Securing IIoT using Defence-in-Depth: Towards an End-to-End secure Industry 4.0. (October 2020)
- Record Type:
- Journal Article
- Title:
- Securing IIoT using Defence-in-Depth: Towards an End-to-End secure Industry 4.0. (October 2020)
- Main Title:
- Securing IIoT using Defence-in-Depth: Towards an End-to-End secure Industry 4.0
- Authors:
- Mosteiro-Sanchez, Aintzane
Barcelo, Marc
Astorga, Jasone
Urbieta, Aitor - Abstract:
- Highlights: Gateways have full access to relayed data, turning them into threats if compromised. Defence-in-Depth (DiD) security strategy is proposed including encryption cyphers. Security layer goals are defined and fulfilled considering network segmentation. End-to-End security achieved using Object Security and lightweight encryption. Abstract: Industry 4.0 uses a subset of the IoT, called Industrial IoT (IIoT) to achieve connectivity, interoperability and decentralisation. The deployment of industrial networks rarely considers security by design, but this becomes imperative in smart manufacturing as connectivity increases. The combination of OT and IT infrastructures in Industry 4.0 adds new security threats beyond those of traditional industrial networks. Defence-in-Depth (DiD) strategies tackle the complexity of this problem by providing multiple defence layers, each of these focusing on a particular set of threats. Additionally, the severe requirements of IIoT networks demand lightweight encryption algorithms. Nevertheless, these ciphers must provide E2E (End-to-End) security, as data pass through intermediate entities, or middleboxes, before reaching its destination. If compromised, middleboxes could expose vulnerable information to potential attackers if it is not encrypted throughout this path. This paper presents an analysis of the most relevant security strategies in Industry 4.0, focusing primarily on DiD. With these in mind, it proposes a combination of DiD, aHighlights: Gateways have full access to relayed data, turning them into threats if compromised. Defence-in-Depth (DiD) security strategy is proposed including encryption cyphers. Security layer goals are defined and fulfilled considering network segmentation. End-to-End security achieved using Object Security and lightweight encryption. Abstract: Industry 4.0 uses a subset of the IoT, called Industrial IoT (IIoT) to achieve connectivity, interoperability and decentralisation. The deployment of industrial networks rarely considers security by design, but this becomes imperative in smart manufacturing as connectivity increases. The combination of OT and IT infrastructures in Industry 4.0 adds new security threats beyond those of traditional industrial networks. Defence-in-Depth (DiD) strategies tackle the complexity of this problem by providing multiple defence layers, each of these focusing on a particular set of threats. Additionally, the severe requirements of IIoT networks demand lightweight encryption algorithms. Nevertheless, these ciphers must provide E2E (End-to-End) security, as data pass through intermediate entities, or middleboxes, before reaching its destination. If compromised, middleboxes could expose vulnerable information to potential attackers if it is not encrypted throughout this path. This paper presents an analysis of the most relevant security strategies in Industry 4.0, focusing primarily on DiD. With these in mind, it proposes a combination of DiD, a lightweight E2E encryption algorithm called Attribute-Based-Encryption (ABE) and object security (i.e., OSCORE) to get a full E2E security approach. This analysis is a critical first step to develop more complex and lightweight security frameworks suitable for Industry 4.0. … (more)
- Is Part Of:
- Journal of manufacturing systems. Volume 57(2020)
- Journal:
- Journal of manufacturing systems
- Issue:
- Volume 57(2020)
- Issue Display:
- Volume 57, Issue 2020 (2020)
- Year:
- 2020
- Volume:
- 57
- Issue:
- 2020
- Issue Sort Value:
- 2020-0057-2020-0000
- Page Start:
- 367
- Page End:
- 378
- Publication Date:
- 2020-10
- Subjects:
- Industry 4.0 -- IIoT -- E2E security -- Defense in depth -- OSCORE -- Attribute based encryption
Manufacturing processes -- Periodicals
Production engineering -- Data processing -- Periodicals
Robots, Industrial -- Periodicals
Production, Technique de la -- Informatique -- Périodiques
Robots industriels -- Périodiques
Electronic journals
670.42 - Journal URLs:
- http://www.sciencedirect.com/science/journal/02786125 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.jmsy.2020.10.011 ↗
- Languages:
- English
- ISSNs:
- 0278-6125
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 5011.650000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 14911.xml