Authors:
(1) Moritz Jasper, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany ([email protected]);
(2) Stefan Kopsell, Barkhausen Institut gGmbH, Wurzburger Straße 46, Dresden, Germany ([email protected]).
Attacker Model and Security Goals
Lightweight Communications and Marshalling [2] is a brokerless, topic-based Publish/Subscribe protocol designed for real-time systems that require high-throughput and lowlatency. Message types can be defined in the LCM type specification language, which is a language-neutral and platformneutral specification language for structured data. From this specification language, language-specific bindings for binary serialisation and encoding are generated, while maintaining interoperability.
The binary-encoded LCM messages are then sent via multicast groups, which are identified by the multicast IP-address and port on which they are transmitted. Each group comprises multiple topics, which in LCM are called channels, identified by a channelname string. Messages are transmitted using UDP and routed via IP-multicast to all other nodes within the multicast group. A node can subsequently subscribe to a channel within that group by simply dropping all messages except those that match the channelname. Since the same channelname might be used in multiple multicastgroups at the same time, we can uniquely identify a only by the combination of multicastgroup and channelname. We will therefore define LCMDomain=(multicastgroup, channelname).
The LCM packet format, as depicted in Figure 2, consists of a 4 byte magic number to identify the LCM protocol, a sequence number which is incremented by each sender separately, and a zero-terminated, ASCII-encoded channelname string. The channelname string is immediately followed by the payload. Large messages are fragmented into multiple smaller transportation units to achieve a maximum message size of 4 GB, in this case a slightly more complicated header is used, but omitted here.