Más contenido relacionado
La actualidad más candente (20)
Similar a Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques (20)
Más de Real-Time Innovations (RTI) (7)
Cybersecurity Spotlight: Looking under the Hood at Data Breaches and Hardening Techniques
- 3. IIoT Systems Are Distributed
Sensors Actuators
Streaming
Analytics &
Control
HMI/UI IT, Cloud & SoS
Connectivity
©2016 Real-Time Innovations, Inc. 3
- 4. IIoT Systems Are Distributed
Sensors Actuators
Streaming
Analytics &
Control
HMI/UI IT, Cloud & SoS
Connectivity
©2016 Real-Time Innovations, Inc. 4
Potential Vulnerability
- 7. Challenge:
Security with Other Demanding Requirements
• Scalable real-time performance
• High reliability, resilience and safety
• Autonomous operation
©2016 Real-Time Innovations, Inc. 7
- 8. Data Distribution Service (DDS) Standard
Data Distribution Service (DDS)
Sensors Actuators
Streaming
Analytics &
Control
HMI/UI
IT, Cloud & SoS
Connectivity
©2016 Real-Time Innovations, Inc. 8
- 9. Key DDS Features
• Decentralized architecture
– Peer-to-peer communication
– No message brokers or
servers
– Low latency and high
scalability
– No single point of failure
• Multicast
– Efficient broad data distribution
• Automatic discovery
– Systems are self-forming and
self-healing
• Real-time Quality of Service
– Control over & visibility into timing
©2016 Real-Time Innovations, Inc. 9
Data Distribution Service (DDS)
Sensors Actuators
Streaming
Analytics &
Control
HMI/UI
IT, Cloud &
SoS
Connectivity
- 10. Publish/Subscribe for Loose Coupling
©2016 Real-Time Innovations, Inc. 10
DDS Software Data Bus
Control
App
Commands
Sensor
SensorData
ActuatorSensor
SensorData
Display
App
- 11. Use with New and Existing Systems
New and Updated Apps
Existing, Unmodified Apps and
(Sub)Systems
DDS-RTPS Interoperability Protocol
DDS App
DDS Library
DDS App
DDS Library
Transport Transport
Non-DDS
App
DDS Routing
Service
Adapter
Non-DDS
App
DDS Routing
Service
Adapter
OS & Transport OS & Transport
DDS
API
©2016 Real-Time Innovations, Inc. 11
- 12. This is addressed by DDS Security
Security Boundaries
• System Boundary
• Network Transport
– Media access (layer 2)
– Network (layer 3) security
– Session/Endpoint (layer 4/5) security
• Host
– Machine/OS/Applications/Files
• Data & Information flows
©2016 Real-Time Innovations, Inc. 12
- 13. Data Security - Threat Model
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by infrastructure services
Alice: Allowed to publish topic ‘T’
Bob: Allowed to subscribe to topic ‘T’
Eve: Non-authorized eavesdropper
Trudy: Intruder
Mallory: Malicious insider
Trent: Trusted infrastructure service
Alice
Bob
Eve
Trudy
Trent
Mallory
©2016 Real-Time Innovations, Inc. 13
- 14. Plugin Approach
• Requires trivial or no change to existing DDS
apps and adapters
• Runs over any transport
– Including low bandwidth,
unreliable
– Does not require TCP or IP
– Multicast for scalability,
low latency
• Completely decentralized
– High performance and scalability
– No single point of failure
• Fine grained control
– Which data is encrypted and/or signed
– Access control
Secure DDS
library
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport
(e.g., TCP, UDP, multicast,
shared memory…)
©2016 Real-Time Innovations, Inc. 14
- 16. Standard Capabilities (Built-in Plugins)
Authentication X.509 Public Key Infrastructure (PKI) with a pre-configured
shared Certificate Authority (CA)
Digital Signature Algorithm (DSA) with Diffie-Hellman and
RSA for authentication and key exchange
Access Control Configured by domain using a (shared) Governance file
Specified via permissions file signed by shared CA
Control over ability to join systems, read or write data
topics
Cryptography aes-128-ctr for encryption
HMAC-SHA256 for message authentication and integrity
aes-128-gcm, aes-192-gcm and aes-256-gcm for
encryption with authentication
Data Tagging Tags specify security metadata, such as classification level
Can be used to determine access privileges (via plugin)
Logging Log security events to a file or distribute securely over
DDS
©2016 Real-Time Innovations, Inc. 16
- 17. rti.com/downloads
Start using DDS Today!
Download the FREE complete RTI Connext
DDS Pro package for Windows and Linux:
• Leading implementation of DDS
• Includes C, C++, C#/.NET and Java APIs
• Tools to monitor, debug, test, visualize and
prototype distributed applications and systems
• Adapters to integrate with existing applications and
IT systems
©2016 Real-Time Innovations, Inc. 17