Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

Message Encryption Methods for DDS Security Performance Improvement

DDS Security 성능 향상을 위한 메시지 암호화 기법 연구

  • Received : 2018.09.20
  • Accepted : 2018.10.29
  • Published : 2018.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

This paper surveys the DDS, a real - time communication middleware, and proposes ways to improve the DDS secure communication performance. DDS is a communication middleware standard by the OMG. The OMG has released the DDS Security standard to resolve the security issues. The security performance of DDS can be considered into transmission speed and confidentiality. In terms of confidentiality, AES-GCM, currently the encryption algorithm specified by DDS Security, is a very strong encryption algorithm, but there are well known weaknesses associated with authentication. In terms of speed, The computational load for the security function is a restriction to use DDS in systems which requires real-time performance. Therefore, in order to improve the DDS security, algorithms that are faster than AES-GCM and strong in encryption strength are needed. In this paper, we propose a DDS message encryption method applying AES-OCB algorithm to meet these requirements and Compared with the existing DDS, the transmission performance is improved by up to 12%.

본 논문은 실시간 통신 미들웨어인 DDS에 대해 알아보고, DDS 보안통신의 성능을 향상하기 위한 방법을 제시한다. DDS는 OMG(Object Management Group)에서 지정한 통신 미들웨어 표준이다. OMG는 최근 발생하는 보안이슈들에 대응하기 위해 DDS Security 표준을 지정하였다. DDS의 보안의 성능은 기밀성의 유지와 전송 속도를 고려해야 한다. 기밀성 측면에서 현재 DDS Security 표준의 암호화 알고리즘인 AES-GCM은 강력한 암호화 알고리즘이지만 메시지 인증관련 부분에 약점이 존재한다. 속도 측면에서 보안기능을 위한 연산 부하는 실시간성이 요구되는 시스템에서 DDS를 사용하는데 제약사항이 된다. DDS의 보안기능을 개선하기 위해서는 AES-GCM보다 빠르고 암호화 강도가 높은 알고리즘이 필요하다. 본 논문에서는 이러한 요구사항을 충족하기 위해 AES-OCB 알고리즘을 적용한 DDS 메시지 암호화 방법을 제안하고 DDS와 전송성능을 비교해 최대 12%의 성능개선을 확인하였다.

Keywords

HOJBC0_2018_v22n11_1554_f0001.png 이미지

Fig. 1 System architecture DDS middleware

HOJBC0_2018_v22n11_1554_f0002.png 이미지

Fig. 2 DDS RTPS Message transformation[4]

HOJBC0_2018_v22n11_1554_f0003.png 이미지

Fig. 3 AES-GCM mode work[10]

HOJBC0_2018_v22n11_1554_f0004.png 이미지

Fig. 4 AES-OCB mode work[13]

HOJBC0_2018_v22n11_1554_f0005.png 이미지

Fig. 5 Cryptographic Plugin Model[3]

HOJBC0_2018_v22n11_1554_f0006.png 이미지

Fig. 6 CryptoTransForm Structure with AES-OCB

HOJBC0_2018_v22n11_1554_f0007.png 이미지

Fig. 7 Average Value Compare Result

Table. 1 Cryptographic SPI TransformationKind

HOJBC0_2018_v22n11_1554_t0001.png 이미지

Table. 2 Experiment Target Environment

HOJBC0_2018_v22n11_1554_t0002.png 이미지

Table. 3 Experiment Result

HOJBC0_2018_v22n11_1554_t0003.png 이미지

References

  1. DDS Portal. What is DDS[Internet]. Available: https://www.omgwiki.org/dds/what-is-dds-3/.
  2. S. H. Ham, and D. W. Park, "Study on Policies for National Cybersecurity," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 9, pp. 1666-1673, Sep. 2017. https://doi.org/10.6109/JKIICE.2017.21.9.1666
  3. T. White, M. N. Johnstone and M. Peacock, "An investigation into some security issues in the DDS messaging protocol," in Proceeding of 15th Australian Information Security Management Conference, Perth, pp. 132-139, 2017.
  4. OMG Std. DDS Security Version 1.1, OMG, 2018.
  5. Y. K. Go and C. S. Kim, "Cryptographic Overhead of DDS Security for Naval Combat System Security," in Proceeding of the Korean Information Science Society Conference, Jeju, pp. 1217-1219, 2017.
  6. N. Ferguson.(2005, May). Authentication weaknesses in GCM. Comments submitted to NIST Modes of Operation Process[online]. pp. 1-19. Available: https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/cwc-gcm/ferguson2.pdf.
  7. OMG Std. Data Distribution Service for Real-time Systems Version 1.2, OMG, 2007.
  8. OMG Std, The Real-Time Publish-Subscribe WireProtocol: DDS Interoperability Wire Protocol Specification Version 2.1, OMG, 2014.
  9. S. M. Kim, T. M. Chang, H. S. Kim, and M. S. Kang, "Design of High-Speed AES Cipher Processor Using Pipeline Technique," Journal of Security Engineering, vol. 11, no. 2, pp.145-154, Apr. 2014. https://doi.org/10.14257/jse.2014.04.01
  10. D. A. McGrew, and J. Viega, "The security and performance of the Galois/Counter Mode (GCM) of operation," in Proceeding of the International Conference on Cryptology in India, Berlin, pp. 343-355, 2004.
  11. G. Procter and C. Cid, "On weak keys and forgery attacks against polynomial-based MAC schemes," Journal of Cryptology, vol. 28, no. 4, pp. 769-795, Oct. 2015. https://doi.org/10.1007/s00145-014-9178-9
  12. J. P. Aumasson, Serious Cryptography: A Practical Introduction to Modern Encryption, San Francisco, 2017.
  13. T. Krovetz and P. Rogaway, "The Software Performance of Authenticated-Encryption Modes," in Proceedings of the International Workshop on Fast Software Encryption, Berlin, pp. 306-327, 2011.
  14. OCB Mode. OCB: free licenses[internet]. Available: http://web.cs.ucdavis.edu/-rogaway/ocb/license.htm.
  15. T. Krovetz and P. Rogaway. (2014, May). The OCB authenticated-encryption algorithm, IETF RFC 7253[Online], pp. 1-19. Available: https://tools.ietf.org/html/rfc7253.