Open standard data security

The Industrial Internet of Things (IIoT) offers lessons for securing autonomous air vehicle avionics systems.

The EmbraerX project aims to develop a fully electric, progressively autonomous ride-sharing air vehicle. The Industrial Internet of Things (IIoT) offers lessons for securing autonomous air vehicle avionics systems.
Photo credit: EmbraerX

With fully autonomous air vehicles, the aerospace industry is moving into its fourth wave – from disconnected embedded devices, to federated systems, to integrated modular avionics (IMA) to widely-distributed aerospace systems-of-systems. For these systems to achieve higher levels of autonomy, real-time performance, reliability, resiliency, safety, security, scalability, and ease of integration must improve. Only systems based on open standards and possessing the highest levels of quality assurance with proven credentials will succeed and survive in the autonomous aircraft marketplace. As another challenge, these systems must be maintainable, with a focus on total cost of operations (TCO).

Standards drive innovation

Next-generation autonomous systems cannot be built and deployed using historical system design – purpose-built, highly proprietary, and single supply chain platforms cannot support the high levels of innovation occurring in autonomy and intelligence creation. To rapidly assemble and deploy competitive air systems, they must be built on open standards and be able to adapt and absorb best-in-class technologies.

Proven open standards, such as ARINC 653, POSIX, Kronos OpenGL, Object Management Group’s (OMG) Data Distribution Service (DDS), and the Open Group Future Airborne Capability Standard (FACE), supply designers with a rich ecosystem of commercial and research solutions and enable developers to rapidly design, build, configure, and test their platforms. In addition, many of these standards support safety and security solutions with commercial-off-the-shelf (COTS) certification evidence.

Secure data value

As this fourth wave evolves, the focus shifts from hardware-defined systems, driven by manufacturing, to software-defined systems driven by innovation. Data and derived intelligence create value in next-generation Industrial Internet of Things (IIoT) systems, therefore must be secured. We no longer can trust that a hardware platform or network pipe is secured. It is prudent today to assume that these entities are compromised by a variety of malicious actors, and additional methods must be employed to secure information flowing in and out of computer and delivery platforms. This security must be open and widely available to all data driving the systems.

The challenge is connecting an ever-increasing systems-of-systems with a communications foundation proven in aerospace and defense systems. OMG DDS is a software-based, loosely coupled connectivity framework that delivers low-latency, high reliability, scalability, discovery, and security, which are essential for aerospace systems. Loose coupling allows systems to grow, expand, update, and recover from failures, which increases system and data availability. Discovery allows systems to add new capabilities, increasing the reliability of updates and reducing risk and downtime. Security is the backbone of trust.

Open data security

To secure airborne data streams, implement OMG DDS Security 6 specification, which enables fine-grained data-centric security in distributed airborne systems. This specification provides airborne platforms using a DDS communications foundation with enhanced security mechanisms based on data-centric security policies and controls. This controls who can access what information and who can control the dissemination of data for each data model topic as opposed to the entire data stream. DDS security features – authentication, access control, domain partitioning – directly apply to standard aerospace data security concerns.

For real-time avionics environments, DDS security features integrate into DDS network protocols and enable use of various data sources, which are securely presented to authenticated avionics users in real-time. These features also enable different DDS security domains and partitions to share communications channels, which is cumbersome using traditional avionics security strategies that involve high risks and high costs to develop, maintain, and certify systems.

Lowering TCO

Creating new security features in traditional avionics systems can disrupt their design, operation, and maintenance. OMG DDS security specification addresses communications security in a one-to-many, data-centric approach. Instead of securing data transmission pipelines, it enables applications to define security policies based on the nature of the shared data per-topic. DDS security plugins are configured via XML to enable per-data-topic security, and can also provide custom plugins, crypto modules, and support for custom hardware such as crypto accelerators or trusted platform modules (TPMs).

Historically, deploying multiple levels of security and lowering TCO rarely occurred together. It is relatively easy to design, build, test, and secure a new platform once. The challenge comes when one must rapidly and reliably expand, update, and secure that system for many years or decades. A DDS communications foundation, coupled with DDS security in airborne platforms, frees system engineers to make standards-based design decisions that deploy competitive technology with a security strategy that can cap operation risk and cost.

A DDS communications foundation guarantees data delivery, lowers network management and system resources, and ensures the integrity and security of all network data. With advanced quality of service (QoS) capabilities and DDS security, DDS provides the platform for reliable avionics system design, data delivery, data security and safety evidence to meet COTS RTCA DO-178C software considerations in airborne systems and equipment certification.

Real-Time Innovations

About the author: Chip Downing is the senior market development director of aerospace and defense at Real-Time Innovations (RTI). He can be reached at 408.990.7400.

July 2019
Explore the July 2019 Issue

Check out more from this issue and find your next story to read.