.1. DDS Security Trust Boundaries
      • 10.4.2. DDS Traffic Categorization
      • 10.4.3. DDS Security Threat Protection
      • 10.4.4. Domain Outsider Protection
      • 10.4.5. Domain Insider Protection
      • 10.4.6. Topic Outsider Protection
      • 10.4.7. Topic Insider Protection
    • 10.5. Configuration Examples for Common Threat Scenarios
      • 10.5.1. Automotive Network Insider
        • 10.5.1.1. Configuration
        • 10.5.1.2. Resulting protection
      • 10.5.2. Industrial Automation Malicious 3rd-Party App
        • 10.5.2.1. Configuration
        • 10.5.2.2. Resulting protection
      • 10.5.3. Medical System Malicious Device
        • 10.5.3.1. Configuration
        • 10.5.3.2. Resulting protection
      • 10.5.4. Aviation Services Malicious Device
        • 10.5.4.1. Configuration
        • 10.5.4.2. Resulting protection
  • 11. Design Considerations
    • 11.1. Factors Affecting Performance and Scalability in General
      • 11.1.1. Hardware
      • 11.1.2. Algorithms Used
      • 11.1.3. Maximum Transmission Unit (MTU)
      • 11.1.4. Using OpenSSL Providers
      • 11.1.5. Security Plugins File Tracking
    • 11.2. Security Plugins’ Impact on Scalability at Startup
      • 11.2.1. Impact of the Security Plugins on the Discovery Process
        • 11.2.1.1. Differences in DomainParticipant Creation
        • 11.2.1.2. Differences in Endpoints Creation
        • 11.2.1.3. Differences in Remote DomainParticipants Discovery
        • 11.2.1.4. Differences in Remote Endpoints Discovery
        • 11.2.1.5. Participant Discovery Information Validation and Updates
      • 11.2.2. Impact of the Secure Versions of Builtin Endpoints
      • 11.2.3. Impact of Key Exchange on Scalability at Startup
        • 11.2.3.1. Participant Key Material
        • 11.2.3.2. Builtin Secure Endpoints
        • 11.2.3.3. User-Defined Secure Endpoints
        • 11.2.3.4. Receiver-Specific Keys
      • 11.2.4. Factors Impacting Performance and Scalability at Startup
        • 11.2.4.1. Impact of OCSP
        • 11.2.4.2. Number of Participants and Endpoints in Your Secure Domain
        • 11.2.4.3. Contents of the Identity Certificates
        • 11.2.4.4. Contents of Your Permissions Documents
        • 11.2.4.5. Impact of Different Protection Kinds
    • 11.3. Security Plugins Impact on Scalability and Performance During Steady State
      • 11.3.1. Overhead of the Different Protection Kinds
        • 11.3.1.1. Discovery Protection
        • 11.3.1.2. Liveliness Protection
        • 11.3.1.3. Serialized Data Protection
        • 11.3.1.4. Submessage Protection
        • 11.3.1.5. RTPS Protection
        • 11.3.1.6. Origin Authentication Protection
        • 11.3.1.7. SIGN VS ENCRYPT
        • 11.3.1.8. OCSP revalidation
      • 11.3.2. Factors Impacting Performance and Scalability During Steady State
        • 11.3.2.1. Performance Impact of Different Protection Kinds
        • 11.3.2.2. Interaction Between the Security Plugins and Batching QoS
        • 11.3.2.3. Interaction Between the Security Plugins and Multicast
        • 11.3.2.4. Interaction with Reliability
        • 11.3.2.5. Scalability Considerations for Origin Authentication Protection
        • 11.3.2.6. Interaction with Content Filtered Topics
        • 11.3.2.7. Interaction with Topic Queries
        • 11.3.2.8. Interaction with Asynchronous Publishing
        • 11.3.2.9. Interaction with Compression
        • 11.3.2.10. Interaction with CRC
        • 11.3.2.11. Interaction with Transport UDPv4_WAN
    • 11.4. Recommendations for Usage with Observability Framework
    • 11.5. Security Considerations when Enabling Compression
    • 11.6. Considerations when Enabling OCSP
      • 11.6.1. When OCSP is Not Recommended
      • 11.6.2. Responder Availability
      • 11.6.3. OCSP Token Validity Interval
      • 11.6.4. Time Synchronization Requirements
  • 12. Best Practices
    • 12.1. Choosing the Granularity of Your Permissions Documents for DomainParticipants
    • 12.2. Using Serialized Data Protection Along with Submessage/RTPS Protection
    • 12.3. Using Separate Domains for Secure and Unsecure Participants
    • 12.4. Keeping Governance and Permissions Compatibility Across Different Security Plugins Versions
  • 13. Support for OpenSSL Engines
    • 13.1. Properties for Configuring OpenSSL Engines
    • 13.2. Advanced Concepts
      • 13.2.1. Support for Engine Control Commands
  • 14. Support for OpenSSL Providers
    • 14.1. Instructions for Loading Providers
      • 14.1.1. Constructing a Configuration File
      • 14.1.2. Setting Environment Variables
      • 14.1.3. Verifying the Usage of Providers
    • 14.2. How Providers Impact Security Plugins Behavior
    • 14.3. The FIPS Provider
  • 15. What’s Different Between the Security Plugins and the OMG Security Specification
    • 15.1. Differences Affecting Builtin Plugins to be Addressed by Next DDS Security Specification
      • 15.1.1. Access Control
        • 15.1.1.1. Mutability of Publisher PartitionQosPolicy
    • 15.2. Differences Affecting Builtin Plugins
      • 15.2.1. General
        • 15.2.1.1. Support for Infrastructure Services
      • 15.2.2. Access Control
        • 15.2.2.1. Placement of the <default> rule in the Permissions Document
    • 15.3. Differences Affecting Custom Plugins
      • 15.3.1. Authentication
        • 15.3.1.1. Revocation
        • 15.3.1.2. Discovery Failure If Exchanging Fewer Than Two Handshake Messages
      • 15.3.2. Access Control
        • 15.3.2.1. check_remote_topic
        • 15.3.2.2. check_local_datawriter_register_instance
        • 15.3.2.3. check_local_datawriter_dispose_instance
        • 15.3.2.4. check_remote_datawriter_register_instance
        • 15.3.2.5. check_remote_datawriter_dispose_instance
        • 15.3.2.6. check_local_datawriter_match / check_local_datareader_match
        • 15.3.2.7. Revocation
        • 15.3.2.8. PermissionsToken
      • 15.3.3. Cryptography
        • 15.3.3.1. inline_qos for encode/decode_serialized_payload
  • 16. Pre-Shared Key Protection
    • 16.1. Pre-Shared Key Protection Motivation and Benefits
      • 16.1.1. Pre-Shared Key Protection in Lightweight Builtin Security Plugins vs. Pre-Shared Key Protection in Builtin Security Plugins
    • 16.2. Configuring Pre-Shared Key Protection
      • 16.2.1. Lightweight Builtin Security Plugins and Builtin Security Plugins Interoperability
    • 16.3. How Pre-Shared Key Protection Works
      • 16.3.1. PSK Material
      • 16.3.2. Key Management
      • 16.3.3. Passphrase identifier
      • 16.3.4. Pre-Shared Key Protection and the Cloud
  • 17. The Lightweight Builtin Security Plugins
    • 17.1. Configuring the Lightweight Builtin Security Plugins
      • 17.1.1. The Lightweight Builtin Security Plugins and RTI Admin Console
  • 18. Relevant Connext APIs
    • 18.1. Relevant functions
      • 18.1.1. banish_ignored_participants
      • 18.1.2. discovered_participant_subject_name
      • 18.1.3. discovered_participants_from_subject_name
      • 18.1.4. discovered_participant_data
      • 18.1.5. on_invalid_local_identity_status_advance_notice
    • 18.2. Relevant types for the Governance Document
    • 18.3. Relevant types for the Security Algorithms

Part 4: Integration with other RTI Connext Products

  • 19. DDS Security Data Visualization with RTI Administration Console
    • 19.1. RTI Admin Console and the Lightweight Builtin Security Plugins
  • 20. Support for RTI Infrastructure Services
    • 20.1. RTI Persistence Service
    • 20.2. RTI Routing Service
    • 20.3. RTI Recording Service
    • 20.4. RTI Web Integration Service
  • 21. Support for RTI Real-Time WAN Transport
    • 21.1. Binding Ping Messages Security
    • 21.2. Security Considerations when Using Cloud Discovery Service
      • 21.2.1. Protection Against a Cloud Discovery Service Participant Announcement Replay Attack
  • 22. Support for RTI Observability Framework
    • 22.1. Creating a Governance Document for Observability Framework
    • 22.2. Creating a Permissions Document for Collector Service
    • 22.3. Creating a Permissions Document for Monitoring Library 2.0
    • 22.4. Enabling Security Plugins in Collector Service
      • 22.4.1. Using Docker Compose (Prepackaged)
      • 22.4.2. Using Docker (Separate Deployment)
    • 22.5. Enabling Security Plugins in Monitoring Library 2.0
  • Copyrights and Notices
RTI Security Plugins User's Manual
  • Search


© Copyright 2017-2025, Real-Time Innovations, Inc.

Built with Sphinx using a theme provided by Read the Docs.

Send feedback about this document to documentation@rti.com.