This year, RTI Connext 7.3 introduced cutting-edge features that align with emerging cybersecurity standards to help ensure the integrity and confidentiality of mission-critical data transmissions. For customers building tomorrow’s distributed systems, being able to deploy robust defenses against cyber threats is often a critical issue. These defenses include support for Trusted Platform Modules, security information and event management (SIEM), and the integration of new cryptographic algorithms.

Customers who are trying to implement a comprehensive cybersecurity solution know that integration with other security tools and platforms is an important part of the process. For this reason, I’ve recently been working on the creation of some new resources to facilitate the process of getting started, while helping users of RTI Security Extensions maintain integrity across the full security life cycle. A great example of this is the use of Pre-Shared Keys with Lightweight Security Plugins, which is a key part of our Security Extensions software.

Trusted Platform Modules & OpenSSL Providers

To fully understand security in action, first, let’s back up a step: Odds are that the device you’re reading this blog post on contains a trusted platform module or TPM. But despite how widespread they are in today’s devices, unless you’re intimately familiar with cybersecurity, the world of TPMs might be slightly niche and obscure.

In essence, a TPM is a type of secure cryptoprocessor – a microcontroller on your device’s motherboard that is dedicated to helping keep your device secure. In fact, some operating systems such as Windows 11 require that your device has a TPM. TPMs have a few key functions:

• Generate cryptographic private keys with a random number generator
• Securely store and use cryptographic private keys
• Verify platform integrity during the boot process

Using a TPM is advantageous, because security embedded in a hardware solution can provide more protection than a solution comprised purely of software. In addition, the TPM is usually independent of your main operating system and CPU, which adds an additional layer of security.

Source: FxJ, Public domain, via Wikimedia Commons, https://commons.wikimedia.org/wiki/File:TPM_Asus.jpg 

So if your phone and laptop are important enough to warrant a TPM, then the need for a TPM in your mission-critical system is only going to be higher. As complex systems become more intelligent and distributed, their need for reliable, real-time connectivity will only grow. With this growth comes increased threat vectors and increased cybersecurity risk. Whether you’re building an autonomous vehicle or a surgical robot, safety is paramount, and you simply cannot afford to be exposed to cybersecurity vulnerabilities.

The bottom line is that using a TPM will help you secure your system, and mitigate cyber threats. Along with using a TPM for standard practices – such as securing your boot process – you can now also use a TPM to help secure the communications of your distributed system.

RTI Security Extensions in Connext 7.3 add support for OpenSSL Providers, including the TPM provider. This means you can configure Connext to use your device’s TPM to generate and store the private keys you are using for communications. In addition, this approach highlights security features that are unique to Connext, such as access control and built-in security logging that go beyond standard encryption and authentication. For details on how to implement this configuration, check out the new How-To guide here.

Security Monitoring with Connext

Security monitoring is another crucial step. It provides the advantage of continuous visibility into your system and applications, allowing for the timely detection of suspicious activities or potential security breaches. While encrypting data does help protect its confidentiality, it does not prevent unauthorized access or malicious actions within the encrypted environment. Security monitoring complements encryption by actively monitoring for anomalies, malicious behavior, and insider threats, providing comprehensive protection against evolving cyber threats and ensuring the integrity and availability of sensitive information. 

RTI Security Extensions automatically generate logs for security events, such as when invalid certificates are detected, or a participant tries to violate its authorized permissions. Based on these logs, it is possible to continually monitor the security of your Connext system. With the Connext Observability Framework in Connext 7.3 LTS, it is possible to feed these logs into cloud-based SIEM tools.

Explore the new Security Monitoring Case + Code here to learn how to do so.

Rotating Pre-Shared Keys with HashiCorp Vault

Connext 7.3.0 includes long-term support for Built-in Lightweight Security Plugins, which provide a minimal security solution to devices with limited resources or fast startup requirements. Use of the Lightweight Security Plugins requires use of a pre-shared key. It is important to have a system in place to deploy, rotate, and manage these keys across applications and devices.

HashiCorp^® Vault is a leading solution for storing and retrieving secrets and can be used to easily store, distribute and rotate the pre-shared keys used by your applications. In the event of a security incident, you can also revoke applications’ access to the Vault if needed, preventing them from receiving updated keys and kicking them from your system.

Take a look at the HashiCorp Vault Case + Code here.

Conclusion

These are just some of the ways RTI Security Extensions help customers stay secure in an increasingly complicated and rapidly evolving digital world. To learn more, please visit us on the web.

About the author:

Akkshaj Singh is an Application Engineer at RTI with a focus on New Commercial Markets and Security. He has a background in robotics and embedded systems, and is excited to work at the forefront of enabling autonomy. He holds a BS in Electrical Engineering from the University of Washington, Seattle.