PCWorld News

Better messaging means security can grow with IoT

The brake pedal in your car probably isn’t attached to the brakes. But don’t worry, the pedal knows how to tell the brakes that you’ve pressed it. And now there’s a new way to secure the messages they send each other.

New software from Real-Time Innovations, which supplies messaging software for embedded systems used in cars, factories and other settings, implements a recently approved specification called DDS Security. With it, critical behind-the-scenes communication among machines can be safer from hacking and still happen as fast as it needs to, according to David Barnett, RTI’s vice president of products. A preview release of RTI’s software, Connext DDS Secure, is available immediately.

The Internet of Things encompasses a vast number of components and systems that rely on the ability to talk to one another. Some, like the sensor in a brake pedal that sends signals to the brakes, are electronic replacements for what were once mechanical systems. So-called drive-by-wire airplanes work the same way: The controls in the cockpit send digital commands to the wing flaps and rudders. And increasingly, IoT extends beyond individual systems, so cars talk to other cars and to auto shops, and machines on an assembly line chat amongst themselves to keep things running smoothly.

The Object Management Group’s Data Distribution Service standard, which is about 10 years old, controls a lot of that communication. Manufacturing, medical devices, aerospace and defense are some of the industries where DDS is most widely used, according to Barnett. But until now, making DDS messages secure has required add-ons such as proprietary software and SSL (Secure Sockets Layer), a protocol borrowed from the Web, Barnett said.

DDS Security is a formal extension to the DDS standard, approved by the OMG in March. It gives software developers like RTI a common way to keep systems that use DDS safe from hacks that could take them over or shut them down.

As IoT grows, it’ll become a wider and a more attractive target for hackers who want to disrupt industrial systems, said VDC Research analyst Chris Rommel. Some systems, such as aircraft, are better equipped to contain hacking attempts than are others. “Messaging security is becoming more and more important,” Rommel said.

Maybe the best thing about DDS Security is that it scales better, Barnett said. With SSL, each time a device communicates with another device or application, it has to set up one secure channel with one private encryption key. That can become a problem when there are many different apps and machines to talk to.

For example, a sensor on an assembly line may have to send its readings to the next machine down the line, as well as to an analytics application, a dashboard for a human administrator, and hundreds of other destinations across the whole manufacturing system. And unlike Web pages, IoT data often has to move under strict time constraints. Add the fact that most IoT processors are designed for power savings instead of performance, and SSL can become a burden, Barnett said.

DDS Security has a multicast function that lets the sending device encrypt a message once and send it to multiple destinations at the same time, Barnett said.

RTI expects DDS Security to be adopted broadly across industries where DDS is used today, but it won’t be an overnight change. In health care, energy and some manufacturing sectors, that might happen in less than five years, Barnett said. Other industries, such as automotive, may take longer because they’re more fragmented. RTI’s focus is on industrial IoT, not connected consumer devices.

There are other standard IoT messaging protocols, including MQTT (Message Queuing Telemetry Transport) and AMQP (Advanced Message Queuing Protocol), but at least a handful of these can and will coexist, VDC’s Rommel said. IoT as a whole will have to grow even as it remains fragmented, because many industrial embedded systems stay in the field for 10 to 20 years without updates, he said. Meanwhile, peripherals and gateways can make disparate systems talk to each other. In fact, RTI itself makes such adapters.

“There can be a partial move toward standard technology, but it certainly won’t be a complete one,” Rommel said. “There’ll be different bridges and Band-Aids to help make it happen.”

Pricing for Connext DDS Secure starts at US$9,495 per developer for new customers and $2,000 per developer for current Connext DDS customers, with discounts for larger projects.

Subscribe to the Security Watch Newsletter

Comments