Provide pre-shared protection for unauthenticated messages
-
Key: DDSSEC12-94
-
Status: closed Implementation work Blocked
-
Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
-
Summary:
There is an inherent DoS network amplification attack that exploits peer-to-peer discovery. See https://issues.omg.org/browse/DDSIRTP26-6
This issue should be addressed by DDS-Security. Likely using some pre-shared key mechanics to protect all messages not otherwise protected. For example, the authentication handshakes.
-
Reported: DDS-SECURITY 1.1b1 — Fri, 12 Nov 2021 16:28 GMT
-
Disposition: Resolved — DDS-SECURITY 1.2
-
Disposition Summary:
Provide a layer of PSK protection
Peovide the means to use a pre-shared secret to protect any RTPS message (e.g. bootstrap messges) that is not otherwise protected by the keys that the DomainParticipants exchange.
Also define the "pre-shared" key mechanism as a separate "builtin" plugin
-
Updated: Tue, 20 Aug 2024 00:49 GMT
-
Attachments:
- encode_rtps_auth_only.svg 22 kB (image/svg+xml)
- encode_rtps_encryption.svg 23 kB (image/svg+xml)