mdh.sePublications
Change search
Refine search result
1 - 17 of 17
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Fotouhi, Hossein
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Vahabi, Maryam
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Ray, Apala
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research, India.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Reliable Communication in Health Monitoring Applications2016In: The 3rd EAI International Conference on IoT Technologies for HealthCare HealthyIoT'16, Västeraås, Sweden, 2016Conference paper (Refereed)
    Abstract [en]

    Remote health monitoring is one of the emerging IoT applications that has attracted the attention of communication and health sectors in recent years. We enable software defined networking in a wireless sensor network to provide easy reconfiguration and at run-time network management. In this way, we devise a multi-objective decision making approach that is implemented at the network intelligence to find the set of optimal paths that routes physiological data over a wireless medium. In this work, the main considered parameters for reliable data communication are path traffic, path consumed energy, and path length. Using multi-objective optimization technique within a case study, we find the best routes that provide reliable data communication.

  • 2.
    Fotouhi, Hossein
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Vahabi, Maryam
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Ray, Apala
    ABB Corporate Research, India.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    SDN-TAP: An SDN-based Traffic Aware Protocol for Wireless Sensor Networks2016In: 18th International Conference on e-Health Networking, Applictions and Services Healthcom'16, 2016, article id 7749527Conference paper (Refereed)
    Abstract [en]

    Congestion control is a challenging issue in wireless sensor networks with limited channel bandwidth. Thus, many protocols have been designed to provide a distributed traffic control during packet forwarding. However, all these approaches are applied to single-hop communication networks, ignoring the multi-hop restrictions. In this work, we take advantage of software defined networking paradigm by devising a controller node in such a way that it collects all the necessary information from wireless sensor network nodes. Thus, based on hop count and local traffic information, controller decides for possible flow path changes to evenly distribute the traffic. The evaluations revealed that the SDN-TAP outperforms conventional routing protocols by reducing packet loss rate up to 46%.

  • 3.
    Ray, Apala
    Mälardalen University, School of Innovation, Design and Engineering. Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research.
    Initial Trust Establishment for Heterogeneous Industrial Communication Networks2014Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information security, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system which may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system which requires authentication and authorization procedures before any emergency action may not be suitable in industrial plants.

    Therefore, there is a need for improvement of the security workflow in industrial plants, so that the security can be realized in practice. This also leads to the requirement of secure device deployment and secure data communication inside the industrial plants. In this thesis, the focus is on the initial trust establishment in industrial devices. The initial trust establishment is the starting point for enabling a secure communication infrastructure. Reusability analysis with financial sectors has been considered as the reuse of security solutions from this adjacent application domain can be a simple and an effective way to achieve the desired system security. Through this analysis, the reusability features have been identified and workflows have been proposed which can be used to bootstrap initial trust in the industrial process control devices and manage security workflow. A proof-of-concept implementation to prove the feasibility of the device deployment workflow has also been provided.

  • 4.
    Ray, Apala
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research.
    On Pre-deployment Assessment and Security Bootstrapping of Industrial Communication Networks2017Doctoral thesis, monograph (Other academic)
    Abstract [en]

    The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information systems, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system that may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system that requires authentication and authorization procedures before an emergency action may not be suitable in industrial plants. On the other hand, lack of security can hamper safety of a plant. Therefore, there is a need for improvement of the security workflow in industrial plants, so that the practical realization of security can be achieved. This includes secure device deployment and secure data communication inside the industrial plants. Furthermore, the industrial plant networks are heterogeneous in terms of hardware, software, and protocols. This complicates security assessment of industrial networks.

     

    In this thesis, the focus is on achieving a secured communication infrastructure for heterogeneous industrial networks. The initial trust establishment is the starting point for enabling a secure communication infrastructure. A framework for the initial trust establishment for industrial devices that can support key management using the existing trust of employees in a plant is proposed. With the help of a proof-of-concept implementation and security analysis, it is shown that the proposed framework is feasible to implement and satisfies the security objectives. After establishing initial trust within industrial devices, assessing heterogeneous security properties based on the network architecture is another focus of this thesis. A model to estimate the security assurance of nodes in a heterogeneous network, where all devices are not having the same level of security mechanisms, is given. Along with cyber security requirements of industrial plants, it is also necessary to consider other important requirements of plants in terms of network performance. In this thesis, identification of an optimized path between two systems in a heterogeneous network in terms of the network performance and the network security is explored. The applicability of this balancing approach has been demonstrated in a specific case of smart grid application where security, network capacity and reachability need to be optimal for successful network operation.

  • 5.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB Corporate Research, Sweden.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB Corporate Research, Sweden.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Blom, Rolf
    Swedish Institute of Computer Science, Sweden.
    Gidlund, Mikael
    Mid Sweden University, Sweden.
    Applicability of LTE Public Key Infrastructure based device authentication in Industrial Plants2015In: Proceedings - International Computer Software and Applications ConferenceVolume 2,, 2015, p. 510-515Conference paper (Refereed)
    Abstract [en]

    The security in industrial automation domain using cryptography mechansims is being discussed in both industry and academia. An efficient key management system is required to support cryptography for both symmetric key and public/private key encryption. The key managment should ensure that the device is verified before distributing the initial key parameters to devices. The software/firmware used in the device comes from manufacturers, therefore the initial authenticity of the device can be easily verified with the help of manufacturers. Mobile telecommunication is an industrial segment where wireless devices are being used for a long time and the security of the wireless device management has been considered through a standard driven approach. Therefore, it is interesting to analyse the security authentication mechanisms used in mobile communication, specified in Long-Term-Evolution (LTE) standard. This paper analyses the initial device authentication using public key infrastructure in LTE standard, and discusses if, where and how the studied solutions can be tailored for device authenticity verification in industrial plant automation systems.

  • 6.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB; Corporate Research, Sweden .
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, M.
    Mittuniversitet.
    Assessing Security, Capacity and Reachability of a Heterogeneous Industrial Network during Planning Phase2016In: EAI Endorsed Transactions on Security and Safety, ISSN 2032-9393, Vol. 16, no 7Article in journal (Refereed)
    Abstract [en]

    In an industrial plant, there is usually a mix of devices with different levels of security features and computation capabilities. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to security and network performance will be complex. A secure communication path with high latency and low bandwidth may not satisfy the operational requirements in a plant. Therefore, there is a need to assess the relation of security and network performance for overall plant operation. In this work we focus on identifying an optimal flow path between two devices in a multi-hop heterogeneous network. We propose a model and an algorithm to estimate and generate a network path identified by flow performance indicators of a heterogeneous communication network. Through an example, we show how the flow performance metrics change with security, capacity and reachability of the devices in the network.

  • 7.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB; Corporate Research, Sweden .
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB; Corporate Research, Sweden .
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, M.
    ABB AB; Corporate Research, Sweden .
    Initial key distribution for industrial wireless sensor networks2013In: Proceedings of the IEEE International Conference on Industrial Technology, 2013, p. 1309-1314Conference paper (Refereed)
    Abstract [en]

    In any security design, the initial secret distribution for further key management solution is a major step. In industrial wireless sensor networks also, initial bootstrapping of the trust in the system is a major concern. The plant can be assumed to be a closed system, where only authenticated and trusted users are allowed to enter. However, wireless being the broadcast medium, wireless devices need to validate their identity to join the networks. So, there is a need for importing some initial secret key to the devices, so that they can be authenticated during the joining process. The standards for Industrial Wireless Sensor Networks (WirelessHART, ISA100.11a) also have left to the user the initial distribution of the key for joining during device provisioning. In this paper, the current industry practice and the pre-requisite of key distribution in industrial wireless sensor networks is discussed and an outline is presented for future research directions. © 2013 IEEE.

  • 8.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering. ABB Corporate Research.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering. ABB AB; Corporate Research, Sweden .
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering.
    Gidlund, Mikael
    ABB AB; Corporate Research, Sweden .
    An Industrial Device Deployment Framework using the Initial Trust Establishment WorkflowIn: IEEE Transactions on Industrial Informatics, ISSN 1551-3203, E-ISSN 1941-0050Article in journal (Refereed)
  • 9.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    Mid Sweden University, Sweden.
    Balancing Network Performance and Network Security in a Smart Grid Application2016In: 14th International Conference on Industrial Informatics INDIN 2016, 2016, Vol. jan, p. 618-624, article id 7819235Conference paper (Refereed)
    Abstract [en]

    A key aspect of realizing the future smart grid communication solution is a balanced approach between the network performance and the network security during the network deployment. A high security communication flow path is not useful when the network path cannot support capacity and reachability requirements. The deployment phase in communication network can facilitate an optimal network path by focusing on both the network performance and the network security at the same time. In this paper, we describe a use case of smart grid application where security, network capacity and reachability needs to be optimal for successful network operation. We explain our proposed balancing approach of the network performance and the network security which can be useful for the optimal smart grid secure system design.

  • 10.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research, Bangalore, India.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research, Västerås, Sweden.
    Björkman, Mats
    ABB Corporate Research, Västerås, Sweden.
    Gidlund, Mikael
    Mid Sweden University, Sundsvall, Sweden.
    Employee Trust Based Industrial Device Deployment and Initial Key Establishment2016In: International Journal of Network Security & Its Applications, ISSN 0975-2307, E-ISSN 0974-9330, Vol. 8, no 1, p. 21-44Article in journal (Refereed)
    Abstract [en]

    An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.

  • 11.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB; Corporate Research, Sweden .
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    ABB AB; Corporate Research, Sweden .
    Future Research Challenges of Secure Heterogeneous Industrial Communication Networks2016In: 2016 IEEE 21ST INTERNATIONAL CONFERENCE ON EMERGING TECHNOLOGIES AND FACTORY AUTOMATION (ETFA), 2016Conference paper (Refereed)
    Abstract [en]

    A growing concern of cyber threats towards industrial plants has prompted industrial practitioners to focus on secure communication solutions which can protect their systems from vulnerabilities and as well as their brand image. The security concerns and the solutions for industrial communication networks have become well-discussed topics in research communities. Despite a huge research effort in the area of industrial communication network security, there are several issues that need to be addressed properly such that a unified security solution can be adopted in the industrial domain. In this article, we aim to outline the research direction for industrial communication security. Though security is considered as an on-going process, the major issues that still need to be addressed are trust management for heterogeneous networks, managing network performance with security requirements, usable security and key management.

  • 12.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    Mid Sweden University, Sweden.
    POSTER: An approach to Assess Security, Capacity and Reachability for Heterogeneous Industrial Networks2015In: 11th EAI International Conference on Security and Privacy in Communication Networks SecureComm15, 2015Conference paper (Refereed)
    Abstract [en]

    Industrial plants are heterogeneous networks with different computation and communication capabilities along with different security properties. The optimal operation of a plant requires a balance between communication capabilities and security features. A secure communication data flow with high latency and low bandwidth does not provide the required efficiency in a plant. Therefore, we focus on assessing the relation of security, capacity and timeliness properties of an industrial network for overall network performance.

  • 13.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB AB, Corporate Research, Sweden.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    Mid Sweden University, Sweden.
    Towards Security Assurance for Heterogeneous Industrial Networks2015In: IECON 2015 - 41st Annual Conference of the IEEE Industrial Electronics Society, 2015, p. 4488-4493, article id 7392799Conference paper (Refereed)
    Abstract [en]

    Industrial networks have a mix of devices with different security properties. If a mix of devices with various degrees of security features and capabilities communicate, the overall network dynamics with respect to device trust and security of message exchange will be complex. Therefore, there is a need to understand the trust and risk probabilities of devices in a heterogeneous network. This is required for heterogeneous network where the network configuration has to be made based on how trustworthy they are. In this work we focus on assessing security risks for devices and message exchanges. We define the term emph{assurance value} to denote the resilience of a device to security attacks. We study the behavior of a communication network when devices with various degrees of security features exchange messages. We aim to identify the network security properties based on the network architecture. From the study, we propose a model to estimate and predict network security properties in a heterogeneous communication network.

  • 14.
    Ray, Apala
    et al.
    ABB AB; Corporate Research, Sweden.
    Åkerberg, Johan
    ABB AB; Corporate Research, Sweden.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    Mid Sweden University, Sweden.
    Towards Trustworthiness Assessment of Industrial Heterogeneous Networks2015In: 20th IEEE International Conference on Emerging Technologies and Factory Automation ETFA'15, Institute of Electrical and Electronics Engineers Inc. , 2015Conference paper (Refereed)
    Abstract [en]

    In industrial plants, there is a mix of devices with different security features and capabilities. If there is a mix of devices with various degree of security levels, then this will create independent islands in a network with similar levels of security features. However, the industrial plant is interconnected for the purpose of reducing cost of monitoring with a centralized control center. Therefore, the different islands also need to communicate with each other to improve the asset management efficiency in a plant. In this work we aim to focus on the trustworthiness assessment of devices in industrial plant networks in term of node value. We study the behavior of industrial plant networks when devices with various degrees of security features communicate. We aim to identify network properties which influence the overall network behavior. From the study, we have found that the communication path, the order of different communication paths and the number of specific types of nodes affect the final trustworthiness of devices in the network.

  • 15.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    ABB Corporate Research, Sweden .
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    A Solution for Industrial Device Commissioning along with the Initial Trust Establishment2013In: IECON Proceedings (Industrial Electronics Conference), 2013, p. 5570-5575Conference paper (Refereed)
    Abstract [en]

    Industrial device commissioning along with the initial distribution of keying material is an important step for the security of industrial plants. An efficient key management system is required in cryptography for both symmetric key or public/private key encryption. Most of the key management system use either pre-installed shared keys or install keys using out-of-band channels. In addition to that, the sensor devices both wired and wireless need to be verified whether it is connected to the correct physical entity since these devices are linked with the physical world. Therefore in industrial plants there is a requirement to automate the trust bootstrapping process, where the devices from upper level in communication network will be aware that the communication device from below level is trusted. In this work, we present a workflow that uses the existing trust mechanism on employees to enable the initial bootstrap of trust in the devices, and also optionally support the commissioning engineer to download the required configuration data in the device as well. Thus, this approach presents a unique solution to the initial trust distribution problem reusing the existing features and facilities in industrial plants

  • 16.
    Ray, Apala
    et al.
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Åkerberg, Johan
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Gidlund, Mikael
    ABB AB.
    Björkman, Mats
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Tremlet, Christophe
    Maxim Integrated.
    Reusability assessment of financial card readers’ security mechanisms in process control devices2013In: IEEE International Conference on Industrial Informatics, 2013, p. 494-499Conference paper (Refereed)
    Abstract [en]

    The security of industrial plants has gained a lot of importance since the last decade. The reason is that the different components from different network layers of automation systems have become inter-connected to support fast and cost-effective decisions at the management level. This inter-connectivity has posed many security challenges in this industrial segment. To achieve effective security mechanisms in industrial plants, there is a need to learn from other existing domains, matured in terms of security, whether existing matured security solutions can be reused in the industrial automation domain. The financial sector is a segment where security has been carefully managed since a long time, as security is very important for that sector. Therefore it would be beneficial to evaluate the security mechanisms present in financial card readers which are involved in financial transactions because these card readers have many similar characteristics with industrial process control devices. In this paper, the security requirements for both the field devices of industrial plants and card reader terminals of the financial sector have been evaluated to understand the security gap so that we can identify the areas where the security needs of industrial plants must be improved and where some of the existing security features of card reader terminals can be reused in field devices of industrial plants.

  • 17.
    Talha, Batool
    et al.
    Silicon Laboratories Norway AS, Norway.
    Ray, Apala
    Indian Corporate Research Center, ABB Global Industries & Services Pvt. Ltd., India.
    A Framework for MAC Layer Wireless Intrusion Detection & Response for Smart Grid Applications2016In: 14th International Conference on Industrial Informatics INDIN 2016, 2016Conference paper (Refereed)
    Abstract [en]

    The next-generation electrical power system is focusing on reliable, automated, and secure power grid by using information and communication technology (ICT). To realize the new generation of power grid, the communication network is a decisive piece of the entire smart grid. Communication infrastructure in smart grids is a combination of both wired and wireless technologies. The salient features of wireless technology makes it attractive but the easy access to the radio medium in wireless communication increases the risk of security attacks. Consequently, the concern for cyber security has become an important issue to be addressed in a smart grid network. Intrusion detection and response to these intrusions in a timely manner is a way to improve system integrity. In this paper, we focus on a medium access control (MAC) layer intrusion detection system for wireless networks in smart grids. We propose a multi-level intrusion detection response system (IDRS) framework based on the perception of defense-in-depth. Through a simple simulation study, we verify the working of our proposed framework.

1 - 17 of 17
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf