mdh.sePublikasjoner
Endre søk
Link to record
Permanent link

Direct link
BETA
Alternativa namn
Publikasjoner (10 av 14) Visa alla publikasjoner
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Assessing Security, Capacity and Reachability of a Heterogeneous Industrial Network during Planning Phase. EAI Endorsed Transactions on Security and Safety, 16(7)
Åpne denne publikasjonen i ny fane eller vindu >>Assessing Security, Capacity and Reachability of a Heterogeneous Industrial Network during Planning Phase
2016 (engelsk)Inngår i: EAI Endorsed Transactions on Security and Safety, ISSN 2032-9393, Vol. 16, nr 7Artikkel i tidsskrift, Editorial material (Fagfellevurdert) Published
Abstract [en]

In an industrial plant, there is usually a mix of devices with different levels of security features and computation capabilities. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to security and network performance will be complex. A secure communication path with high latency and low bandwidth may not satisfy the operational requirements in a plant. Therefore, there is a need to assess the relation of security and network performance for overall plant operation. In this work we focus on identifying an optimal flow path between two devices in a multi-hop heterogeneous network. We propose a model and an algorithm to estimate and generate a network path identified by flow performance indicators of a heterogeneous communication network. Through an example, we show how the flow performance metrics change with security, capacity and reachability of the devices in the network.

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-33069 (URN)
Tilgjengelig fra: 2016-09-05 Laget: 2016-09-05 Sist oppdatert: 2018-02-27bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Balancing Network Performance and Network Security in a Smart Grid Application. In: 14th International Conference on Industrial Informatics INDIN 2016: . Paper presented at 14th IEEE International Conference on Industrial Informatics, INDIN 2016; Palais des Congres du FuturoscopePoitiers; France; 19 July 2016 through 21 July 2016; Category numberCFP16INI-ART; Code 126001 (pp. 618-624). , jan, Article ID 7819235.
Åpne denne publikasjonen i ny fane eller vindu >>Balancing Network Performance and Network Security in a Smart Grid Application
2016 (engelsk)Inngår i: 14th International Conference on Industrial Informatics INDIN 2016, 2016, Vol. jan, s. 618-624, artikkel-id 7819235Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A key aspect of realizing the future smart grid communication solution is a balanced approach between the network performance and the network security during the network deployment. A high security communication flow path is not useful when the network path cannot support capacity and reachability requirements. The deployment phase in communication network can facilitate an optimal network path by focusing on both the network performance and the network security at the same time. In this paper, we describe a use case of smart grid application where security, network capacity and reachability needs to be optimal for successful network operation. We explain our proposed balancing approach of the network performance and the network security which can be useful for the optimal smart grid secure system design.

Serie
IEEE International Conference on Industrial Informatics (INDIN), ISSN 1935-4576
Emneord
Smart Grid, Network Assessment, Planning, Security, Network Performance
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-32872 (URN)10.1109/INDIN.2016.7819235 (DOI)000393551200094 ()2-s2.0-85012867806 (Scopus ID)9781509028702 (ISBN)
Konferanse
14th IEEE International Conference on Industrial Informatics, INDIN 2016; Palais des Congres du FuturoscopePoitiers; France; 19 July 2016 through 21 July 2016; Category numberCFP16INI-ART; Code 126001
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and Systems
Tilgjengelig fra: 2016-08-31 Laget: 2016-08-24 Sist oppdatert: 2018-07-26bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Employee Trust Based Industrial Device Deployment and Initial Key Establishment. International Journal of Network Security & Its Applications, 8(1), 21-44
Åpne denne publikasjonen i ny fane eller vindu >>Employee Trust Based Industrial Device Deployment and Initial Key Establishment
2016 (engelsk)Inngår i: International Journal of Network Security & Its Applications, ISSN 0975-2307, E-ISSN 0974-9330, Vol. 8, nr 1, s. 21-44Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.

Emneord
Key Distribution, Industrial Communication Security, Device deployment, Initial Trust, Device Authentication, AVISPA.
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-32808 (URN)10.5121/ijnsa.2016.8102 (DOI)
Eksternt samarbeid:
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and Systems
Tilgjengelig fra: 2016-08-25 Laget: 2016-08-24 Sist oppdatert: 2017-11-28bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2016). Future Research Challenges of Secure Heterogeneous Industrial Communication Networks. In: 2016 IEEE 21ST INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA): . Paper presented at 21st IEEE Conference on Emerging Technologies and Factory Automation, OWL Univ Appl Sci, Fraunhofer IOSB INA, Berlin, GERMANY, Sep. 6-9, 2016.
Åpne denne publikasjonen i ny fane eller vindu >>Future Research Challenges of Secure Heterogeneous Industrial Communication Networks
2016 (engelsk)Inngår i: 2016 IEEE 21ST INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2016Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

A growing concern of cyber threats towards industrial plants has prompted industrial practitioners to focus on secure communication solutions which can protect their systems from vulnerabilities and as well as their brand image. The security concerns and the solutions for industrial communication networks have become well-discussed topics in research communities. Despite a huge research effort in the area of industrial communication network security, there are several issues that need to be addressed properly such that a unified security solution can be adopted in the industrial domain. In this article, we aim to outline the research direction for industrial communication security. Though security is considered as an on-going process, the major issues that still need to be addressed are trust management for heterogeneous networks, managing network performance with security requirements, usable security and key management.

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-33068 (URN)10.1109/ETFA.2016.7733732 (DOI)000389524200236 ()2-s2.0-84996558258 (Scopus ID)978-1-5090-1314-2 (ISBN)
Konferanse
21st IEEE Conference on Emerging Technologies and Factory Automation, OWL Univ Appl Sci, Fraunhofer IOSB INA, Berlin, GERMANY, Sep. 6-9, 2016
Tilgjengelig fra: 2016-09-05 Laget: 2016-09-05 Sist oppdatert: 2018-02-27bibliografisk kontrollert
Fotouhi, H., Vahabi, M., Ray, A. & Björkman, M. (2016). SDN-TAP: An SDN-based Traffic Aware Protocol for Wireless Sensor Networks. In: 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16: . Paper presented at 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 14-17 Sep 2016, Munich, Germany. , Article ID 7749527.
Åpne denne publikasjonen i ny fane eller vindu >>SDN-TAP: An SDN-based Traffic Aware Protocol for Wireless Sensor Networks
2016 (engelsk)Inngår i: 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 2016, artikkel-id 7749527Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Congestion control is a challenging issue in wireless sensor networks with limited channel bandwidth. Thus, many protocols have been designed to provide a distributed traffic control during packet forwarding. However, all these approaches are applied to single-hop communication networks, ignoring the multi-hop restrictions. In this work, we take advantage of software defined networking paradigm by devising a controller node in such a way that it collects all the necessary information from wireless sensor network nodes. Thus, based on hop count and local traffic information, controller decides for possible flow path changes to evenly distribute the traffic. The evaluations revealed that the SDN-TAP outperforms conventional routing protocols by reducing packet loss rate up to 46%.

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-32889 (URN)10.1109/HealthCom.2016.7749527 (DOI)000391459700110 ()2-s2.0-85006379991 (Scopus ID)9781509033706 (ISBN)
Konferanse
18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 14-17 Sep 2016, Munich, Germany
Prosjekter
READY - Research Environment for Advancing Low Latency Internet
Tilgjengelig fra: 2016-08-29 Laget: 2016-08-24 Sist oppdatert: 2017-02-02bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M., Blom, R. & Gidlund, M. (2015). Applicability of LTE Public Key Infrastructure based device authentication in Industrial Plants. In: Proceedings - International Computer Software and Applications ConferenceVolume 2,: . Paper presented at The 39th Annual International Computers, Software & Applications Conference COMPSAC'15, 1-5 Jul 2015, Taichung, Taiwan (pp. 510-515).
Åpne denne publikasjonen i ny fane eller vindu >>Applicability of LTE Public Key Infrastructure based device authentication in Industrial Plants
Vise andre…
2015 (engelsk)Inngår i: Proceedings - International Computer Software and Applications ConferenceVolume 2,, 2015, s. 510-515Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

The security in industrial automation domain using cryptography mechansims is being discussed in both industry and academia. An efficient key management system is required to support cryptography for both symmetric key and public/private key encryption. The key managment should ensure that the device is verified before distributing the initial key parameters to devices. The software/firmware used in the device comes from manufacturers, therefore the initial authenticity of the device can be easily verified with the help of manufacturers. Mobile telecommunication is an industrial segment where wireless devices are being used for a long time and the security of the wireless device management has been considered through a standard driven approach. Therefore, it is interesting to analyse the security authentication mechanisms used in mobile communication, specified in Long-Term-Evolution (LTE) standard. This paper analyses the initial device authentication using public key infrastructure in LTE standard, and discusses if, where and how the studied solutions can be tailored for device authenticity verification in industrial plant automation systems.

HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-29233 (URN)10.1109/COMPSAC.2015.61 (DOI)000380584300070 ()2-s2.0-84962148518 (Scopus ID)978-1-4673-6563-5 (ISBN)
Konferanse
The 39th Annual International Computers, Software & Applications Conference COMPSAC'15, 1-5 Jul 2015, Taichung, Taiwan
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and Systems
Tilgjengelig fra: 2015-10-06 Laget: 2015-09-29 Sist oppdatert: 2017-05-29bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). POSTER: An approach to Assess Security, Capacity and Reachability for Heterogeneous Industrial Networks. In: 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15: . Paper presented at 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 26-29 Oct 2015, DALLAS, United States.
Åpne denne publikasjonen i ny fane eller vindu >>POSTER: An approach to Assess Security, Capacity and Reachability for Heterogeneous Industrial Networks
2015 (engelsk)Inngår i: 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 2015Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Industrial plants are heterogeneous networks with different computation and communication capabilities along with different security properties. The optimal operation of a plant requires a balance between communication capabilities and security features. A secure communication data flow with high latency and low bandwidth does not provide the required efficiency in a plant. Therefore, we focus on assessing the relation of security, capacity and timeliness properties of an industrial network for overall network performance.

Serie
ecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST, ISSN 1867-8211
Emneord
Security Modeling, Network Assessment, Routing, Path Planning
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-29638 (URN)10.1007/978-3-319-28865-9_34 (DOI)2-s2.0-84958093668 (Scopus ID)
Konferanse
11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 26-29 Oct 2015, DALLAS, United States
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and SystemsEmbedded Systems - Adjungerad lektor Johan Åkerberg
Tilgjengelig fra: 2015-12-11 Laget: 2015-11-26 Sist oppdatert: 2016-03-03bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). Towards Security Assurance for Heterogeneous Industrial Networks. In: IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society: . Paper presented at 41st Annual Conference of the IEEE Industrial Electronics Society, IECON 2015; Pacifico YokohamaYokohama; Japan; 9 November 2015 through 12 November 2015; Category numberCFP15IEC-ART; Code 119153 (pp. 4488-4493). , Article ID 7392799.
Åpne denne publikasjonen i ny fane eller vindu >>Towards Security Assurance for Heterogeneous Industrial Networks
2015 (engelsk)Inngår i: IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, 2015, s. 4488-4493, artikkel-id 7392799Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Industrial networks have a mix of devices with different security properties. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to device trust and security of message exchange will be complex. Therefore, there is a need to understand the trust and risk probabilities of devices in a heterogeneous network. This is required for heterogeneous network where the network configuration has to be made based on how trustworthy they are. In this work we focus on assessing security risks for devices and message exchanges. We define the term emph{assurance value} to denote the resilience of a device to security attacks. We study the behavior of a communication network when devices with various degrees of security features exchange messages. We aim to identify the network security properties based on the network architecture. From the study, we propose a model to estimate and predict network security properties in a heterogeneous communication network.

Emneord
Security Modeling, Network Assessment, Assurance Value, Risk Computation
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-29639 (URN)10.1109/IECON.2015.7392799 (DOI)000382950704078 ()2-s2.0-84973125369 (Scopus ID)
Konferanse
41st Annual Conference of the IEEE Industrial Electronics Society, IECON 2015; Pacifico YokohamaYokohama; Japan; 9 November 2015 through 12 November 2015; Category numberCFP15IEC-ART; Code 119153
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and SystemsEmbedded Systems - Adjungerad lektor Johan Åkerberg
Tilgjengelig fra: 2015-12-10 Laget: 2015-11-26 Sist oppdatert: 2017-05-29bibliografisk kontrollert
Ray, A., Åkerberg, J., Björkman, M. & Gidlund, M. (2015). Towards Trustworthiness Assessment of Industrial Heterogeneous Networks. In: 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15: . Paper presented at 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, 8-11 Sep 2015, Luxemburg, Luxemburg. Institute of Electrical and Electronics Engineers Inc.
Åpne denne publikasjonen i ny fane eller vindu >>Towards Trustworthiness Assessment of Industrial Heterogeneous Networks
2015 (engelsk)Inngår i: 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, Institute of Electrical and Electronics Engineers Inc. , 2015Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

In industrial plants, there is a mix of devices with different security features and capabilities. If there is a mix of devices with various degree of security levels, then this will create independent islands in a network with similar levels of security features. However, the industrial plant is interconnected for the purpose of reducing cost of monitoring with a centralized control center. Therefore, the different islands also need to communicate with each other to improve the asset management efficiency in a plant. In this work we aim to focus on the trustworthiness assessment of devices in industrial plant networks in term of node value. We study the behavior of industrial plant networks when devices with various degrees of security features communicate. We aim to identify network properties which influence the overall network behavior. From the study, we have found that the communication path, the order of different communication paths and the number of specific types of nodes affect the final trustworthiness of devices in the network.

sted, utgiver, år, opplag, sider
Institute of Electrical and Electronics Engineers Inc., 2015
Serie
EEE International Conference on Emerging Technologies and Factory Automation, ETFA, ISSN 1946-0740
Emneord
Industrial Communication Security, Security Modeling, Network Analysis, Device Trust
HSV kategori
Identifikatorer
urn:nbn:se:mdh:diva-30028 (URN)10.1109/ETFA.2015.7301548 (DOI)000378564800149 ()2-s2.0-84952905864 (Scopus ID)9781467379304 (ISBN)
Konferanse
20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, 8-11 Sep 2015, Luxemburg, Luxemburg
Prosjekter
ITS-EASY Post Graduate School for Embedded Software and Systems
Tilgjengelig fra: 2015-12-19 Laget: 2015-12-18 Sist oppdatert: 2016-07-28bibliografisk kontrollert
Ray, A. (2014). Initial Trust Establishment for Heterogeneous Industrial Communication Networks. (Licentiate dissertation). Västerås: Mälardalen University
Åpne denne publikasjonen i ny fane eller vindu >>Initial Trust Establishment for Heterogeneous Industrial Communication Networks
2014 (engelsk)Licentiatavhandling, med artikler (Annet vitenskapelig)
Abstract [en]

The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information security, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system which may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system which requires authentication and authorization procedures before any emergency action may not be suitable in industrial plants.

Therefore, there is a need for improvement of the security workflow in industrial plants, so that the security can be realized in practice. This also leads to the requirement of secure device deployment and secure data communication inside the industrial plants. In this thesis, the focus is on the initial trust establishment in industrial devices. The initial trust establishment is the starting point for enabling a secure communication infrastructure. Reusability analysis with financial sectors has been considered as the reuse of security solutions from this adjacent application domain can be a simple and an effective way to achieve the desired system security. Through this analysis, the reusability features have been identified and workflows have been proposed which can be used to bootstrap initial trust in the industrial process control devices and manage security workflow. A proof-of-concept implementation to prove the feasibility of the device deployment workflow has also been provided.

sted, utgiver, år, opplag, sider
Västerås: Mälardalen University, 2014
Serie
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 175
HSV kategori
Forskningsprogram
datavetenskap
Identifikatorer
urn:nbn:se:mdh:diva-24945 (URN)978-91-7485-149-6 (ISBN)
Presentation
2014-06-16, Kappa, Mälardalens högskola, Västerås, 13:15 (engelsk)
Opponent
Veileder
Tilgjengelig fra: 2014-04-30 Laget: 2014-04-30 Sist oppdatert: 2014-05-22bibliografisk kontrollert
Organisasjoner
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0002-5361-2196