KR102030780B1 - Data distribution service system and its discovery method - Google Patents

Abstract

The present invention relates to a data distribution service (DDS), which is a real-time communication middleware standard established by the Open Management Group (OMG). More particularly, the present invention relates to a DDS system and a discovery method thereof that can reduce initial traffic generation and processing load by performing a lightweight discovery process, and can prevent generation of unnecessary discovery packets in a system.

Description

DDS system and its discovery method {DATA DISTRIBUTION SERVICE SYSTEM AND ITS DISCOVERY METHOD}

The present invention relates to a data distribution service (DDS), which is a real-time communication middleware standard standard established by the Open Management Group (OMG). In detail, a light weight discovery process can be performed to reduce initial traffic generation and processing load. The present invention relates to a DDS system and a discovery method thereof capable of preventing generation of unnecessary discovery packets.

Data Distribution Service (DDS) is a software that provides a real-time communication function to an application program, and is a communication middleware that provides a communication service on an operating system.

 DDS provides a Data-Centric Publisher-Subscriber Structure that enables convenient communication between applications that send data and applications that receive data on the same network.

With DDS, the application does not need to know to whom the data it publishes is sent. Consider only the data you publish. Again, the application receiving the data does not need to consider who receives the data.

This is because DDS automatically establishes a communication link between the sending application and the receiving application. At this time, DDS internally uses additional information called a Globally Unique Identifier (GUID) to identify a destination and a sender (who do not need an application). In other words, DDS uses GUID internally to identify transmission / reception information and use it for actual communication.

DDS is a protocol with a publisher-subscriber structure. It does not need to directly manage end-points for communication in the application layer, and thus has advantages in implementation and management. In the initial operation, DDS goes through the discovery process and exchanges information between end-points, and based on the exchanged information, each end-point manages the end-points collected through the locator list.

When the application layer requests data transmission, the DDS finds the end-point that requested the reception of the data on the Locator and proceeds with the transmission.

Such a transmission method has a big disadvantage in terms of security due to the lack of a validation step for a send / receive target, a lack of authority review step for a send / receive target, and a lack of a data encryption / decryption step between a send / receive target.

The Open Management Group (OMG) complements the security issues of previous DDS by enacting the DDS Security Spec ('Secure DDS').

Inevitably, various loads of services provided by DDS have been inevitably increased to support functions such as user authentication, access control, and encryption for security, and in particular, the load on the discovery process performed at the initial stage of DDS has increased rapidly. It became.

Basically, the success of DDS communication depends on obtaining locator information through stable operation of the initial DDS Discovery Process. As the number of participants participating in the network increases, the network load of the discovery process increases rapidly, and sometimes the discovery process of some participants does not end, which is called “DDS Discovery Storms”.

In order to avoid the discovery storms, techniques for dividing the load of the discovery process in various forms have been applied, but the addition of security functions has created a load that cannot be solved by these techniques.

The main load that causes the discovery storm of Secure DDS occurs in the security handshake process in the discovery process. The load factor can be classified into two types (network delay and processing delay).

All of the above delays occur at the beginning of system operation, and have a great impact on the time until the initial operation of the combat system.

The present invention has been proposed to solve the problems of the prior art as described above, and an object of the present invention is to provide a DDS system and a discovery method for performing a lightweight discovery process by improving the discovery process proposed by the existing OMG Security Spec. have.

In addition, the present invention is a DDS system that can reduce the initial traffic generation and processing load in the system network by adding the local security defect verification to the discovery process by expanding the authority of the switch equipment to alleviate the discovery storm phenomenon of the prior art And it aims to provide a discovery method thereof.

In addition, the present invention delegates the security defect verification procedure that was performed 1: 1 between Domain Participants through the implementation of the GateKeeper module in the switch equipment that plays a role of forwarding the existing packet, and through the review result between the initial system network access process It is an object of the present invention to provide a DDS system and a discovery method thereof, which can prevent generation of unnecessary discovery packets by preemptively blocking an invalid domain participant's network connection itself.

The technical problem of the present invention is not limited to the above-mentioned matters, and those skilled in the art from the following descriptions can also clearly understand other problems intended by the present invention. will be.

Data distribution service (DDS) system according to an embodiment of the present invention for achieving the above object, includes a DDS module for relaying communication between a plurality of application programs, the DDS module is a received SPDP (Simple Participant Discovery Protocol) is characterized by including the GateKeeper engine to allow or block domain participants by determining the validity of domain participants based on defects in the user authentication document and authorization document contained in the message.

If the GateKeeper engine determines that at least one of the authentication document information and the authorization document information is defective, the GateKeeper engine determines that the domain participant is invalid and blocks the domain participant. It is characterized in that it is determined to be valid and allowed.

The DDS module is characterized by proceeding with the participant discovery process for the domain participants allowed by the GateKeeper engine.

The DDS module performs a security handshake process after the participant discovery process, but performs a lightweight security handshake process in which a user authentication document and an authorization document are not exchanged and verified.

The DDS module is characterized by establishing a communication between valid domain participants by sequentially performing a Participant Key Exchange procedure, a Simple Endpoint Secure Discovery procedure, and an Endpoint Key Change procedure after the Security Handshake process.

Discovery method of the DDS system according to an embodiment of the present invention, the step of the application program calls the Application Programming Interface (API) of the Data Distribution Service (DDS) to create a domain participant; Transmitting, by the domain participant, a user authentication document and an authorization document to a GateKeeper engine of a DDS module; Confirming whether the GateKeeper engine is a valid domain participant through verification of a user authentication document and an authorization document; And performing, by the DDS module, a participant discovery procedure between valid domain participants in a DDS network.

The method may include performing a security handshake after the DDS module performs the participant discovery procedure.

The step of proceeding with the Security Handshake process, characterized in that the step of proceeding the Lightweight Security Handshake process is excluded the mutual exchange and verification procedures for the user authentication document and the authorization document.

The method includes the step of establishing a communication between valid domain participants by sequentially performing a Participant Key Exchange procedure, a Simple Endpoint Secure Discovery procedure, and an Endpoint Key Change procedure after the DDS module performs the security handshake. Characterized in that.

The step of confirming whether the valid domain participant is characterized in that the step of allowing or blocking the domain participant by determining the validity of the domain participant based on the defect of the user authentication document and the authorization document.

The step of checking whether the valid domain participant is determined that at least one of the authentication document information and the authority document information is defective, determines that the domain participant is invalid, and blocks both the authentication document information and the authority document information. If it is determined that there is no it is characterized in that the step of allowing the domain participant is determined to be valid.

According to the present invention, an engine called 'GateKeeper' is applied to an existing DDS module to determine validity of an accessing domain participant, and then a mutual discovery process is performed according to the discovery procedure of the existing DDS for a valid domain participant.

Therefore, since the verification of the authentication document and the authorization document has been performed by GateKeeper, it is not necessary to share the originals of the authentication document and the authorization document during the discovery process of the conventional SecureDDS, thereby greatly reducing the load of the security handshake.

The present invention can reduce the initial traffic generation and processing load in the system network by adding a local security defect verification to the discovery process by expanding the authority of the switch equipment to alleviate the discovery storm phenomenon of the prior art.

In addition, the present invention delegates the security defect verification procedure that was performed 1: 1 between Domain Participants through the implementation of the GateKeeper module in the switch equipment that plays a role of forwarding the existing packet, and through the review result between the initial system network access process It is possible to prevent the occurrence of unnecessary discovery packet in the system by preemptively blocking invalid domain participant's network connection itself.

BRIEF DESCRIPTION OF THE DRAWINGS The accompanying drawings are provided to assist in understanding the present embodiment, and provide embodiments with a detailed description. However, the technical features of the present embodiment are not limited to the specific drawings, and the features disclosed in the drawings may be combined with each other to constitute a new embodiment.
1 is a diagram illustrating an example of a DDS system to which a discovery method according to an exemplary embodiment of the present invention is applied.
2 is a view for explaining a discovery method of the DDS system according to an embodiment of the present invention.
FIG. 3 is a diagram for describing in detail a process of checking whether a valid domain participant is made in step S220 of FIG. 2.

With respect to the embodiments of the present invention disclosed in the text, specific structural to functional descriptions are merely illustrated for the purpose of describing the embodiments of the present invention, the embodiments of the present invention may be implemented in various forms and It should not be construed as limited to the described embodiments.

As the inventive concept allows for various changes and numerous embodiments, particular embodiments will be illustrated in the drawings and described in detail in the text. However, this is not intended to limit the present invention to the specific disclosed form, it should be understood to include all modifications, equivalents, and substitutes included in the spirit and scope of the present invention.

Terms such as first and second may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as the second component, and similarly, the second component may also be referred to as the first component.

When a component is said to be “connected” or “connected” to another component, it may be directly connected to or connected to that other component, but it may be understood that other components may be present in the middle. Should be. On the other hand, when a component is said to be "directly connected" or "directly connected" to another component, it should be understood that there is no other component in between. Other expressions describing the relationship between components, such as “between” and “immediately between,” or “neighboring to,” and “directly neighboring to” should be interpreted as well.

The terminology used herein is for the purpose of describing particular example embodiments only and is not intended to be limiting of the invention. Singular expressions include plural expressions unless the context clearly indicates otherwise. In this application, the terms “comprises” or “having” are intended to indicate that the disclosed feature, number, step, operation, component, part, or combination thereof exists, and that one or more other features or numbers, It is to be understood that it does not exclude in advance the possibility of the presence or addition of steps, actions, components, parts or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art. Terms such as those defined in the commonly used dictionaries should be construed as having meanings consistent with the meanings in the context of the related art and shall not be construed in ideal or excessively formal meanings unless expressly defined in this application. Do not.

On the other hand, when an embodiment may be implemented differently, a function or operation specified in a specific block may occur differently from the order specified in the flowchart. For example, two consecutive blocks may actually be performed substantially simultaneously, and the blocks may be performed upside down depending on the function or operation involved.

Hereinafter, a DDS system and a discovery method thereof according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating an example of a DDS system to which a discovery method according to an exemplary embodiment of the present invention is applied.

As shown in FIG. 1, the DDS system 1 to which the discovery method of the present invention is applied includes a plurality of applications 11 serving as a domain participant, and a plurality of applications 11. It includes a DDS module 12 for relaying the communication of.

In addition, the DDS module 12 performs a discovery procedure for communication relay, and includes a gate keeper 12a (or a gate keeper engine) as an engine performing the procedure proposed by the present invention during the discovery procedure.

The gate keeper 12a may allow or block the domain participant by determining the validity of the domain participant based on a defect of the user authentication document and the authorization document included in the received Simple Participant Discovery Protocol (SPDP) message.

At this time, if the gate keeper 12a determines that at least one of the authentication document information and the authorization document information is defective, the gate keeper 12a determines that the domain participant is invalid and blocks it, and both the authentication document information and the authorization document information have no defect. If so, the domain participant can be determined to be valid and allowed.

Meanwhile, the DDS module 12 may proceed with a participant discovery procedure for a domain participant allowed by the gate keeper 12a and then proceed with a security handshake process.

At this time, the DDS module 12 proceeds with the Lightweight Security Handshake process excluding the exchange and verification procedures for the user authentication document and the authorization document.

The DDS module 12 may establish a communication between valid domain participants by sequentially performing a Participant Key Exchange procedure, a Simple Endpoint Secure Discovery procedure, and an Endpoint Key Change procedure after the Security Handshake procedure.

In the present invention, the discovery operation of the DDS module 12, the application 11 calls the Application Programming Interface (API) (ex, create_domainparticipant) of the DDS to create a domain participant (DomainParticipant) object, the generated domain participant (DomainParticipant) object is made by sending the user authentication document and the authorization document in a format to the gate keeper 12a of the DDS module 12.

Hereinafter, a discovery method performed by the DDS module 12 under the DDS system 1 as shown in FIG. 1 will be described in detail.

2 is a view for explaining a discovery method of the DDS system according to an embodiment of the present invention.

Referring to FIG. 2, the application 11 creates a domain participant (DomainParticipant) by calling an API (create_domainparticipant) of the DDS (S200).

Then, the generated domain participant (DomainParticipant) transmits the user authentication document and the authorization document in accordance with the format to the Gate Keeper 12a of the DDS module 12 (S210).

The user authentication document and the authorization document may be transmitted in the form of a Simple Participant Discovery Protocol (SPDP) message.

Thereafter, the gate keeper 12a checks whether the domain participant is a valid domain participant (DomainParticipant) through verification of the domain participant (DomainParticipant) user authentication document and authorization document (S220).

DomainParticipant authenticated through Gate Keeper 12a has a normal DomainParticipant status in the DDS network.

With respect to the domain participant identified as a valid domain participant in the step S220, the DDS module 12 performs a participant discovery procedure between valid domain participants in the DDS network (S230).

Thereafter, the DDS module 12 proceeds to the Security Handshake process, but proceeds to the Lightweight Security Handshake process in which the interchange and verification procedures for the user authentication document and the authorization document are excluded (S240).

Thereafter, the DDS module 12 sequentially processes the Participant Key Exchange procedure, the Simple Endpoint Secure Discovery procedure, and the Endpoint Key Change procedure (S250) to establish communication between valid domain participants (S260).

Hereinafter, a process of confirming whether the domain is a valid domain participant made in step S220 of FIG. 2 will be described in more detail.

FIG. 3 is a diagram for describing in detail a process of checking whether a valid domain participant is performed in step S220 of FIG. 2.

Referring to FIG. 3, when the gate keeper 12a receives the SPDP message (S300), the gate keeper 12a extracts authentication document information in the SPDP message (S310).

Thereafter, the gate keeper 12a determines whether there is a defect in the extracted authentication document information (S320), and if there is a defect (S320-Yes), the corresponding domain participant is determined to be invalid and blocks (S330).

On the other hand, if there is no defect (S320-No) as a result of the determination in step S320, the gate keeper 12a extracts the authority document information in the SPDP message (S340).

Then, the gate keeper 12a determines whether there is a defect in the extracted authority document information (S350), and if there is a defect (S350-Yes), it determines that the domain participant is invalid and blocks (S330).

On the other hand, if there is no defect as a result of the determination in step S350 (S350-No), the gate keeper 12a determines that the domain participant is valid and allows (S360).

In FIG. 3, the gate keeper 12a first determines whether there is a defect in the authentication document information. However, the gate keeper 12a may first determine whether there is a defect in the authority document information.

That is, when the gate keeper 12a receives the SPDP message, the gate keeper 12a extracts the authentication document information and the authorization document information in the SPDP message, and if it is determined that at least one of the authentication document information and the authorization document information is defective, the corresponding domain participant is valid. If it is judged not to be blocked, and if it is determined that both the authentication document information and the authorization document information are not defective, the domain participant is considered valid and allowed.

As described above, the present invention applies an engine called 'GateKeeper' to the existing DDS module, determines the validity of accessing domain participants, and then performs a mutual discovery process according to the discovery procedure of the existing DDS for valid domain participants. Perform.

Since the verification of the authentication document and the authorization document has been performed by GateKeeper, the burden of the security handshake is greatly reduced since there is no need to share the original of the authentication document and the authorization document during the discovery process of the conventional SecureDDS.

In addition, the prior art discovery technology has a procedure in which each domainparticipant establishes communication through mutual confirmation directly. In order to apply the security verification function to this technology, it is designed to inherit the existing method, and each DomainParticipant must perform the process of verifying the DomainParticipant on all networks.

Therefore, each DomainParticipant process is performed for N-1 times verification, and the packet containing N * (N-1) times of user authentication document and authorization document is transmitted from the whole network perspective. This represents the minimum amount of retransmission packets not included due to communication establishment failure. Therefore, as the system size increases, the load increases exponentially.

However, when the gate keeper engine and the light weight secure handshake structure proposed by the present invention are applied to the existing secure DDS, a large number of the aforementioned high loads can be reduced, thereby preventing a discovery storm problem.

As described above, the DDS system and the discovery method thereof according to the present invention have been described in accordance with embodiments, but the scope of the present invention is not limited to the specific embodiments, and will be apparent to those skilled in the art. Various alternatives, modifications, and changes can be made within the scope of this.

Accordingly, the embodiments and the accompanying drawings described in the present invention are not intended to limit the technical spirit of the present invention, but are for explaining, and the scope of the technical idea of the present invention is not limited by the embodiments and the accompanying drawings. . The scope of protection of the present invention should be interpreted by the claims, and all technical ideas within the scope equivalent thereto should be construed as being included in the scope of the present invention.

1: DDS system
11: application
12: DDS Module
12a: Gate Keeper Engine

Claims (11)

In the DDS (Data Distribution Service) system that supports the data distribution service,
A DDS module for relaying communications between a plurality of applications;
The DDS module includes a GateKeeper engine that allows or blocks domain participants by determining the validity of domain participants based on defects in user authentication documents and authorization documents included in the received Simple Participant Discovery Protocol (SPDP) message. ,
If the GateKeeper engine determines that at least one of the authentication document information and the authorization document information is defective, the GateKeeper engine determines that the domain participant is invalid and blocks the domain participant. DDS system, characterized in that allowed to judge.
delete The method of claim 1,
And the DDS module performs a participant discovery procedure for domain participants allowed by the GateKeeper engine.
The method of claim 3, wherein
The DDS module, after the participant discovery process, proceeds to the Security Handshake process, the DDS system characterized in that for performing a Lightweight Security Handshake process that excludes the exchange and verification procedures for the user authentication document and the authorization document.
The method of claim 4, wherein
The DDS module is characterized by establishing a communication between valid domain participants by sequentially performing a Participant Key Exchange procedure, a Simple Endpoint Secure Discovery procedure, and an Endpoint Key Change procedure after the Security Handshake process.
In the discovery method of a data distribution service (DDS) system supporting a data distribution service,
Generating a domain participant by calling an application programming interface (API) of the DDS;
Transmitting, by the domain participant, a user authentication document and an authorization document to a GateKeeper engine of a DDS module;
Allowing or blocking the domain participant by determining the validity of the domain participant based on the defect of the user authentication document and the authorization document by the GateKeeper engine; And
The DDS module performing a participant discovery procedure between valid domain participants in a DDS network;
In the step of allowing or blocking the domain participant, if it is determined that at least one of the authentication document information and the authorization document information is defective, the domain participant is determined to be invalid and is blocked, and both the authentication document information and the authorization document information are defective. If it is determined that there is not a domain discovery method of the DDS system which is a step of allowing the domain participant to be valid.
The method of claim 6,
And performing a security handshake by the DDS module after the participant discovery procedure.
The method of claim 7, wherein
The step of proceeding with the Security Handshake process, the discovery method of the DDS system, characterized in that for performing a Lightweight Security Handshake process that excludes the exchange and verification procedures for the user authentication document and the authorization document.
The method of claim 7, wherein
After the DDS module proceeds to the Security Handshake process, Participant Key Exchange procedure, Simple Endpoint Secure Discovery procedure, Endpoint Key Change procedure is sequentially performed to establish a communication between valid domain participants of the DDS system Discovery method.
delete delete

Images