DDS-Cerberus: Improving Security in DDS Middleware Using Kerberos Tickets
Abstract
The military deploys many IoT in battlefield operations to provide information on terrain and enemy combatants. It also deploys automated robots or UAVs where securing and trusting collected data is essential. Choosing the middleware that handles this message transfer is crucial for real-time operations. Networks with multiple entities, including IoT devices, UAVs, and small computers, require robust middleware facilitating message sending in real-time. Ideally, the middleware would provide QoS to handle lost packets and retransmissions in lossy environments, especially between low-power machines. DDS is a middleware that implements real-time and QoS capabilities by sending messages, not based on endpoints but topics. However, DDS nodes are susceptible to impersonation attacks, which compromise integrity and trust. To mitigate these attacks, DDS-C is developed as a security layer that integrates with DDS by using Kerberos tickets to identify and authenticate valid DDS nodes. This thesis evaluates DDS-C performance, determining if authentication overhead impedes DDS operations by using ROS 2 and Cyclone DDS as testbeds. Additionally, DDS-C is integrated into a commercial network AI provided by Bright Apps as a real-world use case. The results of this research conclude that DDS-C does not impact DDS operations to any significant degree. The added security and minimal middleware impact could help the military ensure node integrity in operational missions.
Document Details
- Document Type
- Technical Report
- Publication Date
- Mar 24, 2022
- Accession Number
- AD1166912
Entities
People
- Andrew T. Park
Organizations
- Air Force Institute of Technology