Abstract
The Defined-trust Transport (DeftT) is designed to provide secure, default-deny networking for closed communities with dynamic membership and a collection-based construct that is efficient on broadcast media. Such closed communities, also known as limited domains [LDCCR], are frequently used in Operational Technology (OT) networking, in particular , in Critical Infrastructure uses. DeftT is designed to express and enforce application- and deployment-specific integrity, authentication, access control and behavior constraints directly in its protocol modules. It enables secure and completely self-contained (e.g., no external identity servers or certificate authorities) overlay networks where credentialed members can join and leave at any time. Security is not optional. To participate, members are preconfigured only with their individual cryptographically secured identities and the domain's secured communication rules. The rules are used to independently authenticate other members' identities as well as their role- and attribute-specific communications.
DeftT is an integrated trust management, multiparty transport that synchronizes collections of secured information across all members of its domain. DeftT uses a many-to-many synchronization primitive rather than source-destination send-and-acknowledgement. Packets are not routable and information only leaves its originating subnet if it is both explicitly permitted in the secured rules and there is a member element (a relay) provided to move validated information containers across subnets. DeftT is part of a Defined-trust Communications approach with an open-source example implementation available. Combined with IPv6 multicast and modern hardware-based methods for securing keys and code, it can provide a foundation for secure and efficient communications in limited domains, particularly in Critical Infrastructure domains.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Nichols, Kathleen, "Defined-Trust Transport Protocol for Limited Domains", Technical Disclosure Commons, (December 11, 2024)
https://www.tdcommons.org/dpubs_series/7640