DDS-Cerberus: Ticketing Performance Experiments and Analysis

Park, Andrew T.; Dill, Richard; Hodson, Douglas D.; Henry, Wayne

doi:10.1109/csci54926.2021.00044

Cited by 2 publications

(9 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…DDS-C is a novel security layer incorporating Kerberos ticketing with DDS publishers and subscribers, developed by two previous papers [10,11]. It provides additional security by validating nodes and preventing impersonation attacks.…”

Section: Dds-cerberus (Dds-c)mentioning

confidence: 99%

“…It provides additional security by validating nodes and preventing impersonation attacks. The first DDS-C paper presented the initial DDS-C design proposal, and the second paper was based on latency measurements with ROS 2 [10,11]. The latency collections in the second paper determined that DDS-C does not hinder message sending and retrieval.…”

Section: Dds-cerberus (Dds-c)mentioning

confidence: 99%

“…A solution is to authenticate publisher and subscriber node components before they send messages. DDS-Cerberus adds an additional authentication mechanism to DDS that improve security authentication to prevent impersonation attacks [10,11]. DDS-C secures the network by integrating DDS node authentication with Kerberos tickets.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Quantifying DDS-cerberus network control overhead

et al. 2022

Self Cite

View full text Add to dashboard Cite

Securing distributed device communication is critical because the private industry and the military depend on these resources. One area that adversaries target is the middleware, which is the medium that connects different systems. This paper evaluates a novel security layer, DDS-Cerberus (DDS-C), that protects in-transit data and improves communication efficiency on data-first distribution systems. This research contributes a distributed robotics operating system testbed and designs a multifactorial performance-based experiment to evaluate DDS-C efficiency and security by assessing total packet traffic generated in a robotics network. The performance experiment follows a 2:1 publisher to subscriber node ratio, varying the number of subscribers and publisher nodes from three to eighteen. By categorizing the network traffic from these nodes into either data message, security, or discovery+ with Quality of Service (QoS) best effort and reliable, the mean security traffic from DDS-C has minimal impact to Data Distribution Service (DDS) operations compared to other network traffic. The results reveal that applying DDS-C to a representative distributed network robotics operating system network does not impact performance.

show abstract

Section: Dds-cerberus (Dds-c)mentioning

confidence: 99%

Section: Dds-cerberus (Dds-c)mentioning

confidence: 99%

See 1 more Smart Citation

Quantifying DDS-cerberus network control overhead

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…DDS-C is a security layer that mitigates impersonation attacks [8][9][10]. It is integrated into DDS to provide participant authentication through Kerberos.…”

Section: Dds-cerberus (Dds-c)mentioning

confidence: 99%

“…DDS-C, a security layer for DDS, handles the authentication of DDS participants using Kerberos tickets [8][9][10]. This authentication mitigates impersonation attacks by verifying the identity of authenticated participants.…”

Section: Introductionmentioning

confidence: 99%

Distribution of DDS-cerberus authenticated facial recognition streams

et al. 2022

Self Cite

View full text Add to dashboard Cite

Successful missions in the field often rely upon communication technologies for tactics and coordination. One middleware used in securing these communication channels is Data Distribution Service (DDS) which employs a publish-subscribe model. However, researchers have found several security vulnerabilities in DDS implementations. DDS-Cerberus (DDS-C) is a security layer implemented into DDS to mitigate impersonation attacks using Kerberos authentication and ticketing. Even with the addition of DDS-C, the real-time message sending of DDS also needs to be upheld. This paper extends our previous work to analyze DDS-C’s impact on performance in a use case implementation. The use case covers an artificial intelligence (AI) scenario that connects edge sensors across a commercial network. Specifically, it characterizes how DDS-C performs between unmanned aerial vehicles (UAV), the cloud, and video streams for facial recognition. The experiments send a set number of video frames over the network using DDS to be processed by AI and displayed on a screen. An evaluation of network traffic using DDS-C revealed that it was not statistically significant compared to DDS for the majority of the configuration runs. The results demonstrate that DDS-C provides security benefits without significantly hindering the overall performance.

show abstract

DDS-Cerberus: Ticketing Performance Experiments and Analysis

Cited by 2 publications

References 4 publications

Quantifying DDS-cerberus network control overhead

Quantifying DDS-cerberus network control overhead

Distribution of DDS-cerberus authenticated facial recognition streams

Contact Info

Product

Resources

About