mdh.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Initial Trust Establishment for Heterogeneous Industrial Communication Networks
Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research. (ISS (Embedded Systems))ORCID iD: 0000-0002-5361-2196
2014 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information security, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system which may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system which requires authentication and authorization procedures before any emergency action may not be suitable in industrial plants.

Therefore, there is a need for improvement of the security workflow in industrial plants, so that the security can be realized in practice. This also leads to the requirement of secure device deployment and secure data communication inside the industrial plants. In this thesis, the focus is on the initial trust establishment in industrial devices. The initial trust establishment is the starting point for enabling a secure communication infrastructure. Reusability analysis with financial sectors has been considered as the reuse of security solutions from this adjacent application domain can be a simple and an effective way to achieve the desired system security. Through this analysis, the reusability features have been identified and workflows have been proposed which can be used to bootstrap initial trust in the industrial process control devices and manage security workflow. A proof-of-concept implementation to prove the feasibility of the device deployment workflow has also been provided.

Place, publisher, year, edition, pages
Västerås: Mälardalen University , 2014.
Series
Mälardalen University Press Licentiate Theses, ISSN 1651-9256 ; 175
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-24945ISBN: 978-91-7485-149-6 (print)OAI: oai:DiVA.org:mdh-24945DiVA: diva2:715006
Presentation
2014-06-16, Kappa, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2014-04-30 Created: 2014-04-30 Last updated: 2014-05-22Bibliographically approved
List of papers
1. Initial key distribution for industrial wireless sensor networks
Open this publication in new window or tab >>Initial key distribution for industrial wireless sensor networks
2013 (English)In: Proceedings of the IEEE International Conference on Industrial Technology, 2013, 1309-1314 p.Conference paper, Published paper (Refereed)
Abstract [en]

In any security design, the initial secret distribution for further key management solution is a major step. In industrial wireless sensor networks also, initial bootstrapping of the trust in the system is a major concern. The plant can be assumed to be a closed system, where only authenticated and trusted users are allowed to enter. However, wireless being the broadcast medium, wireless devices need to validate their identity to join the networks. So, there is a need for importing some initial secret key to the devices, so that they can be authenticated during the joining process. The standards for Industrial Wireless Sensor Networks (WirelessHART, ISA100.11a) also have left to the user the initial distribution of the key for joining during device provisioning. In this paper, the current industry practice and the pre-requisite of key distribution in industrial wireless sensor networks is discussed and an outline is presented for future research directions. © 2013 IEEE.

Keyword
Industrial Wireless Sensor Networks, Key Distribution, Security
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-19057 (URN)10.1109/ICIT.2013.6505862 (DOI)2-s2.0-84877590045 (Scopus ID)978-1-4673-4568-2 (ISBN)
Conference
2013 IEEE International Conference on Industrial Technology, ICIT 2013; Cape Town; South Africa; 25 February 2013 through 28 February 2013
Available from: 2013-05-24 Created: 2013-05-24 Last updated: 2015-11-09Bibliographically approved
2. Reusability assessment of financial card readers’ security mechanisms in process control devices
Open this publication in new window or tab >>Reusability assessment of financial card readers’ security mechanisms in process control devices
Show others...
2013 (English)In: IEEE International Conference on Industrial Informatics, 2013, 494-499 p.Conference paper, Published paper (Refereed)
Abstract [en]

The security of industrial plants has gained a lot of importance since the last decade. The reason is that the different components from different network layers of automation systems have become inter-connected to support fast and cost-effective decisions at the management level. This inter-connectivity has posed many security challenges in this industrial segment. To achieve effective security mechanisms in industrial plants, there is a need to learn from other existing domains, matured in terms of security, whether existing matured security solutions can be reused in the industrial automation domain. The financial sector is a segment where security has been carefully managed since a long time, as security is very important for that sector. Therefore it would be beneficial to evaluate the security mechanisms present in financial card readers which are involved in financial transactions because these card readers have many similar characteristics with industrial process control devices. In this paper, the security requirements for both the field devices of industrial plants and card reader terminals of the financial sector have been evaluated to understand the security gap so that we can identify the areas where the security needs of industrial plants must be improved and where some of the existing security features of card reader terminals can be reused in field devices of industrial plants.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-22248 (URN)10.1109/INDIN.2013.6622934 (DOI)2-s2.0-84889002420 (Scopus ID)978-1-4799-0752-6 (ISBN)
Conference
2013 11th IEEE International Conference on Industrial Informatics (INDIN), 29-31 July 2013, Bochum, Germany
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2013-11-04 Created: 2013-10-31 Last updated: 2015-11-09Bibliographically approved
3. A Solution for Industrial Device Commissioning along with the Initial Trust Establishment
Open this publication in new window or tab >>A Solution for Industrial Device Commissioning along with the Initial Trust Establishment
2013 (English)In: IECON Proceedings (Industrial Electronics Conference), 2013, 5570-5575 p.Conference paper, Published paper (Refereed)
Abstract [en]

Industrial device commissioning along with the initial distribution of keying material is an important step for the security of industrial plants. An efficient key management system is required in cryptography for both symmetric key or public/private key encryption. Most of the key management system use either pre-installed shared keys or install keys using out-of-band channels. In addition to that, the sensor devices both wired and wireless need to be verified whether it is connected to the correct physical entity since these devices are linked with the physical world. Therefore in industrial plants there is a requirement to automate the trust bootstrapping process, where the devices from upper level in communication network will be aware that the communication device from below level is trusted. In this work, we present a workflow that uses the existing trust mechanism on employees to enable the initial bootstrap of trust in the devices, and also optionally support the commissioning engineer to download the required configuration data in the device as well. Thus, this approach presents a unique solution to the initial trust distribution problem reusing the existing features and facilities in industrial plants

National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-21413 (URN)10.1109/IECON.2013.6700046 (DOI)2-s2.0-84893530660 (Scopus ID)9781479902248 (ISBN)
Conference
39th Annual Conference of the IEEE Industrial Electronics Society, November 10-13, 2013, Vienna, Austria
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2013-09-11 Created: 2013-09-11 Last updated: 2015-11-09Bibliographically approved
4. An Industrial Device Deployment Framework using the Initial Trust Establishment Workflow
Open this publication in new window or tab >>An Industrial Device Deployment Framework using the Initial Trust Establishment Workflow
(English)In: IEEE Transactions on Industrial Informatics, ISSN 1551-3203Article in journal (Refereed) Submitted
National Category
Engineering and Technology
Identifiers
urn:nbn:se:mdh:diva-24944 (URN)
Projects
ITS-EASY Post Graduate School for Embedded Software and Systems
Available from: 2014-04-30 Created: 2014-04-30 Last updated: 2014-05-02Bibliographically approved

Open Access in DiVA

fulltext(677 kB)722 downloads
File information
File name FULLTEXT01.pdfFile size 677 kBChecksum SHA-512
c2a0bb5d3bc497e3852a43a22617a6d4147fd310e8d43effde826eb7a5f0d0afd77f3e15a4eaed0ea47710043029fe3a202c9143e0c7178f8962793999ad0e10
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Ray, Apala
By organisation
School of Innovation, Design and EngineeringEmbedded Systems
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 722 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 947 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf