The DDS Security specification includes five security builtin plugins.
Authentication plugin: DDS:Auth:PKI-DH. This plugin provides authentication for each
DomainParticipantjoining a DDS Domain using a trusted Certificate Authority (CA). Support mutual authentication between
DomainParticipantsand establish a shared secret.
Cryptographic plugin: DDS:Crypto:AES-GCM-GMAC. This plugin provides authenticated encryption using Advanced Encryption Standard (AES) in Galois Counter Mode (AES-GCM).
Logging plugin: DDS:Logging:DDS_LogTopic. This plugin logs security events.
Data Tagging: DDS:Tagging:DDS_Discovery. This plugin enables the addition of security labels to the data. Thus it is possible to specify classification levels of the data. In the DDS context it can be used as a complement to access control, creating an access control based on data tagging; for message prioritization; and to prevent its use by the middleware to be used instead by the application or service.
Currently the DDS:Tagging:DDS_Discovery plugin is not implemented in Fast DDS. Its implementation is expected for future release of Fast DDS.
In compliance with the DDS Security specification, Fast DDS provides
secure communication by implementing pluggable security at three levels: a)
(DDS:Auth:PKI-DH), b) access control of Entities (DDS:Access:Permissions), and c) data encryption
Furthermore, for the monitoring of the security plugins and logging relevant events, Fast DDS implements
the logging plugin (DDS:Logging:DDS_LogTopic).
By default, Fast DDS does not compile any security support, but it can be activated adding
-DSECURITY=ON at CMake
For more information about Fast DDS compilation, see Installation from Sources.
Security plugins can be activated through the
Property is defined by its name (
and its value (
For the full understanding of this documentation it is required the user to have basic knowledge of network security since terms like Certificate Authority (CA), Public Key Infrastructure (PKI), and Diffie-Hellman encryption protocol are not explained in detail. However, it is possible to configure basic system security settings, i.e. authentication, access control and encryption, to Fast DDS without this knowledge.
The following sections describe how to configure each of these properties to set up the Fast DDS security plugins.
- 7.1. Authentication plugin: DDS:Auth:PKI-DH
- 7.2. Access control plugin: DDS:Access:Permissions
- 7.3. Cryptographic plugin: DDS:Crypto:AES-GCM-GMAC
- 7.4. Logging plugin: DDS:Logging:DDS_LogTopic