mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Introducing Security Modules in PROFINET IO
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0002-7159-7508
Mälardalen University, School of Innovation, Design and Engineering.
2009 (English)In: 14th IEEE International Conference on Emerging Technologies and Factory Automation, Mallorca, Spain: IEEE , 2009, p. 1-8Conference paper, Published paper (Refereed)
Abstract [en]

In this paper we show that it is possible to retrofit a security layer on top of PROFINET IO without changing the underlying transmission system or standards. By introducing security modules, end-to-end network security can be achieved and ensure authentication, integrity and confidentiality for real-time communication.

The concept of security modules is a flexible framework and countermeasures can be changed, as security threats and exploits are changing over time. A proof-of-concept implementation shows that it is possible to implement security modules on existing products and secure them against, for example, man-in-the-middle attacks.

Place, publisher, year, edition, pages
Mallorca, Spain: IEEE , 2009. p. 1-8
Identifiers
URN: urn:nbn:se:mdh:diva-7333DOI: 10.1109/ETFA.2009.5347205ISI: 000355314000210Scopus ID: 2-s2.0-77949881635ISBN: 978-1-4244-2727-7 (print)OAI: oai:DiVA.org:mdh-7333DiVA, id: diva2:245920
Available from: 2009-10-08 Created: 2009-10-08 Last updated: 2018-08-21Bibliographically approved
In thesis
1. On Security in Safety-Critical Process Control
Open this publication in new window or tab >>On Security in Safety-Critical Process Control
2009 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

This Licentiate thesis is about security in automation networks with emphasis on fieldbus communication. In the process industry, network and system security have become even more important since the introduction of Ethernet-based fieldbus protocols. As an example, a successful attack on a power plant, supporting large cities with energy, could result in a temporal but total power loss. Such attacks could be devastating for the society. The security threats are real, and motivations for attacking industrial communication systems may be political or economical.

The visions of autonomous systems, which can be supervised, diagnosed and maintained from remote is not far from reality, but stress the need for security and safety measures. Wired fieldbus protocols are mature when it comes to safety and there are existing standards for safe communication. In a setup like an autonomous system security measures over safe communication has to be taken into account.

The state-of-the-art in automation security is to use firewalls to restrict incoming and outgoing traffic to the networks. Firewalls can be deployed between different automation networks, i.e. server, control, and fieldbus networks, and even protect a single automation cell with a dedicated firewall. If an adversary can penetrate the perimeter defenses, no other security countermeasures exist in process automation to protect the safety-critical communication from sabotage.

In this thesis we initially explore the possibilities of security attacks on the automation protocols PROFINET IO and PROFIsafe. We show that it is possible to attack safety-related communication to take control of safety-critical fieldbus nodes. We propose the concept of Security Modules in combination with PROFINET IO and PROFIsafe to achieve safe and secure real-time fieldbus communication.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2009
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 110
National Category
Information Systems
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-7334 (URN)978-91-86135-42-3 (ISBN)
Presentation
2009-11-13, Kappa, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2009-10-14 Created: 2009-10-08 Last updated: 2018-01-13Bibliographically approved
2. On Safe and Secure Communication in Process Automation
Open this publication in new window or tab >>On Safe and Secure Communication in Process Automation
2011 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

In the process industry, network and system security have become important since the introduction of Ethernet-based fieldbus protocols. As an example, a successful attack on a power plant, supporting large cities with energy, could result in a temporal but total power loss. Such attacks could be devastating for the society. The security threats are real, and motivations for attacking industrial communication systems may be political or economical.

The visions of autonomous systems, which can be supervised, diagnosed and maintained from remote is not far from reality, but stress the need for security and safety measures. Wired fieldbus protocols are mature with respect to safety and there are existing standards for safe communication. However, the wired fieldbuses lack adequate security measures to be deployed in industrial automation. In wireless sensor networks security is addressed thoroughly in the standards, but is not mature with respect to safety. Future automation systems need ideally to seamlessly support safety and security in heterogeneous networks while hiding the complexity for the end-users in order to successfully manage large-scale industrial production.

This thesis presents one feasible solution towards safe and secure communication in heterogeneous industrial networks for process control. The presented solution addresses several other important aspects such that engineering efficiency, transparency, possibilities for retrofitting, coexistence with international standards in order to protect the return-of-investment of products, systems, and installed base within the area of process automation. Field trials show that several improvements of wireless sensor networks with respect to determinism in both the uplink and the downlink are needed. This is not only true when it comes to the research problems addressed within the scope of this thesis, but rather a necessity for market acceptance and deployment in process automation in general. The major contribution of this thesis is a method that enables end-to-end safe and secure communication in heterogeneous automation networks without major changes in existing standards, while preserving engineering and integration efficiency.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2011
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 109
National Category
Computer Engineering
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-13079 (URN)978-91-7485-039-0 (ISBN)
Public defence
2011-11-25, Paros, Mälardalens högskola, Västerås, 10:00 (English)
Opponent
Supervisors
Available from: 2011-10-10 Created: 2011-10-03 Last updated: 2018-01-12Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records BETA

Åkerberg, Johan

Search in DiVA

By author/editor
Åkerberg, JohanBjörkman, Mats
By organisation
School of Innovation, Design and Engineering

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 124 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf