Connext Secure

Based on the DDS standard, Connext Secure is the trusted software framework for architecting and securing systems of systems.

Overview

Securing autonomous and intelligent systems – such as those in medical, energy, transportation and defense industries – requires careful architecting of the entire system. Connext Secure is the trusted connectivity framework for designing robust, reliable systems that safeguard without sacrificing real-time performance.

The system protects and defends infrastructure through flexible, fine-grained security measures that ensure optimal performance and efficiency, spanning from devices to the cloud. It enables decentralized, peer-to-peer communications, offering robust authentication, access control, encryption, and logging capabilities. Additionally, the system supports UDP multicast for efficient data distribution to multiple authenticated subscribers. It facilitates secure connections across both WAN and LAN environments, integrating seamlessly with Real-Time WAN Transport. Furthermore, it offers efficient security solutions for resource-constrained systems using Pre-Shared Keys. These features collectively help support compliance with modern cybersecurity regulations and Zero Trust policies.

Specification

  • Interoperability between DDS security applications based on the system’s data model
  • Optimized security and performance by authenticating and encrypting only sensitive data
  • Automatic discovery of each participant for trusted peer-to-peer communications
  • Pluggable and customizable: plugins only need to be configured via XML to enable security
  • Fine-grained security: Sign/encrypt the entire RTPS message, Sign/encrypt select RTPS sub messages, Sign/encrypt the serialized user data
  • X.509 PKI with Certificate Authorities, certificate chaining and revocation lists, RSA or ECDSA for authentication, DH or ECDH in ephemeral mode
  • Configured by domain using a shared Governance file signed by shared CA
  • AES-GCM in GMAC mode with 128-bit, 192-bit, and 256-bit keys ensures data integrity, confidentiality, and source authentication
  • Designed to support auditing of all DDS security events, increasing system visibility, Log security events to a file or propagate securely over DDS
  • Support for UDP multicast enables efficient data distribution to multiple authenticated subscribers to the same data