Build Safe & Secure Distributed Systems - RTI Boston Roadshow- 2014 09 30

Your systems. Working as one.
Build Safe & Secure Distributed Systems
How to Architect Scalable Systems for the Industrial Internet using Open Standards

Topics
• Introductions
• Industrial Internet of Things
• Data Distribution Service
• DDS in IIoT examples
• DDS security
• DDS safety
• RTI Connext DDS
• Q&A
2014-Sep-30 © 2014 RTI 2

Why is RTI?
To enable and realize the potential of
smart machines to serve mankind
2014-Sep-30 © 2014 RTI 3

RTI Enables the Industrial Internet
• Real-time IIoT
communication platform
• Proven across industries
• Sensor-to-cloud integration
2014-Sep-30 © 2014 RTI 4

About RTI
• Market Leader
– 1,000+ projects use Connext DDS
– Over 70% DDS middleware market share1
– Largest embedded middleware vendor2
– 2013 Gartner Cool Vendor for technology and
Open Community Source model
• Standards Leader
– Active in 15 standards efforts
– DDS authors, chair, wire spec, security, more
– IIC steering committee; OMG board
• Team Quality Leader
– Stanford research pedigree
– High-performance, control, systems experts
– Top quality product, processes, execution
© 2014 RTI
1Embedded Market Forecasters
2VDC Analyst Report
2014-Sep-30 5

IIoT Infrastructure Trusts RTI
• World’s largest Wind Power company
• World’s largest Underground Mining Equipment company
• World’s largest Navy (all surface ships)
• World’s largest Automotive company
• World’s largest Emergency Medical System company
• World’s largest Medical Imaging provider
• World’s 2nd largest Patient Monitoring manufacturer
• World’s 2nd largest Air Traffic control system
• World’s largest Broadcast Video Equipment manufacturer
• World’s largest Launch Control System
• World’s largest Telescope (under construction)
• World’s 5th-largest Oil & Gas company
• World’s 6th-largest power plant (largest in US)
• All of world’s top ten defense companies
RTI designed into
over $1 trillion
2014-Sep-30 © 2014 RTI 6

RTI Named Most Influential IIoT Company
2014-Sep-30 © 2014 RTI 7

2008
Global Support and Distribution
2014-Sep-30 © 2014 RTI 8

Industrial Internet of Things (IIoT)
2014-Sep-30 © 2014 RTI 10

Ingredients
• Connectivity
• Sharing big data
– In motion
– At rest
• Software-based intelligence
2014-Sep-30 © 2014 RTI 14

IIoT Systems Are Distributed
HMI/UI IT, Cloud & SoS
Connectivity
Sensors Actuators
Streaming
Analytics &
Control
2014-Sep-30 © 2014 RTI 16

IIoT Systems Are Distributed
2014-Sep-30 © 2014 RTI 17

Unit DataBus
Unit DataBus
Example
Intelligent
Industrial
Internet
Intelligent
Systems
Intelligent
Machines
Cloud
Enterprise LAN
Intelligent
System of
Systems
Unit LAN Segment
Think HMI
Intra-machine
Think HMI
Think HMI
Intra-machine
Sense Intra-machine
Act
Sense Act
2014-Sep-30 © 2014 RTI 18

Consumer Internet of Things
Centralized, Hub and Spoke
Information Technology Systems
Premises or Cloud
2014-Sep-30 © 2014 RTI 19

of “
ood enough” does not anpply i the i dustrial world.
Figure 1: IoT Segments by IIoT and HIoT
Experience
Psychological Wellbeing
Health and Safety
Physical Wellbeing
Self-Directed
Autonomous
Interactive
Reactive
Moore Insights report 2014
___________________________________________________________ ___________________
Page 1 10/29/2013 Connecting With the IIoT Copyright © 2013 Moor Insights & Strategy

Gateway
There are many vectors along which we can measure end-point “robustness.” Table 1
summarizes these vectors:
Table 1: Near-term end-point differences between IIoT and HIoT
Attribute Industrial IoT (IIoT) Human IoT (HIoT)
Market Opportunity Brownfield Greenfield
Product Lifecycle Until dead or obsolete Whims of style and/or budget
Solution Integration Heterogeneous APIs Vertically integrated
Security Access Identity & privacy
Human Interaction Autonomous Reactive
Availability 0.9999 to 0.99999 (49–5 ‘ ’s) 0.99 to 0.999 (2–3 ‘9’s)
Access to Internet Intermittent to independent Persistent to interrupted
Response to Failure Resilient, fail-in-place Retry, replace
Network Topology Federations of peer-to-peer Constellations of peripherals
Physical
Legacy & purpose-built Evolving broadband &
Connectivity
wireless
Example Gateways Commercial monitoring
Echelon SmartServer
Consumer home automation
Revolv Hub
Interaction Style Event Driven, Publish-Subscribe Request / Response
Market Opportunity: “Brownfield” is a term borrowed from commercial real estate; it is
used to denote a potential site for building development that had been previously
developed for industrial or commercial use. IIoT uses brownfield to describe the
opportunity to connect more than a century of in-service mechanical and electrical
http://www.moorinsightsstrategy.com/wp-content/uploads/2013/10/Connecting-with-the-Industrial-Internet-of-Things-IIoT-by-Moor-Insights-Strategy.pdf
Moore Insights report 2014

Information Technology Systems
Intelligent Systems
Streaming analytics and control (Big Data in motion) Big Data (at rest) analytics, ERP, CRM
Physics speed, deterministic, microseconds+ Human speed, seconds+
Decentralized, distributed, disperse Centralized, data center and cloud
Dynamic, autonomous, plug and play Relatively static, administered
Can not go down, often even for upgrades Scheduled maintenance, failover OK
Diverse networks, sometimes disadvantaged Fast, reliable networks
2014-Sep-30 © 2014 RTI 22

Data Distribution Service
Designed for the Industrial Internet of Things

For loose coupling, provides:
• Discovery
• Routing
• High-availability
• QoS enforcement
• Well-define interfaces
• Standard interoperability
Protocol
2014-Sep-30 © 2014 RTI 24

DDS Standard
• Interoperability and
portability
– Data model specification
and discovery
– Network protocol
– Programming interface
• Managed by Object
Management Group (OMG)
Cross-vendor source portability
Standard API
Data
Model
DDS Implementation
Standard Protocol
Cross-vendor interoperability
2014-Sep-30 © 2014 RTI 25

Peer-to-Peer Communication
DDS-RTPS Wire Interoperability Protocol
• Completely decentralized
• No intermediate servers,
message brokers or ESB
• Low latency
• High scalability
• No single point of failure
App or
Component
DDS Library
App or
Component
DDS Library
DDS
API
2014-Sep-30 © 2014 RTI 26

Easy Integration of Existing Components
Unmodified
App
Adapter
DDS Routing
Service
Unmodified
App
Adapter
DDS Routing
Service
App or
Component
DDS Library
App or
Component
DDS Library
DDS or other protocol
DDS
API
New and Updated Applications Existing, Unmodified Applications
2014-Sep-30 © 2014 RTI 27

Seamless Enterprise-Wide Connectivity
Connect Everything, Everywhere
Seamless data sharing regardless of:
• Proximity
• Platform
• Language
• Physical network
• Transport protocol
• Network topology
2014-Sep-30 © 2014 RTI 28

Example: RTI Connext Availability
• Programming languages and
environments
– C, C++, C#/.NET, Java, Ada
– Lua, Python
– LabVIEW, MATLAB, Simulink, UML
– REST/HTTP
• Operating systems
– Windows, Linux, Unix, Mac OS
– Mobile
– Embedded, real time
– Safety critical, partitioned
• Processor families
– x86, ARM, PowerPC…
– 32- and 64-bit
• Transport types
– Shared memory
– LAN (incl. multicast)
– WAN / Internet
– Wireless
– Low bandwidth
2014-Sep-30 © 2014 RTI 29

Foundation: Publish/Subscribe
Commands
Control
App
Sensor Data
Sensor
Sensor Data
Display
App
Sensor Actuator
2014-Sep-30 © 2014 RTI 30

Why Distribution Middleware?
1.0 Common Services
1.0 Common Services
RDR IFF ESM SAFE
RDR IFF ESM SAFE
DIA NAV MCP IPCC
DIA NAV MCP IPCC
DWC
 Grouping the modules into functional clusters does nothing to change that reality
and ease software integration
UNCLASSIFIED
 Hawkeye has functionally
oriented software modules
 Each module talks to many
other modules
RIP TRK MSI
WAC TDA
L4 L11 L16 SEN DSC
HMI ACIS
MUX
FIL TDM
 Adding new
functionality
cascades integration
re-work across many
other modules
CEC
8.0 Training
5.0 Communications
2.0 Sensors
3.0 Fusion
4.0 BMC2
7.0 Visualization
6.0 Sensor Control
RIP CEC TRK MSI
WAC TDA RAIDER
CHAT
SEN DSC
Distributed Data Framework
L4 L11 L16 IPv6
HMI ACIS T4O
MUX
FIL TDM aADNS TIS
 Changing the communication between the modules can ease integration, when the
new ‘Publish Subscribe’ approach is used – each module publishes its output w/o
regard to who is receiving it, in contrast to the point-to-point approach of traditional
inter-process communication
It’s about an architecture that can assimilate evolving functionality,
rather than remaining set in time

Data-Centric
Publish
Line
Fligh
t
Dest Arv
UA 567 SFO 7:32
AA 432 LAX 9:15 Squawk
As with a database:
• Publishers and subscribers are completely decoupled
– Require no knowledge of each other
– Adding clients does not affect existing applications
• DDS middleware maintains shared state for system robustness
– Applications maintain consistent view
– Late joining applications get current snapshot
– Not necessary to persist or reliably deliver all messages
Subscribe
Virtual Global Data Space
Squawk
Lon
g
Lat Alt
1234 37.4 -122.0 500.0
7654 40.7 -74.0 250.0
Lin
e
Fligh
t
1234 UA 567
7654 AA 432
2014-Sep-30 © 2014 RTI 33

Completely Decentralized
Component
DDS
Component
DDS
Component
DDS
Optional
Persistence
Unlike a database:
• Applications communicate peer-to-peer
• No central database, server or message broker
• Multicast for efficient broad data distribution
• Event driven
• Data cached locally for instant access
2014-Sep-30 © 2014 RTI 34

Reduced Application Development
Message Centric Data Centric (DDS)
Application
Application Logic
Message Parsing
and Filtering
Message Caching
Addressing,
Marshaling
Message Centric
Middleware
Send/Receive
Packets
Application
Application Logic
Data Centric
Middleware (RTI)
Message Parsing
and Filtering
Message Caching &
State Management
Discovery, Presence
Marshaling, 32/64
Send/Receive
Packets
Savings
2014-Sep-30 © 2014 RTI 35

US Army Asset Tracking System
Next-Gen Capability:
• 50K lines of code—order
of magnitude less
• 1 yr to develop—8x less
• 1 laptop—20x less
• Achieved: 250K+ tracked
updates/sec, no single
point of failure
Legacy Capability:
• 500K lines of code
• 8 yrs to develop
• 21 servers
• Achieved: 20K tracked
updates/sec, reliability
and uptime challenges
“This would not have been possible with any other known technology.”
—Network Ops Center Technical Lead
2014-Sep-30 © 2014 RTI 36

DDS Quality of Service
Line
Fligh
t
UA 567 SFO 7:32
Squawk
Dest Arv
Lon
g
Lat Alt
1234 37.4 -122.0 500.0
7654 40.7 -74.0 250.0
• Each component specifies its QoS capabilities and
requirements
– Data volatility: Durability, History, Lifespan
– Data delivery: Reliability, Time based filter, Content filter,
Deadline
– High availability: Liveliness, Ownership, Ownership Strength
• DDS implements and enforces contracts
Lin
e
Fligh
t
1234 UA 567
7654 AA 432
Reliable,
100 Hz
Reliable, 2 Hz,
Western U.S.
Reliable
Best Effort,
1 Hz, SAN area
Best Effort, 0.2 Hz,
UA flights
2014-Sep-30 © 2014 RTI 37

DDS QoS Benefits
Line
UA 567 SFO 7:32
• Reduces complexity and
Fligh
t
Dest Arv
associated lifecycle costs
– Decoupling: publishers don’t need
to know subscribers’ requirements
– Disparate subscribers almost
always have different requirements
– Moves logic from applications to
DDS middleware
• Efficiently scales with data volumes
– Only required data is distributed, delivered
– Reduces network and processor overhead
• Fault tolerance
– Redundancy management
– Components notified if QoS not satisfied or
connectivity lost
– Can take remedial action
Squawk
Lon
g
Lat Alt
1234 37.4 -122.0 500.0
7654 40.7 -74.0 250.0
Lin
e
Fligh
t
1234 UA 567
7654 AA 432
Reliable,
100 Hz
Reliable, 2 Hz,
Western U.S.
Reliable
Best Effort,
1 Hz, SAN area
Best Effort, 0.2 Hz,
UA flights
2014-Sep-30 © 2014 RTI 38

Support for Mission-Critical Systems
• Autonomous operation
– Automatic discovery
– No sys admin or centralized
infrastructure
• Non-stop: no single point of failure
• QoS control and visibility into
real-time behavior, system health
• Embeddable
• RTI Connext is TRL 9
2014-Sep-30 © 2014 RTI 39

2014
RPC
over DDS
2014
DDS
Securit
y
DDS: Family of Specifications
2013
Web-Enabled
DDS
DDS
2008
2009
Implementation
Network / TCP / UDP / IP
App
DDS
Implementation
App
DDS
Implementation
2010 2012
DDS Spec
2004
DDS
2006
Interoperablity
UML Profile
for DDS
DDS for
Lw CCM
DDS
X-Types
DDS-STD-C++
DDS-JAVA5
App
2014-Sep-30 © 2014 RTI 40

RTI Role
RTI Role Product Status
Core DDS API DCPS author 1st implementation
DDS-RTPS Protocol Sole author 1st implementation
Based on IEC
61148, which was
authored by RTI
and Schneider
Automation
DDS-XTypes Primary author 1st implementation
Based on prior RTI
innovation
DDS C++ PSM
RFP author;
specification co-author
EAR available now
DDS Java PSM Sole author
Under
development
DDS Security Primary author EAR available now
Web-enabled DDS Primary author EAR available now
2014-Sep-30 © 2014 RTI 41

RTI Role
RTI Role Product Status
UML Profile for DDS
Co-submitter
1st
implementation
(3rd-parties)
Standard being refined
DDS for lwCCM
Co-submitter
1st
implementation
(3rd-party)
RPC over DDS
Primary
author
Submission based
on current
capability
Standard still under
development
Instrumentation RFP author Prototype now
2014-Sep-30 © 2014 RTI 42

Broad Adoption and Support
• RTI Connext alone used by 1,000+ projects
• ~14 implementations
• 9 vendors have demonstrated interoperability
2014-Sep-30 © 2014 RTI 43

Interoperability Demonstration
OCI ETRI PrismTech IBM RTI Twin Oaks
2014-Sep-30 © 2014 RTI 44

DDS Compared to
Alternative Approaches

Traditional IT and Consumer
• Centralized ESB or Message
Broker
• E.g.: MQTT, XMPP, AMQP,
CoAP, Web Services
• Limited scalability and performance
– Capacity of individual links and switch ports
– CPU and resource limits on servers
• Poor robustness
– Tied to server maintenance and failures
– Single point of vulnerability
• Lessens capabilities and utility
– Single centralized “brain”
– No autonomy. Lack of intelligence at the edge.
2014-Sep-30 © 2014 RTI 46

DDS:
Distributed Analytics & Control at the Edge
IT
• Analyze orders of magnitude more data
• Lower latency control for faster response
• Highly resilient, no single point of failure
• Fine-grained access control and security
• Vastly more capable: Intelligence at the edge
Same
Internet,
but new
WEB
2014-Sep-30 © 2014 RTI 47

Comparison
DD
S
DBM
S
REST
CoAP
MQTT AMQ
P
XMP
P
Standard wire protocol ✔ ✔ ✔ ✔ ✔
Publish/Subscribe (event-driven) ✔ ✔ ✔ ✔
Explicit, discoverable interfaces ✔ ✔
Type safe (std/disc data encoding) ✔ ✔ ✔ I/S XML
Standard API ✔ ✔ (JMS)
Managed state (single src of truth) ✔ ✔ last
Data-level Quality of Service ✔
Content filtering (routing) ✔ ✔ I/S
Time-based filtering ✔ I/L
Decentralized (no failure pt, bottleneck) ✔ Fed
Autonomous (no admin) ✔
N/A=Not Applicable, M/O=Metadata Only, I/S=Implementation Specific, I/L=within Integration Logic
2014-Sep-30 © 2014 RTI 48

BK Medical: Ultrasound
© 2014 RTI
”BK Medical is truly redefining Medical
Ultrasound Imaging where the
traditional single user / single system
approach is being replaced with fully
scalable and distributed multi-user
systems
…we selected the RTI Connext DDS
middleware as this gives us all the
flexibility and the abstraction layer
needed for the future of Analogic
Ultrasound”
-- Jesper Lomborg Manigoff, VP of
Engineering, Analogic Global Ultrasound
2014-Sep-30 50

GE Healthcare
Revolution®
"GE Healthcare chose the DDS standard
because it can handle many classes of
intelligent machines.
RTI Connext DDS satisfies the
demanding requirements of our
devices, and RTI has the depth and
experience necessary to partner with
us in order to meet our stringent
standards.
Additionally, RTI's Connext DDS allows
us to standardize on a single
communications platform across
product lines."
-- J Gustavo Perez, General Manager for
MI&CT Engineering
2014-Sep-30 © 2014 RTI 52

Modernize Surgical Networks
• Connect Operating
Room Dataflows
– Waveforms
– Data recording
– Multi-channel
video
• To many recipients
– Surgeon
– Operating theater
– Students &
observers
– Offsite
© 2014 RTI
2014-Sep-30 53

DLR: Robotic Surgery
• The Minimally
Invasive Robotic
Surgery (MIRS) system
at DLR coordinates
three robots to
perform delicate
heart surgery.
• The system closes a
distributed loop
between the robots
and the remote
surgeon’s control at
3kHz.
• RTI enables new
medical techniques
© 2014 RTI
2014-Sep-30 54

Mevion: Radiotherapy
• Mevion’s Proton-
Beam Radiation
Therapy system zaps
tumors with
accelerated protons
• The treatment must
be continuous for 30-
40 days; downtime
endangers treatment
success
• With RTI Connext
DDS, Mevion’s PBRT
delivers dependable
treatment at low cost
© 2014 RTI
First patient treated Dec 2013,
Siteman Cancer Center, St. Louis
2014-Sep-30 55

Exelis: C2 Communication
• Exelis (ITT) C4i provides command and control systems
for military and civilian agencies (fire/police/emergency
response)
• RTI Connext DDS connects GUIs to servers that route
voice and video
• RTI met the critical needs: scalability, routing, recording
2014-Sep-30 © 2014 RTI 56

NASA: Robotics Control from ISS
• NASA’s Human-Robotic
Systems prototypes
robots for
extraterrestrial surfaces
• NASA uses DDS for low-bandwidth,
high-delay,
lossy space-earth
communications from
the ISS
• RTI middleware
communicates over
disadvantaged links
© 2014 RTI
2014-Sep-30 57

Harmonic: Video Switching
• Harmonic
transmission and
video switching
equipment delivers
worldwide video-on-demand
• RTI handles 1,000s of
clients, 1,000,000s of
messages
• DDS enables high-performance
scalability and future
extensibility
2014-Sep-30 © 2014 RTI 58

Enterprise Cloud Integration
Analytics
Connext TCP (WAN)
Client
Client
Client
Client
Monitor
Logging
• 1000s of clients
• Secure TLS Transport over
public WAN
• Authentication, Access Control,
& Sticky Sessions
• High-speed processing
Redundant, Load-
Balanced
Reliable Multicast
Gateway
Processor
Gateway
Processor
Gateway
Processor
Gateway
Processor
Data Center Cloud
Load
Balancer
(F5)
Connext Input Bus
QIQuneu-mueeueemory
workflow
Connext Processing Bus
2014-Sep-30 © 2014 RTI 59

VW: Driver Assistance and Safety
• The VW Driver Assistance
and Integrated Safety
system combines radars,
laser range finders, and
video to assist safe
operation
• It helps avoid obstacles,
detect lane departures,
track eye activity, and safely
negotiate bends
• The V-Charge program
demoed an auto-charging
and parking vehicle in 2014
• RTI enables advanced
reactive systems in
transportation
http://www.youtube.com/watch?v=7xQfKTAtyNU
2014-Sep-30 © 2014 RTI 60

Bus Integration: VW Cargate ECU
• Connect fast Ethernet bus to slower CANbus
• Automated data translation
• Simple pub sub between busses
2014-Sep-30 © 2014 RTI 61

Wi-Tronix: Asset Tracking
• Wi-Tronix systems
wirelessly monitor high-value
mobile assets such
as locomotives,
industrial equipment
and marine vessels
• RTI addressed critical
issues such as optimized
flow and discovery
process over a wireless
network
• RTI middleware works
effectively over lossy
wireless networks
© 2014 RTI
2014-Sep-30 62

NAV CANADA: Air Traffic Control
RTI Connext DDS was selected for
its extensive compliance with the
Object Management Group
(OMG) DDS standard; its high
security rating; its wide support of
tools and programming
languages, and its reputation for
performance, scalability, and 24/7
reliability
– Sid Koslow, Chief Technology
Officer, NAV CANADA. Air Traffic Control for Canada
2nd largest ANSP in the world
7 major centers
2014-Sep-30 © 2014 RTI 63

Air Traffic Control
Inter-Segment Bus
Oceanic
control*
CAATS Air Control Center Bus
Center Control
Radar
RRaaddaarr Data
processors
Controller
Displays
Data
planning
Data link
to pilot
Recording
Flight data
processing
Tower
systems
FAA/HOST
connect
Weather
Service
2014-Sep-30 © 2014 RTI 64

Joy Mining: Mining Equipment
• Joy Mining is the
world’s largest mining
equipment
manufacturer
• RTI Connext DDS
connects the
controller, operator
GUI, and historian
• Reliable, fast
connectivity enables
control, debugging,
and system health
monitoring for
continuous mining
© 2014 RTI
2014-Sep-30 65

Schneider: PLCs
• Schneider is a global
factory automation
manufacturer
• RTI Connext DDS eases
PLC integration, provides
up-to-the-minute data
• Connext Micro works with
limited memory and
processing power on PLCs
• RTI middleware connects
factory PLCs and IT
systems
2014-Sep-30 © 2014 RTI 66

NASA: Launch Control System
• NASA KSC’s new
Constellation launch
control SCADA system
• RTI delivered 300k points,
at 400k msgs/sec with 5x
the required throughput,
at 1/5 the needed latency
• NASA mitigated risk by
parallel-tracking multiple
DDS vendors
• RTI connects thousands of
sensors and actuators
2014-Sep-30 © 2014 RTI 67

Large-Scale SCADA Processing
Recording Services
• Sensor data captured to both
Recording Services (for forensic use)
and Persistence Service (for durability)
• Multicast batching from 1000s of
sensors with many small samples;
keeps interrupt load down
• Sensor data viewable in real-time
(after time-based filtering) on the
HMIs
• RS-RS bridge used for encrypted data
in motion, between the event
platform and control
Event Domain
Event Domain
Event Domain
Event Domain
DTLS Encrypted Bridge
Routing Service
HMI
HMI
Real-Time Monitoring Domain
Recording Services
(across multiple nodes)
HMI
Event Domain (unencrypted)
Sensor(s)
Persistence
Service
Persistence Service
2014-Sep-30 © 2014 RTI 68

General Atomics Predator/Reaper
General Atomics sees the
importance of standard
architecture and its
enabling advanced
middleware
The DO-178 version of the
RTI Connext DDS
middleware is a key part of
our Airworthy MQ-9 UAS
development program
--Jeff Hettick, Senior
Engineering Director at
General Atomics
2014-Sep-30 © 2014 RTI 69

Open Architecture for
Supply Chain Management

Traditional Approach
2014-Sep-30 © 2014 RTI 71

• Hard coded
connections
• Up to O(n2)
• Complex
• Hard to maintain,
evolve, re-use
E.g., sockets, RPC
2014-Sep-30 © 2014 RTI 74

Result
Time & cost of
integration,
maintenance
and upgrades
System Scale and Age
O(n2)
2014-Sep-30 © 2014 RTI 75

Solution: Modularity
2014-Sep-30 © 2014 RTI 76

Key: Interoperability
Well-defined:
• Interfaces
• Semantics
2014-Sep-30 © 2014 RTI 77

Audi: Modular HIL Bus
2014-Sep-30 © 2014 RTI 84

Medical Device Interoperability
• 100,000 to 200,000 annual
preventable deaths in US hospitals
– Hospital error is 6th leading cause of
preventable death
• $30b in wasted cost
• Lack of clinical decision support
– No “smart alarms”
• Correlation/fusion of data from
multiple devices
– Alarm fatigue
• OR: 70% of anesthesiologists
disable clinical alarms
• ICU: 86% false alarms
– Unsynchronized clocks
• Manually device configuration is
error prone (e.g., ORICU)
2014-Sep-30 © 2014 RTI 92

Integrated Clinical Environment (ICE)
Standard (ASTM F2761)
• Developed by Medical Device
"Plug-and-Play" Interoperability
Program (MPnP)
• Specifies interoperability for
medical devices
• Encompasses all ICU &
operating room devices
– From blood pressure cuffs to
intravenous pumps to
ventilators
– Complete logging
– Automatic error detection
– Better care
• OpenICE reference
implementation built on
RTI Connext DDS
2014-Sep-30 © 2014 RTI 93

Q4 2013 Reported Cyber Incidents to
U.S. Critical Infrastructure
http://ics-cert.us-cert.gov/monitors/ICS-MM201312
2014-Sep-30 © 2014 RTI 96

Threats
2014-Sep-30 © 2014 RTI 97

Threats
Alice: Allowed to publish topic T
Bob: Allowed to subscribe to topic T
Eve: Non-authorized eavesdropper
Trudy: Intruder
Trent: Trusted infrastructure service
Mallory: Malicious insider
1. Unauthorized subscription
2. Unauthorized publication
3. Tampering and replay
4. Unauthorized access to data by
infrastructure services
2014-Sep-30 © 2014 RTI 98

Security Terms: a Safe-Deposit Box
• Authentication: The bank knows who you
are. You must show ID.
• Access Control: The bank only lets those
on an access list into your box.
• Confidentiality: You are alone in the room.
Nobody can see the contents of the box.
• Integrity: The box is sealed. If anybody touches it
you will know.
• Non repudiation: You sign when you come in and
out so you can’t claim that you weren’t there.
• Availability: The bank is always open.
2014-Sep-30 © 2014 RTI 99

Security Boundaries
System Boundary
Transport
Data
2014-Sep-30 © 2014 RTI 100

System Boundary
System 1
Cross-
Domain
Guard
• Diode
• Filter
• Downgrade
System 2
• Across security domains
• Independent of how data is secured within a
system
2014-Sep-30 © 2014 RTI 101

Transport Layer
Existing
App
Adapter
DDS Routing
Service
TCP/IP Capable Network
Existing
App
Adapter
DDS Routing
Service
Native
DDS App
DDS Library
Native
DDS APP
DDS Library
Secure
Transport
Secure
Transport
Secure
Transport
Secure
Transport
Typically SSL,
TLS or DTLS
2014-Sep-30 © 2014 RTI 102

Secure Data Transfer
1. Authenticate
– Verify identity
2. Securely exchange cryptographic keys
3. Use keys to:
– Encrypt data
– Add a message authentication code
App 1 App 2
2014-Sep-30 © 2014 RTI 103

Secure Channel for Cross-Network Bridging
System 1
LAN
Routing
Service
System 2
LAN
Routing
Service
TLS
WAN/
Internet
Can be used
with or without
a firewall
2014-Sep-30 © 2014 RTI 104

Connecting Clients Across a WAN
Remote
App
Routing
Service
Remote
App
Remote
App
TLS
• Remote access to cloud or data center
– Clients communicate with participants in data center
or cloud LAN, not with each other
– Clients behind firewalls
– Only one public address required
• Example: Exposing a service to end-user clients
2014-Sep-30 © 2014 RTI 105

Limitations of Transport Security:
No Inherent Access Control
• You’re authenticated or you’re not
• Less an issue for centralized systems
– E.g.: non-real-time IT and consumer IoT systems
– Broker centrally manages access control
App App App
Device
Message
Broker
Device Device
• Poor performance
and scalability
• Single point of
failure/failover
2014-Sep-30 © 2014 RTI 106

Limitations of Transport Security:
Overall Poor Performance and Scalability
• No multicast support (even with DTLS over UDP)
– Broad data distribution is very inefficient
• Usually runs over TCP: poor latency and jitter
• Requires a network robust enough to support IP
and TCP
• All data treated as reliable
– Even fast changing data that could be “best effort”
• Always encrypts all data, metadata and protocol
headers
– Even if some data does not have to be private
• Security is at a very gross level
2014-Sep-30 © 2014 RTI 107

Introducing DDS Security
First security standard to address performance,
safety and security requirements of
mission-critical and real-time systems
HMI/UI IT, Cloud & SoS
Secure DDS
Streaming
Analytics &
Control
Connectivity
Sensors Actuators
2014-Sep-30 © 2014 RTI 108

DDS Security
• Security extensions to DDS standard
• Requires trivial or no change to
existing DDS apps and adapters
• Runs over any transport
– Including low bandwidth, unreliable
– Does not require TCP or IP
– Multicast for scalability, low latency
• Plugin architecture
– Built-in defaults
– Customizable via standard API
• Completely decentralized
– High performance and scalability
– No single point of failure
Secure DDS
library
Authentication
Access Control
Encryption
Data Tagging
Logging
Application
Any Transport
(e.g., TCP, UDP, multicast,
shared memory, )
2014-Sep-30 © 2014 RTI 109

Service
Plugin
Purpose Interactions
Authentication Authenticate the principal that is
joining a DDS Domain.
Handshake and establish
shared secret between
participants
The principal may be an
application/process or the user
associated with that
application or process.
Participants may messages to
do mutual authentication and
establish shared secret
Access Control Decide whether a principal is
allowed to perform a protected
operation.
Protected operations include
joining a specific DDS domain,
creating a Topic, reading a
Topic, writing a Topic, etc.
Cryptography Perform the encryption and
decryption operations. Create &
Exchange Keys. Compute digests,
compute and verify Message
Authentication Codes. Sign and
verify signatures of messages.
Invoked by DDS middleware
to encrypt data, compute and
verify MAC, compute & verify
Digital Signatures
Logging Log all security relevant events Invoked by middleware to log
Data Tagging Add a data tag for each data

Standard Capabilities
Authenticatio
n
 X.509 Public Key Infrastructure (PKI) with a pre-configured
shared Certificate Authority (CA)
 Digital Signature Algorithm (DSA) with Diffie-Hellman and
RSA for authentication and key exchange
Access Control  Specified via permissions file signed by shared CA
 Control over ability to join systems, read or write data topics
Cryptography  Protected key distribution
 AES128 and AES256 for encryption
 HMAC-SHA1 and HMAC-SHA256 for message authentication
and integrity
Data Tagging  Tags specify security metadata, such as classification level
 Can be used to determine access privileges (via plugin)
Logging  Log security events to a file or distribute securely over
Connext DDS
2014-Sep-30 © 2014 RTI 112

Security Flow
Domain
Participant
Create Fails
Authenticate
Authenticate
DP?
Yes DP?
No
Ignore
Remote DP
Authenticate
Remote DP?
No
Yes
No
Yes
Access OK?
Ignore
remote
endpoint
Message
security
Endpoint
Create Fails
Yes
Access OK?
No
Create
Domain
Participant
Create
Endpoints
Discover
remote DP
Discover
remote
Endpoints
Send/Receiv
e data
2014-Sep-30 © 2014 RTI 113

Protections
Protected
Objects
Domain (by domain_id)
Topic (by Topic name)
DataObjects (by Instance/Key)
Protected
Operations
Domain.join
Topic.create
Topic.read (includes QoS)
Topic.write (includes QoS)
Data.createInstance
Data.writeInstance
Data.deleteInstance
2014-Sep-30 © 2014 RTI 114

Control over Encryption
• Scope
– Discovery data
– Metadata
– Data
• For each:
– Encrypt
– Sign
• Optimizes performance by only encrypting
data that must be private
2014-Sep-30 © 2014 RTI 115

DDS Security Status
• Specification adopted March 2014
– Considered “Beta” for 1 year
– RTI chairing Finalization Task Force
• Specification provides a framework for securing
DDS systems
– Built-in plugins provide a common approach for
applications without specialized requirements
– Custom plugins can be developed to match more
specialized deployments and integrate with existing
infrastructure and hardware
• Early Access Release available now from RTI
2014-Sep-30 © 2014 RTI 118

Specification Reviewers Include:
• GE
• Intel
• Siemens
• Technicolor
• NSWC
• General Dynamics
• THALES
• SAAB
• Cassidian
• QinetiQ & UK MOD
• Lockheed
• Raytheon
• None found any show stoppers
• Several contacted OMG to urge adoption
2014-Sep-30 © 2014 RTI 119

Data Security Requirements
Data Item Authentica-tion
Access
Control
Integrity Non-repudiation
Confidentialit
y
Control traffic X X X X X
Data
X X
Telemetry
traffic
Physical
Security Data
X X X
Engineering
maintenance
X
Source: www.sxc.hu
2014-Sep-30 © 2014 RTI 121

Test Environment
• Real World Environment
– Transmission switching
substation
– Real substation equipment
• PNNL powerNET Testbed
– Remote connectivity
– Local control room
demonstration environment
– Dynamically reconfigurable
2014-Sep-30 © 2014 RTI 122

RTI and PNNL Grid Security Retrofit
Control Station
DNP3
Master
Device
Transmission Substation
DNP3
Slave
Device
RTI Routing
Service
Gateway
RTI Routing
Service
ComProcessor
DNP3
Slave
Device
DNP3 over
Ethernet DNP3 over DDS
DNP3 over
RS232/485
RTI Routing
Service
Gateway
DDS
LAN
DDS
LAN
RTI Routing
Service
ComProcessor
IP
Router
IP
Router
DDS over WAN
Attack Detector
Scada
Converter
Anomaly
Detector
Secure DDS
over UDP
Display
Effective DNP3
connection
Details at http://blogs.rti.com
2014-Sep-30 © 2014 RTI 124

Support for Safety Critical
Systems

DDS Inherently Well-Suited to Safety Critical
Systems
• Non-stop availability
– No single point of failure
– …including run-time services
– Support for redundant networks
– Automatic failover between redundant publishers
– Dynamic upgrades
• Visibility into missed deadlines and presence
• Proven in hundreds of mission critical systems
• Used in US DoD TRL 9 systems
2014-Sep-30 © 2014 RTI 126

High-Assurance Security: DO-178C
• Guideline
• Used by FAA as basis
for certification
– Aircraft are “certified”
– Software code
developed under
DO-178 provides “certification evidence”
• Increasingly adopted for military aircraft
• Likely required for UAS integration into NAS
2014-Sep-30 © 2014 RTI 127

DO-178 Safety Levels
Level Failure Condition
Typical % of
avionics code
A
Catastrophic
(may be total loss of aircraft)
15%
B
Hazardous/Severe
(serious injuries)
35%
C
Major
(minor injuries)
30%
D
Minor
(inconvenience)
15%
E No effect 5%
2014-Sep-30 © 2014 RTI 128

Certification Costs
• Generation of DO-178C
evidence typically costs
$50-$100 per ELOC
• Process objectives must
be met
• All must be documented
• Code must be clean
– Testable
– No dead code
– Deterministic
Level Process
Objectives
Code Coverage
A 71
Level B and 100%
of MCDC
B 69
Level C plus 100%
of DC
C 62
Level D plus 100%
of SC
D 26
100% of
Requirements
E 0 None
2014-Sep-30 © 2014 RTI 129

DO-178C Software Life Cycle Data
  
©
System
Requirements
High-Level
Requirements
Low-Level
Requirements
Source
Code
Executable
Object Code
Software
Architecture
© 2014 RTI 130

Test Strategy
  
Requirements-Based Test Selection
©

Requirements-Based Test Coverage Analysis

Structural Coverage Analysis
© 2014 RTI 131

Tenets Of Safety-Critical Software
• Reduce code size
• Consider testability in design
• Design code to be deterministic
2014-Sep-30 © 2014 RTI 132

Connext DDS Cert
• Small footprint, certifiable DDS
– ~25K ELOC
– No dynamic memory allocation
– Static endpoint discovery only
• Follows OMG DDS specification
– C and C++ APIs
– Subset of minimum profile
• Application portability and interoperability with full DDS
– Including Routing Service
• Compatible with RTI’s FACE interface
• DO-178C Level A certification available 1H 2015
2014-Sep-30 © 2014 RTI 133

DO-178C Level A Certification Evidence
• Plan for Software Aspects of
Certification (PSAC)
• Software Development Plan (SDP)
– Requirements standards
– Design standards
– Code standards
• Software Verification Plan (SVP)
• Software Configuration
Management Plan (SCM)
• Software Quality Assurance Plan
• Software Requirements Data
• Design Description
• Traceability
• SQA Records
• SCM Records
• Software Configuration Index
• Software Verification Cases and
Procedures
• Software Verification Results
• Software Accomplishment
Summary
Certification evidence can be re-used across programs
2014-Sep-30 © 2014 RTI 134

Savings from DDS Certification Evidence
30,000 ELOC 20,000 ELOC 10,000 ELOC
Level A $3,000,000 $2,000,000 $1,000,000
Level B $2,550,000 $1,700,000 $850,000
Level C $1,800,000 $1,200,000 $600,000
• DDS certification evidence available at fraction
of cost
• Availability at start of project also reduces risk
2014-Sep-30 © 2014 RTI 135

Summary
• Certifiable DDS designed for safety-critical
applications now available
– Connext DDS Cert
– Standards compliant
– Small footprint
• Code is certifiable to DO-178 Level A
– Minimal lines of code
– Deterministic
• Certification evidence is reusable
2014-Sep-30 © 2014 RTI 136

Application Code
Data Types
Dynamically
defined (API)
Custom Pre-defined
C, C++, C#, Java, Ada, Lua, LabVIEW, Simulink, Python
Data-Centric Publish/Subscribe
Automatic
Discovery
History
Cache
Monitoring
Local & remote APIs
Quality of Svc
API & file-based
Operating System and Network Stack
Windows, Linux, Unix, embedded, mobile, RTOS
Interface
Compiler
Interface Definitions
• IDL
• XML
Shared
Memory
UDPv4 & v6
ucast & mcast
TLS & DTLS
(SSL)
WAN
TCP
Custom
Pluggable Transport Interface
Generated
DDS APIs – event-driven, polled & SQL query
Reliability • DDS-RTPS Wire Protocol
<XML>
Plugins
Fully dynamic
Static endpoint
Server Based
Low
Bandwidth
<XML>
UML
MATLAB
Request/reply, Guaranteed Messaging, JMS
Security
Plugins
Authentication
Encryption
Access Control
Tagging
Logging
Custom
2014-Sep-30 © 2014 RTI 139

Connext DDS Product Family
Secure Professional Micro Cert
Full DDS
Libraries
Routing
Service
Database
Integration
DDS
Subset
DDS Subset
DO-178C Certifiable
Admin Console
Monitoring
Microsoft Excel
Recording
Replay
Wireshark
Persistence
Logging
Prototyper
General Purpose
& Real-Time Apps
Remote
Apps
Existing Apps and Devices
Adapter
Small Footprint
Apps
High Assurance
Apps
JMS API
Security
Plugins
2014-Sep-30 © 2014 RTI 140

Next Steps – Learn More
• Contact RTI
– Demo, Q&A
• Download software
– www.rti.com/downloads
– Free trial with comprehensive tutorial
– RTI Shapes Demo
• Watch videos & webinars, read
whitepapers
– www.rti.com/resources
– www.youtube.com/realtimeinnovatio
ns
2014-Sep-30 © 2014 RTI 142

dds.omg.org
www.rti.com
community.rti.com
demo.rti.com
www.youtube.com/realtimeinnovations
blogs.rti.com
www.twitter.com/RealTimeInnov
www.facebook.com/RTIsoftware
www.omg.org
www.slideshare.net/GerardoPardo
www.slideshare.net/RealTimeInnovations
2014-Sep-30 © 2014 RTI 143

Summary
• Adoption of OA is essential
– Affordability
– Competitiveness
• DDS is well-suited for OA
– Loose coupling
– Meets real-time, mission-critical requirements
– Leading-edge security and safety
– Proven foundation
– Eases existing system migration/modernization
• RTI Connext provides a robust DDS solution
2014-Sep-30 © 2014 RTI 144

Build Safe & Secure Distributed Systems - RTI Boston Roadshow- 2014 09 30

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (7)

Similar to Build Safe & Secure Distributed Systems - RTI Boston Roadshow- 2014 09 30

Similar to Build Safe & Secure Distributed Systems - RTI Boston Roadshow- 2014 09 30 (20)

More from Real-Time Innovations (RTI)

More from Real-Time Innovations (RTI) (20)

Recently uploaded

Recently uploaded (20)

Build Safe & Secure Distributed Systems - RTI Boston Roadshow- 2014 09 30