CONFERENCE PROCEEDINGS
Advanced Search
Home > Proceedings > Volume 11425 > Article
Presentation + Paper
23 April 2020 Protecting publish/subscribe interactions via TLS and a system-wide certificate validation engine
Tony Pierce, Andrew Alten, Michael R. Clark
Author Affiliations +
Proceedings Volume 11425, Unmanned Systems Technology XXII; 114250G (2020) https://doi.org/10.1117/12.2555930
Event: SPIE Defense + Commercial Sensing, 2020, Online Only
Abstract
Multiple defense-relevant open architecture standards include the publish/subscribe messaging paradigm, which allows for dynamic network topology and scalability. Using the Transport Layer Security (TLS) protocol to secure such messaging is common; however, certificate validation must be performed. Typically, certificate validation is left to the application to configure, but history has shown that application developers often get incorrect certificate validation. In this paper, we explore the overhead costs of different security implementations under varying network conditions within a pub/sub system. Furthermore, we study how TrustBase strengthens and simplifies certificate validation within a pub/sub architecture. TrustBase allows a system administrator or integrator to specify a single certificate validation policy for all applications in the system. This ensures that even if application developers have misconfigured certificate validation, the policy is followed, which we believe could make system accreditation easier. Our study is conducted on a notional system with an Apache ActiveMQ messaging server. Handshake timing data are collected from several publishers and subscribers to understand the overhead resulting from using TLS with and without the TrustBase kernel module active on the system. Our experiments run with different certificate validation strategies including prepositioned public-keys and certificate chaining with a trusted root certificate authority. To our knowledge, we are the first to study TrustBase in an environment that emulates realistic network conditions and a messaging paradigm beyond the traditional client/server model. Our results confirm those of the original TrustBase work; TrustBase adds negligible overhead and is easily configurable as a universal certificate validation authority.
Conference Presentation
© (2020) COPYRIGHT Society of Photo-Optical Instrumentation Engineers (SPIE). Downloading of the abstract is permitted for personal use only.
Citation Download Citation
Tony Pierce, Andrew Alten, and Michael R. Clark "Protecting publish/subscribe interactions via TLS and a system-wide certificate validation engine", Proc. SPIE 11425, Unmanned Systems Technology XXII, 114250G (23 April 2020); https://doi.org/10.1117/12.2555930
ACCESS THE FULL ARTICLE
ORGANIZATIONAL
Sign in with credentials provided by your organization.
INSTITUTIONAL
Select your institution to access the SPIE Digital Library.
SELECT YOUR INSTITUTION
PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.
PERSONAL SIGN IN
No SPIE Account? Create one
PURCHASE THIS CONTENT
SUBSCRIBE TO DIGITAL LIBRARY
50 downloads per 1-year subscription
Members: $195
Non-members: $335 ADD TO CART
25 downloads per 1 - year subscription
Members: $145
Non-members: $250 ADD TO CART
PURCHASE SINGLE ARTICLE
Includes PDF, HTML & Video, when available
Members: $17.00
Non-members: $21.00 ADD TO CART
PROCEEDINGS
 7 PAGES + PRESENTATION
DOWNLOAD PAPER SAVE TO MY LIBRARY
WATCH
PRESENTATION
GET CITATION
Advertisement
Advertisement
RIGHTS & PERMISSIONS
Get copyright permission  Get copyright permission on Copyright Marketplace
KEYWORDS
Cryptography
Public-key cryptography
Computer security
Computing systems
Distributed computing
Information security
Network security
RELATED CONTENT
Subscribe to Digital Library
Receive Erratum Email Alert
Back to Top