Abstract
Digital transformation and the utilization of Industrial IoT (IIoT) introduces numerous interconnected devices to factories increasing among others the challenge of managing their software versions and giving attackers new possibilities to exploit various software vulnerabilities.
Factory networks were earlier isolated from the Internet. However, this separation is no longer valid and there can be connections that allow intruders to penetrate into information systems of factories. Another issue is that although factories typically are physically isolated, it is not necessarily safe to assume that physical security is in good shape as the novel supply networks comprise subcontracted activities and temporary work force. Another threat can also arise from unauthorized monitoring of devices and the unauthorized replacement of existing ones.
Based on the previous, it is crucial that IIoT security should be built into factories of the future (FoF) right from the design phase and even low-end devices need to be supported. Trusted computing concept called remote attestation should be used. Remote attestation allows remote parties to verify the integrity of each system component. System components should include trusted hardware components that can be used to measure executable software. The term measurement means calculating the cryptographic hash of the binary component before passing control to it. Trusted hardware components should also have a mechanism to protect the integrity of the measurement list and cryptographic keys that can be used to sign integrity assertions. The verifier part should have a storage of reference integrity metrics identifying the expected values of these measurements.
Deploying trusted computing and remote attestation concepts to industrial automation is not straightforward. Even if it is possible to use remote attestation with suitable hardware components, it is not clear how remote attestation should be integrated with various operational technology (OT) industrial automation protocols. Approaches to use remote attestation with existing industrial automation protocols (e.g., OPC UA) is discussed. Advanced identity and access management (e.g., OAuth2, OpenID Connect) can be used to combine integrity measurements with device identity information so that the remote attestation process is triggered by authentication during the first transaction. The focus is on machine-to-machine (M2M) communications with immutable device identities and integrity evidence transfer.
Factory networks were earlier isolated from the Internet. However, this separation is no longer valid and there can be connections that allow intruders to penetrate into information systems of factories. Another issue is that although factories typically are physically isolated, it is not necessarily safe to assume that physical security is in good shape as the novel supply networks comprise subcontracted activities and temporary work force. Another threat can also arise from unauthorized monitoring of devices and the unauthorized replacement of existing ones.
Based on the previous, it is crucial that IIoT security should be built into factories of the future (FoF) right from the design phase and even low-end devices need to be supported. Trusted computing concept called remote attestation should be used. Remote attestation allows remote parties to verify the integrity of each system component. System components should include trusted hardware components that can be used to measure executable software. The term measurement means calculating the cryptographic hash of the binary component before passing control to it. Trusted hardware components should also have a mechanism to protect the integrity of the measurement list and cryptographic keys that can be used to sign integrity assertions. The verifier part should have a storage of reference integrity metrics identifying the expected values of these measurements.
Deploying trusted computing and remote attestation concepts to industrial automation is not straightforward. Even if it is possible to use remote attestation with suitable hardware components, it is not clear how remote attestation should be integrated with various operational technology (OT) industrial automation protocols. Approaches to use remote attestation with existing industrial automation protocols (e.g., OPC UA) is discussed. Advanced identity and access management (e.g., OAuth2, OpenID Connect) can be used to combine integrity measurements with device identity information so that the remote attestation process is triggered by authentication during the first transaction. The focus is on machine-to-machine (M2M) communications with immutable device identities and integrity evidence transfer.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 21st European Conference on Cyber Warfare and Security |
| Publisher | Academic Conferences International (ACI) |
| Pages | 140-149 |
| Number of pages | 10 |
| ISBN (Electronic) | 978-1-914587-41-2 |
| ISBN (Print) | 978-1-914587-40-5 |
| DOIs | |
| Publication status | Published - 16 Jun 2022 |
| MoE publication type | A4 Article in a conference publication |
| Event | 21st European Conference on Cyber Warfare and Security, ECCWS 2022 - University of Chester UK, Chester, United Kingdom Duration: 16 Jun 2022 → 17 Jun 2022 |
Publication series
| Series | European conference on cyber warfare and security (ECCWS) |
|---|---|
| Number | 1 |
| Volume | 21 |
| ISSN | 2048-8610 |
Conference
| Conference | 21st European Conference on Cyber Warfare and Security, ECCWS 2022 |
|---|---|
| Country/Territory | United Kingdom |
| City | Chester |
| Period | 16/06/22 → 17/06/22 |
UN SDGs
This output contributes to the following UN Sustainable Development Goals (SDGs)
-
SDG 9 Industry, Innovation, and Infrastructure
Keywords
- industrial IoT
- ;Remote attestation
- OT protocols
- Factory of the future
- IAM
- Trusted computing
Fingerprint
Dive into the research topics of 'Combining System Integrity Verification with Identity and Access Management'. Together they form a unique fingerprint.Research output
- 1 Report
-
CyberFactory#1 – Tulevaisuuden tehtaiden mahdollisuudet ja uhat: Tutkimushankkeen loppuraportti
Translated title of the contribution :CyberFactory#1 - Addressing opportunities and threats for the Factory of the Future: Research project final report Research output: Book/Report › Report
Open AccessFile
Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver