Is Your Data Secure?
Odds are good that your data is extremely important to you. Now consider how one secures that data. Typical approaches address access, authentication, integrity, non-repudiation and confidentiality concerns at the domain and link layers, implicitly securing the data. The challenge and need is to move these security specifications to the data itself, and provide explicit security policies on each element of system-identified data.
Why is this level of finesse needed? As you build out your systems, and systems of systems, how do you manage security when individually element of data, the communication links, and domain boundaries have different behaviors? With this level of complexity and risk, it's critical to have awareness at the level that matters – the data level – so you can make the right design and implementation decisions.
At this webinar, learn how to achieve an assured and predictable security footprint by minimizing the leak of information or exploitation of data through unintended consequences. Secure DDS offers data-centric configuration policies for content and behaviors. Recognizing that security isn't one-size fits all, a standards-based optional plugin SDK allows developers to create custom security plugins.
Connext Secure DDS is the world's first turnkey DDS security solution that conforms to the OMG specification and provides an essential security infrastructure that is data-focused for DDS and legacy systems.
Watch On-Demand: http://ecast.opensystemsmedia.com/478
1. Your systems. Working as one.
Is Your Data Secure?
June 24 – RTI Sponsored Webinar
Gordon Hunt, gordon.hunt@rti.com
2. Agenda
• What is Data?
• What is Security?
• How to Bring it all Together?
• Why does it Matter?
3. What is Data?
Data-At-Rest?
• Where is it
• Single view of the ‘answer’
• Heterogeneous views
• How do I get to it
• State is centralized
Data-In-Motion?
• How to send/share it
• Shared view of the ‘answer’
• Homogeneous views
• How we say it
• State is distributed
4. Example: Clinical Decision Support Systems
Workstations,
Storage, Historical
HL7/EMR Gateway, Enterprise, 3rd Party
Room
Devices
Care Area
Administration
5. Example: Where and What is the Data?
Workstations,
Storage, Historical
HL7/EMR Gateway, Enterprise, 3rd Party
Room
Care Area
Administration
Location:
Room 247B
Data:
HomerSimpson
6. Example: Blue Force Tracker Systems
6
TSG TSG
TSG
JNN
Ku-Band
ARMY
BFT1
BFT1
L-Band
VSAT
JCR
NOC
L-Band
Ground Stations
EPLRS
EPLRS
EPLRS EPLRS
ARMY EPLRS
EPLRS EPLRS
USMC
TSG
TSG
TSG
DISA
JBCP
NOC
7. Messages and Routing versus Actionable Data
• Message-Centric NOC
Architecture
– Point to Point
– State is Implicit
– Intermediate messages
are not actionable
• Data-Centric NOC
Architecture
– Observable databus
– State is Explicit
– Intermediate state is
actionable
Comtech
Side A
Comtech
Side B
CUI Network
Gateway
Satcom 1
CUI Network
Gateway
Satcom 2
SEC
Region
Server
3
SEC
NOC
Cntlr
SEC
MySQL
Server
SEC
NTP
SEC
CDI
CUI
Region
Server
1
CUI
NOC
Cntrlr
CUI
MySQL
Server
CUI
CDI
CUI
NDS
CUI
NAS
Network Switch Network Switch
NIPR
NTP
NIPR
CDI
SEC
C2R
DDS
CUI NOC Secret NOC
Radiant
Mercury
CUI ASA 5510
Comtech
LBAND
NIPRNET
SEC Router
SEC Isolation
Router
CUI Isolation
Router
CUI Isolation
Router
BFT1
NEH
Cisco
2924XL
SEC Legacy
Gateway
SEC JCR
Gateway
SEC
Satcom
Gateway
SIPRNET
SEC
NDS
SEC
NAS
Cisco
2924XL
CUI
Aux
Trans
CUI
NTP
SEC
Aux
Trans
CUI
MTS-
ES
CUI
Region
Server
2
SEC
Region
Server
4
1
2
3 4
5 6 7
8
9
1
0
1
1
1
2
Dell PowerEdge 815
RTI DDS
SEC Enclave
Radiant
Mercury
CP Conduit G
SIPRNet
CP Conduit H
Cross Domain Conduit J
SA
Process
C2
Process
SDSA
Process
KGV-72 x 4
CUI
SA
Process
C2
Process
SDSA
Process
SA
Process
C2
Process
SDSA
Process
JCR NOC
NOC SA Display Conduit K
SA
Process
C2
Process
SDSA
Process
Type 1 Conduit I
SA
Process
C2
Process
SDSA
Process
SIPRNet
Persistence
Server
SDSA/C2
Routing
Configuration
Management
Logging
Health
Monitoring
DataStore
NOC
Addressed
C2 Display
ASCOPE ASCOPE
Datastore
8. Results of Making Data Actionable
• Before
I. Custom implementation for
the Army
II. Centralized, monolithic and
tightly coupled
III. Under development for 8
years
IV. 500,000 SLoC
V. Required 21 quad-core
servers
VI. Supported 10,000
sustained tracks
VII. Suffered reliability and
uptime challenges
• After
I. Standards based, COTS and
Open Architecture
II. De-centralized, modular
and de-coupled
III. PoC completed in 1 week,
full system in 1 year
IV. 50,000 SLoC
V. Only requires a single core
system
VI. Supports 500,000
sustained tracks
VII. Inherently supports full
redundancy
8
9. Where is the Data?
Point-to-point, sockets, RPC, RMI
Data and its state is in the applications
Each application maintains its view
Centralized, DB, ESBs
Data and its state is in the Database
Managed interactions with data and state
Decentralized, Data Centric
Data and its state is in the bus
Stateless clients/services
Data needs explicit properties to manage its behavior
Broker
ESB
DBMS
10. Where is the Data?
Centralized Analytics and Control
• Limits scalability and performance
– Capacity of individual links and switch ports
– CPU and resource limits on servers
• Diminished robustness
– Tied to server maintenance and failures
– Single point of “vulnerability”
• Lessens capabilities and utility
– Single centralized “brain”
– No autonomy or Intelligence at the edge.
• Brittle security. All intelligence is “in a box”
Centralized ESB, Database,
or Message Broker
11. Where is the Data?
Distributed Analytics & Control
• Analyze orders of magnitude more data
• Lower latency control for faster response
• Highly resilient, no single point of failure
• Fine-grained access control and security
• More capable and flexible Intelligence at the edge
Decentralized, fully
Distributed DDS DataBus
12. What is Security?
• Authentication:
– The bank knows who you are; you must show ID.
• Access Control:
– The bank only lets those on an access list into your box.
• Confidentiality:
– You are alone in the room Nobody can see the contents of the box.
• Integrity:
– The box is sealed. If anybody touches it you will know.
• Non repudiation:
– You sign when you come in and out so you can’t claim that you
weren’t there.
• Availability:
– The bank is always open.
13. How to Implement Security?
Security Related Infrastructure
• Intrusion Detection and Actions
• Malware Detection and Prevention
• Secure Boot & Trusted Platforms
• Secure Comms and Data Links
• Key and Identity Mgmt.
• Cryptologic Functions
• …
Very Domain specific – may need all of these
e.g.
14. Where is Security?
Multiple Security Boundaries
• Boundary Security
• Transport-Level
– Network (layer 3) security
– Session (layer 4/5) security
– Endpoint-based access
• Fine-grained Data-Centric Security
– Queue/table-based access
– Decentralized or centralized?
Ultimately you need to implement all of them
16. Data Identity
in the Global Data Space
• Domain:
– The world you are talking about
• Topic:
– A group of similar objects
• Similar structure (“type”)
• Similar way they change over time (“Quality of Service”)
• Instance:
– An individual object in the topic group of similar objects
• Like the “key” fields in a database table
• Domain Participant:
– A connection to the Domain in order to source/observe observations
• Data Writer:
– The source of observations about a set of data objects (Topic)
• Data Reader:
– Observer of a set of data-objects
• Sample:
– An update of an instance
Domain
Topic “A”
Topic “B”
Logical
Physical
17. Data Behavior
in the Global Data Space
• Aside from the actual data to be delivered, users often
need to specify HOW to send it …
… reliably (or “send and forget”)
… how much data (all data , last 5 samples, every 2 secs)
… how long before data is regarded as ‘stale’ and is discarded
… how many publishers of the same data is allowed
… how to ‘failover’ if an existing publisher stops sending data
… how to detect “dead” applications
… …
• These options are controlled by formally-defined
Quality of Service (QoS)
23. Data Security
in the Global Data Space
• Access control per Topic
– And all that that implies
• Read versus-write permissions
– But enable fully distributed enforcement
• Source-specific permissions and tagging
– Fine-grained specificity of policies
Topics
Domain
Topic “B”
Topic “A”
Topic “C”
24. Data Security
in the Global Data Space
• Authentication:
– The Domain knows who you are, you must show ID
• Access Control:
– Only those on the Topics’ access list are allowed (r/w)
• Confidentiality:
– Data payload and meta-data individually encrypted.
• Integrity:
– Data samples include destination specific signatures/MACs.
• Non repudiation:
– Specified behavior and associated quality of service for
acknowledgements
• Availability:
– DDS managed and specified behavior, rich fault/failure management
25. Data Security
How is it Done?
• Security Model
– What to Protect
• Security Plugin APIs
– How/where to protect
– Interchangeability of the plugins
• DDS RTPS Wire Protocol
– Data encapsulation and
discovery interoperability
• Default Builtin Plugins
– Out-of-box implementation
– Interoperable implementations
OMG DDS Security Specification
RTI Connext™ DDS Implementation
26. Data Security
Threats in the Global Data Space
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by infrastructure services
Alice: Allowed to publish topic ‘T’
Bob: Allowed to subscribe to topic ‘T’
Eve: Non-authorized eavesdropper
Trudy: Intruder
Mallory: Malicious insider
Trent: Trusted infrastructure service
Alice
Bob
Eve
Trudy
Trent
Mallory
27. Data Security
Using Secure DDS (per OMG spec)
• Start with a Domain Configuration
– Signed document that sets
policies for the Domain
• Specifies
– What Topics are discovered using
Secure Discovery
– Encrypt or Sign for Secure Discovery
– What Topics have controlled access
– Encrypt or Sign for each secure Topic
• User data and payload
• Metadata and routing information
– What to do with unauthenticated
access requests
28. Data Security
Using Secure DDS per OMG specification
• For each Participant
– Its an identified point of access
– Enables fully distributed
authentication
– Enables local access enforcement
• Specifies
– What Domain IDs it can join
– What Topics it can read/write
– What Topics it can relay
– What Partitions it can join
– What Tags are associated with the
Readers and Writers
30. What’s Happening on the Wire?
• RTPS Protocol Supports
– Rigorous identity, source
and destination indication
– Sequence numbers for state
recreation
– Content awareness for
efficient delivery
– Timestamps for data and
state integrity
– Efficient use of transports
– Proxy & routing support
– Reliability & synchronization
handshaking
…
encode_serialized_data()
encode_datawriter_submessage()
encode_datareader_submessage()
encode_rtps_message()
…
31. Why does it Matter?
Connext DDS Secure Benefits
• Decentralized
– High performance
– No single point of failure
• Runs over any transport
– Including low bandwidth, unreliable
– Multicast for scalability, low latency
• Select encryption or message
authentication
– Only encrypt private data
– Up to 100x faster
• Customizable plugin architecture
• Data Distribution Service (DDS) compliant
• Works with unmodified existing apps
Connext DDS
library
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport
(e.g., TCP, UDP, multicast,
shared memory, )
32. Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
DDS
LAN
DDS
LAN
RTI Routing
Service
ComProcessor
IP
Router
IP
Router
DDS over WAN
DDS
over UDP/WAN
Effective DNP3
connection
Details at http://blogs.rti.com
33. Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
IP
Router
IP
Router
DDS over WAN
Secure DDS
over UDP
Effective DNP3
connection
Details at http://blogs.rti.com
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
34. Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
Why does it Matter?
RTI and PNNL Grid Security Retrofit
DNP3
Slave
Device
DNP3 over
RS232/485
DNP3 over
Ethernet DNP3 over DDS
RTI Routing
Service
Gateway
IP
Router
IP
Router
DDS over WAN
Secure DDS
over UDP
Attack Detector
Display
Scada
Converter
Anomaly
Detector
Effective DNP3
connection
Details at http://blogs.rti.com
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
35. Why does it Matter?
Secure, flexible, scalable, and performant
system integration.
• Decoupled access to data via the Global Data Space
– This does not mean loss of access control to the information and data
– It means that the Data Space must have an associated security model
• DDS can use standard PKI and cryptographic techniques to
enforce the security policies
• DDS can use domain-specific system technologies and
capabilities to address security
The key is to use a data-centric security model
36. DDS Secure
Connext DDS Professional
RTI Connext™: A Next Generation Infrastructure
DDS-RTPS Wire Interoperability Protocol
DDS & JMS
Libraries
Routing
Service
Database
Integration
Connext
DDS Micro
Connext
DDS Cert
Administration
Monitoring
Microsoft Excel
Recording
Replay
Wireshark
Persistence
Logging
Prototyper
General Purpose
Real-Time Apps
Remote
Apps
Disparate
Apps
Adapter
RDBMS Small Footprint
Apps
Safety critical
Applications
DDS-RTPS Wire Interoperability Protocol
37. Next Steps & Questions
• Evaluation Available Today
• Contact
– info@rti.com Or your local Account Manager
www.rti.com
community.rti.com
www.facebook.com/RTIsoftware
www.slideshare.net/RealTimeInnovations
www.twitter.com/RealTimeInnov
blogs.rti.com
www.youtube.com/realtimeinnovations
www.omg.org
dds.omg.org