mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security Considerations for the WirelessHART Protocol
Mälardalen University, School of Innovation, Design and Engineering.ORCID iD: 0000-0001-8192-0893
2009 (English)In: Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on, 2009, 1-8 p.Conference paper, Published paper (Refereed)
Abstract [en]

WirelessHART is a secure and reliable communication standard for industrial process automation. The WirelessHART specifications are well organized in all aspects exceptsecurity: there are no separate specifications of security requirements or features. Rather,security mechanisms are described throughout the documentation. This hinders implementation of the standard and development of applications since it requires profound knowledge of all the core specifications on the part of the developer. In this paper we provide a comprehensive overview of WirelessHART security: we analyze the providedsecurity mechanisms against well known threats in the wireless medium, and propose recommendations to mitigate shortcomings. Furthermore, we elucidate the specifications of the security manager, its placement in the network, and interaction with the network manager.

Place, publisher, year, edition, pages
2009. 1-8 p.
Identifiers
URN: urn:nbn:se:mdh:diva-12283DOI: 10.1109/ETFA.2009.5347043Scopus ID: 2-s2.0-77949891992ISBN: 978-1-4244-2727-7 (print)OAI: oai:DiVA.org:mdh-12283DiVA: diva2:418312
Conference
Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on
Note
(c) 2011 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.Available from: 2011-05-24 Created: 2011-05-21 Last updated: 2014-10-07Bibliographically approved
In thesis
1. Securing Communication in IP-Connected Industrial Wireless Sensor Networks
Open this publication in new window or tab >>Securing Communication in IP-Connected Industrial Wireless Sensor Networks
2011 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

With the advent of wireless sensor networks (WSN) and success of wirelesscommunication in the local and personal area networks such asWi-Fi and Bluetoothmore serious efforts to apply standard wireless communication in sensitiveindustrial networks were initiated. This effort resulted in the standardizationof WirelessHART. Other standardization efforts include ISA 100.11a andZigBee. Keeping in mind the nature of wireless communication and sensitivityof industrial environments security of these network gets greater importance.

In this thesis we work on security issues in industrial WSN in general andIP-connected WSN in particular. Currently WirelessHART is the only approvedstandard for secure wireless communication in industrial WSNs. Westart our work with the analysis of security mechanisms in WirelessHART.We propose solutions for the security shortcomings in WirelessHART, and designand implement the missing security components. Particularly, we specify,design, implement, and evaluate the first open security manager for WirelessHARTnetworks.

With the standardization of IP in WSNs (6LoWPAN) and birth of Internetof Things the need for IP communication in industrial WSN is getting importance.The recently proposed ISA 100.11a standard is IP-based since its inception.Also standardization efforts are in progress to apply IP in WirelessHARTand Zigbee. Recently, WSNs and traditional IP networks are more tightly integratedusing IPv6 and 6LoWPAN. We realize the importance of having aninteroperable standardized secure IP communication in industrial WSNs. IPSecurity (IPsec) is a mandatory security solution in IPv6. We propose to useIPsec for 6LoWPAN enabled industrial WSNs. However, it is not meaningfulto use IPsec in its current form in resource constrained WSNs. In additionto providing security solutions for WirelessHART, in this thesis we also specify,design, implement, and extensively evaluate lightweight IPsec that enablesend-to-end secure communication between a node in a 6LoWPAN and a device in the traditional Internet. Our results show that lightweight IPsec is a sensibleand practical solution for securing WSN.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2011
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 135
Keyword
Wireless Sensor Networks, Security, 6LoWPAN, IPsec, WirelessHART
National Category
Computer Science
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-12261 (URN)978-91-7485-021-5 (ISBN)
Presentation
2011-06-13, Kappa, Mälardalen University, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2011-05-24 Created: 2011-05-16 Last updated: 2014-10-07Bibliographically approved
2. Lightweight Security Solutions for the Internet of Things
Open this publication in new window or tab >>Lightweight Security Solutions for the Internet of Things
2013 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations.

Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.

The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important.

This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes.

The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.

Place, publisher, year, edition, pages
Västerås: Mälardalen University, 2013
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 139
Keyword
Security, Internet of Things, 6LoWPAN, CoAP, RPL, Secure Storage, IDS, DTLS, IPsec
National Category
Engineering and Technology
Research subject
Computer Science
Identifiers
urn:nbn:se:mdh:diva-18863 (URN)978-91-7485-110-6 (ISBN)
Public defence
2013-06-05, Kappa, Mälardalens högskola, Västerås, 10:15 (English)
Opponent
Supervisors
Available from: 2013-05-02 Created: 2013-04-30 Last updated: 2014-10-07Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Raza, Shahid
By organisation
School of Innovation, Design and Engineering

Search outside of DiVA

GoogleGoogle Scholar

Altmetric score

Total: 654 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf