Research Outputs

2021 2021 2020 2020 2019 2019 2018 2018 2017 2017 2016 2016 0.0 0.0 0.5 0.5 1.0 1.0 1.5 1.5 2.0 2.0 2.5 2.5 3.0 3.0
Now showing 1 - 9 of 9
  • Publication
    Towards trustworthy end-to-end communication in industry 4.0
    (IEEE, 2017) ; ; ; ;
    Matischek, Rainer 
    ;
    Schmittner, Christoph 
    ;
    Mantas, Georgios 
    ;
    Thron, Mario 
    ;
    Delsing, Jerker 
    Industry 4.0 considers integration of IT and control systems with physical objects, software, sensors and connectivity in order to optimize manufacturing processes. It provides advanced functionalities in control and communication for an infrastructure that handles multiple tasks in various locations automatically. Automatic actions require information from trustworthy sources. Thus, this work is focused on how to ensure trustworthy communication from the edge devices to the backend infrastructure. We derive a meta-model based on RAMI 4.0, which is used to describe an end-to-end communication use case for an Industry 4.0 application scenario and to identify dependabilities in case of security challenges. Furthermore, we evaluate secure messaging protocols and the integration of Trusted Platform Module (TPM) as a root of trust for dataexchange. We define a set of representative measurable indicator points based on existing standards and use them for automated dependability detection within the whole system.
      173Scopus© Citations 13
  • Publication
    Interacting with the Arrowhead Local Cloud: On-boarding Procedure
    (IEEE, 2018-05) ; ;
    Hegedűs, Csaba 
    ;
    ;
    Delsing, Jerker 
    ;
    Eliasson, Jens 
    Industrial automation systems are advancing rapidly and a wide range of standards, communication protocols and platforms supporting the integration of devices are introduced. It is therefore necessary to design and build appropriate tools and frameworks that allow the integration of devices with multiple systems and services. In this work we present the Arrow-head Framework, used to enable collaborative IoT automation and introduce two support core systems, SystemRegistry and DeviceRegistry, which are needed to create a chain of trust from a hardware device to a software system and its associated services. Furthermore, we propose an on-boarding procedure of a new device interacting with the Arrowhead local cloud. This ensures that only valid and authorized devices can host software systems within an Arrowhead local cloud.
      179Scopus© Citations 28
  • Publication
    Towards a Security Baseline for IaaS-Cloud Back-Ends in Industry 4.0
    The popularity of cloud based Infrastructure-as-a- Service (IaaS) solutions is becoming increasingly popular. However, since IaaS providers and customers interact in a flexible and scalable environment, security remains a serious concern. To handle such security issues, defining a set of security parameters in the service level agreements (SLA) between both, IaaS provider and customer, is of utmost importance. In this paper, the European Network and Information Security Agency (ENISA) guidelines are evaluated to extract a set of security parameters for IaaS. Furthermore, the level of applicability and implementation of this set is used to assess popular industrial and open-source IaaS cloud platforms, respectively VMware and OpenStack. Both platforms provide private clouds, used as backend infrastructures in Industry 4.0 application scenarios. The results serve as initial work to identify a security baseline and research needs for creating secure cloud environments for Industry 4.0.
      171Scopus© Citations 5
  • Publication
    Towards Resilience Metrics for Future Cloud Applications
    (2016)
    Novak, Marko 
    ;
    Shirazi, Syed Noorulhassan 
    ;
    Hudic, Aleksandar 
    ;
    Hecht, Thomas 
    ;
    ;
    Hutchison, David 
    ;
    ;
    An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably, new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities and attack vectors. In this paper, we investigate and analyse technological and security trends and their potential to become future threats by systematically examining industry reports on existing technologies. Using a cloud computing use case we identify potential resilience metrics that can shed light on the security properties of the system.
      147Scopus© Citations 4
  • Publication
    Towards flexible and secure end-to-end communication in industry 4.0
    (IEEE, 2017) ; ; ; ;
    Haas, Sarah 
    ;
    Delsing, Jerker 
    The digital transformation of industrial production is driven by the advance of cyber-physical production systems (CPPS) within which raw materials, machines and operations are interconnected to form a sophisticated network. Making such systems self-adaptable is a priority concern for the future implementation of Industry 4.0 application scenarios. In this position paper, we design a meta-model and use it as a tool to describe an end-to-end communication use case from an ongoing research project. Based on this use case we develop a business process performance and security trade-off model, which shows that maximazing both parameters at the same time is not possible, thus an efficient balance between them has to be achieved. Motivated by the result, we propose self adaptation as a solution towards a flexible and secure end-to-end communication in Industry 4.0. To identify and document the self-adaptation points in a structured methodological and lightweight way we use the bespoken meta-model.
      118  122Scopus© Citations 15
  • Publication
    Operations security evaluation of IaaS-cloud backend for industry 4.0
    The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.
      206  1Scopus© Citations 1
  • Publication
    Automated and Secure Onboarding for System of Systems
    (IEEE, 2021-08-03) ; ; ; ;
    Péceli, Bálint 
    ;
    Singler, Gábor 
    ;
    Kovács, Kristóf 
    ;
    ;
    Delsing, Jerker 
    The Internet of Things (IoT) is rapidly changing the number of connected devices and the way they interact with each other. This increases the need for an automated and secure onboarding procedure for IoT devices, systems and services. Device manufacturers are entering the market with internet connected devices, ranging from small sensors to production devices, which are subject of security threats specific to IoT. The onboarding procedure is required to introduce a new device in a System of Systems (SoS) without compromising the already onboarded devices and the underlying infrastructure. Onboarding is the process of providing access to the network and registering the components for the first time in an IoT/SoS framework, thus creating a chain of trust from the hardware device to its hosted software systems and their provided services. The large number and diversity of device hardware, software systems and running services raises the challenge to establish a generic onboarding procedure. In this paper, we present an automated and secure onboarding procedure for SoS. We have implemented the onboarding procedure in the Eclipse Arrowhead framework. However, it can be easily adapted for other IoT/SoS frameworks that are based on Service-oriented Architecture (SoA) principles. The automated onboarding procedure ensures a secure and trusted communication between the new IoT devices and the Eclipse Arrowhead framework. We show its application in a smart charging use case and perform a security assessment.
      154Scopus© Citations 7
  • Publication
    A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment
    (2019)
    Esfahani, A. 
    ;
    Mantas, G. 
    ;
    Matischek, R. 
    ;
    Saghezchi, F. 
    ;
    ; ; ;
    Schmittner, Ch. 
    ;
    Bastos, J. 
    In the emerging industrial Internet of Things (IIoT) era, machine-to-machine (M2M) communication technology is considered as a key underlying technology for building IIoT environments, where devices (e.g., sensors, actuators, and gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the IIoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the IIoT environment. Therefore, lightweight security mechanisms are required for M2M communications in IIoT in order to reach its full potential. As a step toward this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in IIoT environment. The proposed mechanism is characterized by low computational cost, communication, and storage overhead, while achieving mutual authentication, session key agreement, device's identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack.
      562  905Scopus© Citations 211