A comparative evaluation of security mechanisms in DDS, TLS and DTLS

Abstract

In this paper the end-to-end security mechanisms of the Transport Layer Security (TLS) as well as the Datagram Transport Layer Security (DTLS) standard and the security related plugins within the Data Distribution Service (DDS) specification are analyzed and compared. The basic IT security requirements with regard to industrial applications are defined. Both, TLS/DTLS and DDS Security are evaluated against these requirements, and features such as cryptographic keys, key exchange mechanisms, encryption algorithms and authentication methods are compared. The results shall indicate if and why the use of a DDS-specific security protocol is necessary instead of deploying TLS/DTLS. Furthermore, the fundamental differences between TLS and DTLS are discussed and the distinctive features of DDS Security are highlighted.