Automated decentralized IT security supervision in automation networks

Runde, Markus; Tebbe, Christopher; Niemann, Karl-Heinz; Toemmler, Jonas

doi:10.1109/indin.2012.6300854

Cited by 5 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In fact, various automation field busses such as Ethernet/IP [3] and OPC UA TSN [4] have considered or even adopted security technology from the IT world. As part of the German research project "Sichere Produktion mit verteilten Automatisierungssystemen (SEC PRO )", the performance of security mechanisms as encryption and message authentication in real-time communication was evaluated [5], [6] as well as concepts for platform integrity, key distribution and a public key infrastructure were proposed [7], [8]. As in the SEC PRO study, PROFINET serves as representative technology in the field of real-time automation systems for our work, although the findings are valid for general real-time Ethernet based field bus technologies.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Challenges and prospects of communication security in real-time ethernet automation systems

Müller

Walz

Kiefer

et al. 2018

2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)

View full text Add to dashboard Cite

Real-Time Ethernet has become the major communication technology for modern automation and industrial control systems. On the one hand, this trend increases the need for an automation-friendly security solution, as such networks can no longer be considered sufficiently isolated. On the other hand, it shows that, despite diverging requirements, the domain of Operational Technology (OT) can derive advantage from highvolume technology of the Information Technology (IT) domain. Based on these two sides of the same coin, we study the challenges and prospects of approaches to communication security in realtime Ethernet automation systems. In order to capitalize the expertise aggregated in decades of research and development, we put a special focus on the reuse of well-established security technology from the IT domain. We argue that enhancing such technology to become automation-friendly is likely to result in more robust and secure designs than greenfield designs. Because of its widespread deployment and the (to this date) nonexistence of a consistent securiy architecture, we use PROFINET as a showcase of our considerations. Security requirements for this technology are defined and different well-known solutions are examined according their suitability for PROFINET. Based on these findings, we elaborate the necessary adaptions for the deployment on PROFINET.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Open Platform Communication Unified Architecture: A machine to machine (M2M) industrial communication protocol developed by the OPCFouncation 7. Building Automation Control Network: A network protocol for building automation systems developed by the American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) 8.…”

mentioning

confidence: 99%

Challenges and prospects of communication security in real-time ethernet automation systems

Müller

Walz

Kiefer

et al. 2018

2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)

View full text Add to dashboard Cite

show abstract

“…Besides concepts for platform integrity, key distribution and a public key infrastructure [1], [2], the performance of symmetric and asymmetric cryptographic algorithms for confidentiality (encryption) as well as of hash-and block cipher based message authentication codes [3], [4] was evaluated. These results, collected in a final report [5], were rated according to a working assumption of a PROFINET systems with a configured cycle time of 1 ms.…”

Section: Introductionmentioning

confidence: 99%

Protecting PROFINET cyclic real-time traffic: A performance evaluation and verification platform

Müller¹,

Doran²

2018

2018 14th IEEE International Workshop on Factory Communication Systems (WFCS)

View full text Add to dashboard Cite

Abstract-PROFINET is a widely adopted, real-time capable Industrial Ethernet standard, that as other automation system technologies, is subject to an increasing level of vertical integration into company's existing IT infrastructure. This integration exposes automation systems to well-known cyber attacks, which leads to a growing need for suitable security solutions. The challenge in protecting PROFINET automation systems is ensuring the suitability of solutions for use with minimal PROFINET cycle times of 250 µs needed to fulfill high-speed motion control market expectations. We develop a prototype of a transparent security switch, designed to apply protection mechanisms on-the-fly. We use this platform to test an initial implementation of a protection system, present preliminary results and further work.

show abstract

“…In a related publication, the performance of different message authentication code techniques was analyzed more detailed and compared to theoretical estimations [4]. Within the scope of the same research project, considerations on the application of public key infrastructures (PKI) for automation systems [5] as well as on the establishment and storage of cryptographic key material [6] were made. Including a prior threat analysis, all the results of these publications are collected in a final report [7].…”

Section: Introductionmentioning

confidence: 99%

PROFINET Real-Time Protection Layer: Performance Analysis of Cryptographic and Protocol Processing Overhead

Müller¹,

Doran²

2018

2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA)

View full text Add to dashboard Cite

Recent times have seen an increasing demand for access to process-data from the field level through to the Internet. This vertical integration of industrial control systems into the IT infrastructure exhibits major drawbacks in the context of security. Such systems now suffer exposure to cyber security attacks well-known from the IT environment. Successful attacks on industrial control systems can lead to downtimes, malfunction of production machinery, cause financial damage and may present a hazard for human life and health. Current automation communication systems generally lack a comprehensive security concept. PROFINET is a widespread Industrial Ethernet standard, fulfilling general communication requirements on automation systems as well as explicit real-time requirements. We elaborate the challenges of protecting the realtime component of PROFINET. We specify the requirements and a concept for ensuring integrity and authenticity using a keyed-hash message authentication code (HMAC) in combination with the cryptographic hash algorithm SHA-3. With a proof of concept implementation of a PROFINET RT protection layer, the performance overhead for generation and transmission of this HMAC and other required data fields, e.g. to prevent replay attacks, could be analyzed. Based on these data the limitations of security technology on real-time systems were explored as was the optimization potential of hardware acceleration.

show abstract

Automated decentralized IT security supervision in automation networks

Cited by 5 publications

References 1 publication

Challenges and prospects of communication security in real-time ethernet automation systems

Challenges and prospects of communication security in real-time ethernet automation systems

Protecting PROFINET cyclic real-time traffic: A performance evaluation and verification platform

PROFINET Real-Time Protection Layer: Performance Analysis of Cryptographic and Protocol Processing Overhead

Contact Info

Product

Resources

About