Better messaging means security can grow with IoT

Messaging veteran RTI delivers software based on the new DDS Security standard

The brake pedal in your car probably isn't attached to the brakes. But don't worry, the pedal knows how to tell the brakes that you've pressed it. And now there's a new way to secure the messages they send each other.

New software from Real-Time Innovations, which supplies messaging software for embedded systems used in cars, factories and other settings, implements a recently approved specification called DDS Security. With it, critical behind-the-scenes communication among machines can be safer from hacking and still happen as fast as it needs to, according to David Barnett, RTI's vice president of products. A preview release of RTI's software, Connext DDS Secure, is available immediately.

The Internet of Things encompasses a vast number of components and systems that rely on the ability to talk to one another. Some, like the sensor in a brake pedal that sends signals to the brakes, are electronic replacements for what were once mechanical systems. So-called drive-by-wire airplanes work the same way: The controls in the cockpit send digital commands to the wing flaps and rudders. And increasingly, IoT extends beyond individual systems, so cars talk to other cars and to auto shops, and machines on an assembly line chat amongst themselves to keep things running smoothly.

The Object Management Group's Data Distribution Service standard, which is about 10 years old, controls a lot of that communication. Manufacturing, medical devices, aerospace and defense are some of the industries where DDS is most widely used, according to Barnett. But until now, making DDS messages secure has required add-ons such as proprietary software and SSL (Secure Sockets Layer), a protocol borrowed from the Web, Barnett said.

DDS Security is a formal extension to the DDS standard, approved by the OMG in March. It gives software developers like RTI a common way to keep systems that use DDS safe from hacks that could take them over or shut them down.

As IoT grows, it'll become a wider and a more attractive target for hackers who want to disrupt industrial systems, said VDC Research analyst Chris Rommel. Some systems, such as aircraft, are better equipped to contain hacking attempts than are others. "Messaging security is becoming more and more important," Rommel said.

Maybe the best thing about DDS Security is that it scales better, Barnett said. With SSL, each time a device communicates with another device or application, it has to set up one secure channel with one private encryption key. That can become a problem when there are many different apps and machines to talk to.

For example, a sensor on an assembly line may have to send its readings to the next machine down the line, as well as to an analytics application, a dashboard for a human administrator, and hundreds of other destinations across the whole manufacturing system. And unlike Web pages, IoT data often has to move under strict time constraints. Add the fact that most IoT processors are designed for power savings instead of performance, and SSL can become a burden, Barnett said.

DDS Security has a multicast function that lets the sending device encrypt a message once and send it to multiple destinations at the same time, Barnett said.

RTI expects DDS Security to be adopted broadly across industries where DDS is used today, but it won't be an overnight change. In health care, energy and some manufacturing sectors, that might happen in less than five years, Barnett said. Other industries, such as automotive, may take longer because they're more fragmented. RTI's focus is on industrial IoT, not connected consumer devices.

There are other standard IoT messaging protocols, including MQTT (Message Queuing Telemetry Transport) and AMQP (Advanced Message Queuing Protocol), but at least a handful of these can and will coexist, VDC's Rommel said. IoT as a whole will have to grow even as it remains fragmented, because many industrial embedded systems stay in the field for 10 to 20 years without updates, he said. Meanwhile, peripherals and gateways can make disparate systems talk to each other. In fact, RTI itself makes such adapters.

"There can be a partial move toward standard technology, but it certainly won't be a complete one," Rommel said. "There'll be different bridges and Band-Aids to help make it happen."

Pricing for Connext DDS Secure starts at US$9,495 per developer for new customers and $2,000 per developer for current Connext DDS customers, with discounts for larger projects.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags RTINetworkingsecurityinternet

More about AdvancedIDGLawsonObject Management Group

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Lawson

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place