-
Key: DDSSEC_-146
-
Status: closed
-
Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
-
Summary:
The mutual authentication handshake described in 9.3.2 does not validate the ParticipantBuitinTopicData exchanged via discovery. This can create some vulnerability.
In addition the messages contain Information that is not being by the sender nor confirmed by the receiver. This includes the IdentityCertificates and Permissions, and other data. This is not considered best practices. Nominally each message in the handshake should tie-in to the previous message. -
Reported: DDS-Security 1.0b1 — Mon, 8 Feb 2016 13:14 GMT
-
Disposition: Resolved — DDS-Security 1.0
-
Disposition Summary:
Enhance Authentication handshake
Enhance Handshake to follow best practices from NIST FIPS-196
http://csrc.nist.gov/publications/fips/fips196/fips196.pdf -
Updated: Tue, 12 Jul 2016 14:45 GMT
-
Attachments:
- Issue146_Table_35.docx 51 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_36.docx 80 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_37.docx 102 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_38.docx 60 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_40.docx 117 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_41.docx 42 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_42.docx 81 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
- Issue146_Table_45.docx 44 kB (application/vnd.openxmlformats-officedocument.wordprocessingml.document)
DDSSEC_ — Enhance security of the Authentication Handshake
- Key: DDSSEC_-146
- OMG Task Force: DDS Security 1.0 FTF 2