Connext DDS Secure

Connectivity Software for Securing IIoT Systems

Connext DDS Secure is the world's first connectivity software designed for architecting and securing IIoT systems of systems. Connext DDS Secure features the RTI Security Plugins, which support the Object Management Group's (OMG) DDS Security specification and enable forward compatibility. 

The plugins apply the DDS standard's fundamental principle of data centricity to security. Unlike other network security solutions, Connext DDS Secure supports fine-grained security so that developers have the flexibility to only enable the security capabilities required by their systems, such as message authentication or encryption, without compromising performance. 

Two-Minute Topic: Connext DDS Secure

Download  |  Larger View

Features and Benefits:

  • Enables a data-centric approach to providing confidentiality, integrity and availability without introducing single points of vulnerability. 
  • Protects discovery information, metadata and data.
  • Customizable to use customer-preferred crypto algorithms, key management and security hardware. 
  • Runs over any transport including TCP, UDP, multicast and shared memory. 
  • Integrates with existing security infrastructures like hardware acceleration. 
  • Enhances legacy DDS applications with little-to-no code modification. 

Securing IIoT systems - such as those in autonomous vehicles, medical, energy, transportaion and defense - requires careful architecting of the entire IIoT system from edge-to-cloud. This includes considerations for integrating diverse equipment from different project teams or third party suppliers. Thus, a connectivity framework that promotes interoperability between devices is required. the alternative is for OEMs to write and maintain the integration code to connect these complex devices. 

Furthermore, security must be balanced with performance. The machines that make up intelligent systems must be able to perform reliably with the added processing requirements for security functions like encrypting and signing data. 

As a software datbus with a security framework, Connext DDS Secure takes a data-centric approach to securing data including:

  • Interoperability between DDS Security applications based on the system's data model.
  • Optimized security and performance by authentication and encrypting only sensitve data.
  • Automatic discovery of each participant for peer-to-peer communications. 


Standard Capabilities

  • X.509 Public Key Infrastructure (PKI) with a pre-configured shared Certificate Authority (CA)
  • RSA or Elliptic Curve DSA (ECDSA) for authentication
  • Diffie Hellman (DH) or ECDH for shared secret
Access Control
  • Specifications via permissions file signed by shared CA
  • Control over ability to join DDS Domains and Partitions, read or write Topics
  • Control on individual objects and Quality of Service (QoS) via plugins
  • AES128-GCM and AES256-GCM for encryption 
  • AES128-GMAC and AES256-GMAC for authentication and integrity 
  • Protected Key Distribution 
  • Log security events to a local file or distribute securely over Connext DDS

Fine-Grained Security 

Choose between non-secured, signed and encrypted topics to meet your performance needs. Not only can select topics be protected, but they can be protected at varying levels of granularity to provide further optimization. Fine-grained security allows architects to:

  • Sign the entire RTPS message
  • Sign/encrypt select RTPS sub messages
  • Sign/encrypt the serialized user data



Security Over Muticast

Security is implemented above the transport layer. Therefore, any Connext DDS transport can be used securely, including UDP, TCP and shared memory. Support for UDP multicast (both reliable and best effort) enables effecient data distribution to multiple authenticated subscribers to the same data.



Pluggable Customizable 

Minimal-to-no changes are required for existing DDS applications when using built-in plugins. An optional SDK is available for custom plugins, crypto modules or support for custom hardware like crypto accelerators or trusted platform modules (TPM). 




Transport Flexibility

Security is implemented above the transport layer and does not require a secure transport protocol such as TLS/SSL or DTLS. Any connext DDS transport can be used securely, including UDP, TCP and shared memory. Support for UDP multicast (both reliable and best effort) enables very efficient data distribution when there are many subscribers to the same data.

Security is implemented at the middleware layer, between the application and underlying transport protocol.

Optimized Performance

Only data that must be private has to incur the overhead of encryption and decryption. This is much more efficient than TLS and other transport-layer security approaches that encrypt all data. For example, it is not necessary to encrypt the observable data reported by a weather station used to forecast power demand; the data only has to be signed with a Message Authentication Code (MAC) to prevent malicious manipulation.

Standards Compliance

Connext DDS Secure complies with the Data Distribution Service (DDS) Security specification from the Object Management Group (OMG). This provides interoperability with other compliant DDS implementation, as well as portability of custom plugins.

Evaluation Version

To request an evaluation version of Connext DDS Secure please register for Connext DDS Professional. A sales representative will contact you.