Madrid, May 2023

Fast DDS Secure Discovery Server

Fast DDS has recently unveiled a groundbreaking feature in its 2.10 release: the Secure Discovery Server, integrating the DDS security with this alternative discovery mechanism. This new addition reinforces Fast DDS' commitment to enabling secure and scalable communication in all applications.

The Discovery Server mechanism operates on a client-server model, where one or multiple server DomainParticipants exchange messages (meta traffic) among DomainParticipants to establish their identities. This differs from the simple discovery mechanism, which uses a message broadcast method like IP multicast.

Developed in compliance with the DDS Security specifications, the Secure Discovery Server relies on five essential built-in security plugins, each playing a crucial role in ensuring a robust security framework:

  • Authentication Plugin (DDS:Auth:PKI-DH): This plugin establishes authentication for every domain participant that joins a DDS Domain by utilizing a trusted Certificate Authority (CA). Through mutual authentication, the DomainParticipants and the server validate each other's identities and establish a shared secret, ensuring secure and reliable communication.
  • Access Control Plugin (DDS:Access:Permissions): The Access Control plugin provides granular access control to DomainParticipants performing protected operations. This helps maintain data integrity and prevents unauthorized access.
  • Cryptographic Plugin (DDS:Crypto:AES-GCM-GMAC): Leveraging the Advanced Encryption Standard (AES) in Galois Counter Mode (GCM), the Cryptographic plugin offers authenticated encryption to secure data transmission. By encrypting the data and verifying its integrity during communication, this plugin safeguards against eavesdropping, tampering, and unauthorized access, ensuring the confidentiality of sensitive information.
  • Logging Plugin (DDS:Logging:DDS_LogTopic): The Logging plugin is responsible for logging security events within the DDS system. It creates a comprehensive record of security-related activities, allowing administrators to monitor and analyze events, detect anomalies, and investigate potential security breaches. These logs play a vital role in maintaining the integrity and accountability of the communication system.
  • Data Tagging Plugin (DDS:Tagging:DDS_Discovery): The Data Tagging plugin enables the addition of security labels to data exchanged within the DDS system. This feature allows for the specification of classification levels for data, providing an additional layer of security and control. By associating security labels with data, administrators can implement access control policies based on these labels, ensuring that only authorized recipients can access specific data sets. Additionally, data tagging can be used for message prioritization and to prevent the middleware from using the data instead of the intended application or service.

Implementing these five security plugins signifies a significant advancement in secure communication. With these powerful tools, Fast DDS empowers developers and system administrators to build and deploy secure distributed systems across various industries, such as robotics, automotive, and critical applications.


Please contact This email address is being protected from spambots. You need JavaScript enabled to view it..