An efficient key management system is required to support cryptography. Most key management systems use either pre-installed shared keys or install initial security parameters using out-of-band channels. These methods create an additional burden for engineers who manage the devices in industrial plants. Hence, device deployment in industrial plants becomes a challenging task in order to achieve security. In this work, we present a device deployment framework that can support key management using the existing trust towards employees in a plant. This approach reduces the access to initial security parameters by employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach presents a unique solution to the device deployment problem. Further, through a proof-of-concept implementation and security analysis using the AVISPA tool, we present that our framework is feasible to implement and satisfies our security objectives.
IRJET- Image Steganography using Pixel Pattern Matching in Cloud Data Sto...IRJET Journal
This document summarizes a research paper on using image steganography and pixel pattern matching for secure data storage in cloud computing. The paper proposes a technique where user authentication involves clicking points on an image to generate a secret key for encrypting files before uploading to the cloud. When another authorized user requests the file, the key is shared through email and the user can download and decrypt the file using the key. The technique aims to address authentication and security issues in cloud data storage by hiding encryption keys in graphical passwords generated from pixel coordinates on images.
The document provides guidance on securing industrial control systems through a defense-in-depth approach. It summarizes the Purdue Model for Control Hierarchy, which defines five zones and six levels of operations for industrial control systems. It then presents a reference architecture based on this model, with multiple zones and security controls between the enterprise, manufacturing and process zones. Specifically, it identifies security patterns and controls for access control, log management, network security and remote access that are critical for industrial control system security.
The document provides an overview of key security engineering activities that should be integrated into the software development lifecycle (SDLC). It discusses securing each phase of development through threat modeling, secure coding practices like code reviews, and security testing. The goal is to build security into applications from the start to help prevent vulnerabilities and deliver more robust products.
Privacy Protection in Distributed Industrial Systemiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
The document discusses security engineering design guidelines and system survivability. It covers:
1) Design guidelines that help make secure design decisions and raise security awareness.
2) Guidelines for avoiding single points of failure, failing securely, balancing security and usability, and more.
3) Designing for deployment to minimize vulnerabilities introduced during configuration and installation.
4) Ensuring systems can continue essential services when under attack through resilience and recoverability.
An Overview of Information Systems Security Measures in Zimbabwean Small and ...researchinventy
This paper reports on the Information Systems (IS) securitymeasures implemented by small and medium size enterprises (SMEs) in Zimbabwe. A survey questionnaire was distributed to 32 randomly selected participants in order to investigate the security measures and practices in their respective organisations. The results indicated that over 50% of the respondents had installed firewalls, while more than 80% carried out regular software updates and none of the respondents had intrusion detection systems. The researchers recommended that SMEs work to enhance their knowledge on the different IS threats in order to enable the implementation of preventive measures.
IRJET- Machine Learning Processing for Intrusion DetectionIRJET Journal
This document evaluates different machine learning algorithms for network intrusion detection using the KDD dataset. It analyzes the accuracy of logistic regression, naive bayes, support vector machine, K-nearest neighbor, and decision tree classifiers based on their confusion matrices and receiver operating characteristic curves. The results show that the decision tree algorithm achieved the highest accuracy rate of 99.83% on the KDD dataset for intrusion detection.
ENGINEERING LIFE CYCLE ENABLES PENETRATION TESTING AND CYBER OPERATIONSIJMIT JOURNAL
This document discusses how proper engineering processes and life cycle management are important for cybersecurity operations and penetration testing. Rushing innovation undermines security foundations. Effective engineering adds security even after implementation. Current computer systems fail to manage risks properly and focus too much on reactive responses instead of addressing root causes like lack of planning. Proper system design, monitoring, and maintenance over the full life cycle are needed to build secure and stable systems. Personnel issues around training and risk management priorities also undermine security. Adopting full engineering practices and addressing organizational and human factors are necessary to improve current fragile security postures.
This document discusses software security engineering. It covers security concepts like assets, vulnerabilities and threats. It discusses why security engineering is important to protect systems from malicious attackers. The document outlines security risk management processes like preliminary risk assessment. It also discusses designing systems for security through architectural choices that provide protection and distributing assets. The document concludes by covering system survivability through building resistance, recognition and recovery capabilities into systems.
This document summarizes key topics from a lecture on security engineering, including design guidelines for security, design for deployment, and system survivability. The design guidelines encourage basing decisions on an explicit security policy, avoiding single points of failure, and failing securely. Deployment issues like vulnerable defaults and access permissions are addressed. Finally, resilience strategies like resistance, recognition and recovery are discussed to help systems continue operating during attacks.
This document provides an overview of topics in chapter 13 on security engineering. It discusses security and dependability, security dimensions of confidentiality, integrity and availability. It also outlines different security levels including infrastructure, application and operational security. Key aspects of security engineering are discussed such as secure system design, security testing and assurance. Security terminology and examples are provided. The relationship between security and dependability factors like reliability, availability, safety and resilience is examined. The document also covers security in organizations and the role of security policies.
- Wireless sensor networks are vulnerable to security attacks due to their distributed nature, multi-hop communication, and lack of resources. Intrusion detection systems play an important role in detecting attacks.
- There are three main types of intrusion detection systems: signature-based, anomaly-based, and specification-based (a hybrid of the two). Signature-based systems detect known attacks but miss new ones, while anomaly-based systems can detect new attacks but have high false positives.
- The paper compares these intrusion detection systems for wireless sensor networks and finds that anomaly-based systems have the lowest resource usage but may miss known attacks, while signature-based systems detect known attacks but use more resources. The best approach
SECURE SERVICES: INTEGRATING SECURITY DIMENSION INTO THE SA&D cscpconf
Services security is often assimilated to a set of software solutions (Firewall, data encryption.) but rarely consider the organizational security rules as a fundamental part of the Services security policy. With the increasing use of new Services architectures (Open Services architecture, distributed database, multi web server, multi-tier application servers) security leaks become crucial and every security problem is harmful to the organization business continuity. To reduce and detect major security risks at an earlier step of the Services project, our approach is based on different knowledge exchange between end users, analyst, designers and developers collaborating at the Services project. The knowledge is mainly oriented to the detection of weak signals inside the organization. In this paper, we present the different knowledge surroundings an Services project and a knowledge pattern structure that can be used for the formalization aspects of the established exchange that should be established during the Services project between the different participants
Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals
Software Reliability is the probability of failure-free software operation for a specified period of time in a specified environment. Cyber threats on software security have been prevailing and have increased exponentially, posing a major challenge on software reliability in the cyber physical systems (CPS) environment. Applying patches after the software has been developed is outdated and a major security flaw. However, this has posed a major software reliability challenge as threat actors are exploiting unpatched and insecure software configuration vulnerabilities that are not identified at the design phase. This paper aims to investigate the SDLC approach to software reliability and quality assurance challenges in CPS security. To demonstrate the applicability of our work, we review existing security requirements engineering concepts and methodologies such as TROPOS, I*, KAOS, Tropos and Secure Tropos to determine their relevance in software security. We consider how the methodologies and function points are used to implement constraints to improve software reliability. Finally, the function points concepts are implemented into the CPS security components. The results show that software security threats in CPS can be addressed by integrating the SRE approach and function point analysis in the development to improve software reliability.
Dhana Raj Markandu: Control System Cybersecurity - Challenges in a New Energy...Dhana Raj Markandu
Conference on Electricity Power Supply Industry (CEPSI) 2012, Bali, Indonesia
(Accepted for presentation but not published due to unforeseen withdrawal of author)
Attacks on the enterprise are getting increasingly sophisticated. Current solutions available do not seem to be adequate given the innovativeness, precision and persistence of these attacks in different forms and of different dimensions. Organisations thus want to increase the sophistication of their employees and also of the solutions to be deployed given this backdrop.
Nacho y Brayan, amigos de diferentes nacionalidades, se encuentran en Madrid. Brayan le cuenta a Nacho que aunque Colombia tiene problemas de violencia y corrupción, también tiene muchas bellezas naturales, diversidad climática, cultura rica y personalidades famosas. Brayan anima a Nacho a visitar Colombia para que pueda experimentar por sí mismo las maravillas del país.
Este decreto modifica parcialmente los decretos 1851 y 3022 de 2013 relacionados con los marcos técnicos normativos de información financiera en Colombia. Establece que los preparadores de información financiera aplicarán las normas internacionales contenidas en el anexo del decreto 2784 de 2012, excepto en temas como la clasificación y valoración de inversiones. También define los grupos de preparadores de información financiera y los marcos técnicos que deben aplicar cada grupo.
SAP's sales team faced challenges in quickly engaging new audiences and decision makers interested in cloud solutions. They implemented LinkedIn Sales Navigator to help reps target the right contacts, including CEOs and other executives. Sales Navigator allowed reps to make direct contact with decision makers, nurture leads, and engage customers through relevant content. It helped SAP achieve success across Asia Pacific, increasing their sales pipeline and revenues with several large deals directly attributed to Sales Navigator.
This document is a resume for N. Srikant summarizing his educational and professional background. He has a Master's degree in Pharmacy from Bharat Institute of Technology and a Bachelor's degree in Pharmacy from Sai Pranavi College of Pharmacy. His experience includes projects on formulation and evaluation of sustained release and enteric coated pellets as well as microspheres. He has skills in instrumentation, clinical research, and production areas. He is seeking a position in research and development, quality assurance, regulatory affairs, or production.
Umang Bhardwaja is a senior management executive with over 20 years of experience across various TATA group companies in industries like luxury, design, FMCG, and chemicals. He is currently the Head of India Operations for Casa Décor Private Limited, reporting to the board of directors. In this role, he developed strategies for market entry, built retail and project teams, and set up retail stores and acquired major interior projects. Previously, he held roles like General Manager of Sales and Senior Manager of International Business at other TATA companies. He possesses skills in leadership, operational management, and marketing management.
Shaheed Rahman is a recent graduate of the Welding Training Initiative Program through the Hispanic Chamber of Commerce of Wisconsin. He has certifications in essential life skills, blueprint reading, and welding with 160 hours of experience. Rahman seeks a full-time welding position where he can utilize his training and experience in MIG, flux core, spray arc, and some TIG welding. He emphasizes his strong work ethic and skills in organization, dependability, efficiency, and being a team player.
A prensa plana serve para estampar objetos planos como camisetas, chinelos, mouse pads, azulejos, capas para celular, sacolas, bolsas, placas e chaveiros de forma personalizada.
EYESON - The Next Generation in Video RecruitingEyeson
The document discusses an all-in-one video recruiting solution called eyeson that allows for video interviews, meetings, and webinars. It can be accessed via web browser or app across different devices. The solution offers messaging, document sharing, analytics and other features. It integrates seamlessly into existing recruiting workflows and can be customized to meet specific needs. The company, visocon, provides guidance on implementation and support.
1) Ashfield Pharmacovigilance provides services related to building and monitoring the safety of pharmaceutical products and medical devices, ensuring a smooth process so clients can focus on other areas.
2) They help clients comply with numerous regulatory changes between 2012-2015 from organizations like EMA, FDA, and ICH related to areas like reporting requirements, clinical safety, and inspections.
3) Ashfield Pharmacovigilance has experts in compliance, regulation, and implementation with experience across therapeutic areas and product types including drugs, devices, supplements, and cosmetics.
El sistema nervioso es el sistema de control más importante del organismo y está compuesto por el sistema nervioso central y el sistema nervioso periférico. El sistema nervioso central incluye el cerebro y la médula espinal y controla funciones superiores como las cognitivas y emocionales, mientras que el sistema nervioso periférico conecta los receptores, músculos y glándulas periféricos. El sistema nervioso periférico incluye los sistemas nerviosos somático, simpático y parasimpático, los cuales regulan func
The document outlines the experience and qualifications of Cristina Emberton including her roles as a Service Coordinator, Arts Program Specialist, Marketing Specialist, and Marketing Manager. She has over 10 years of experience in sales support, marketing, database management, and ensuring customer satisfaction. Her core competencies include technology, contract negotiations, market research, and training/lesson plan development. She is currently a registered mediator performing mediations for the Ogeechee Judicial Circuit.
In what ways do you think the Elaboration Likelihood Model applies.docxjaggernaoma
This document summarizes common vulnerabilities observed in critical infrastructure control systems based on vulnerability assessments conducted by Sandia National Laboratories. It finds that most vulnerabilities stem from a lack of proper security administration, including failing to define security classifications for system data, establish security perimeters, implement defense-in-depth protections, and restrict access based on operational needs. Many vulnerabilities result from deficient or nonexistent security governance, budget constraints, personnel attrition, and a lack of security training for automation administrators. Comprehensive mitigation requires improved security awareness, strong governance, and configuration of technology to remedy vulnerabilities.
Intrusion Detection in Industrial Automation by Joint Admin AuthorizationIJMTST Journal
Intrusion response is a more important part of security protection. In industrial automation systems (IASs) have achieved maximum and availability attention. Real-time security policy of intrusion response has big challenge for intrusion response in IASs. The loss caused by the security threats may even increase the industrial automation. However, traditional approach in intrusion detection pays attention on security policy decisions and removes security policy execution. Proposed system presents a general, real-time control depends on table driven scheduling of intrusion detection and response in IASs to resolve the problem of security policy like assigning rights to use the system. Security policy created of a security service group, with every kind of security techniques supported by a realization task set. Realization tasks from different task sets can be combined to form a response task set. In this approach, first, a response task set is created by a non dominated genetic algorithm with joint consideration of security performance and cost. Then, the system is re- configured via an integrated scheduling scheme in which system tasks and response tasks are mapped and scheduled together based on a GA. Additionally, this system proposed Joint Admin Model (JTAM) model to control over unauthorized access in industrial automation system. Furthermore, proposed method shows result of industrial automation for security mechanism. Security policy helps to authenticate user request to access industrial resources.
Systematic Review Automation in Cyber SecurityYogeshIJTSRD
Many aspects of cyber security are carried by automation systems and service applications. The initial steps of cyber chain mainly focus on different automation tools with almost same task objective. Automation operations are carried only after detail study on particular task pre engagement phase , the tool is going to perform, measurement of dataset handling of tool produced output. The algorithm is going to make use of after comparing the existing tools efficiency, the throughput time, output format for reusable input and mainly the resource’s consumption. In this paper we are going to study the existing methodology in application and system pen testing, automation tool’s efficiency over growing technology and their behaviour study on unintended platform assignment. Nitin | Dr. Lakshmi J. V. N "Systematic Review: Automation in Cyber Security" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd41315.pdf Paper URL: https://www.ijtsrd.comcomputer-science/computer-security/41315/systematic-review-automation-in-cyber-security/nitin
Blueprint for Cyber Security Zone ModelingITIIIndustries
The increasing need to implement on-line services for all industries has placed greater focus upon the security controls deployed to protect the corporate network. The demand for cyber security is further required when IT solutions are built to operate in the cloud. As more business activities are migrated to the on-line channel the security protection systems must cater for a variety of applications. This includes access for enterprise users who are mobile, working from home, or situated at business partner locations. One set of key security measures deployed to protect the enterprise perimeter include firewalls, network routers, and access gateways. In addition, a set of controls are also in place for cloud enabled IT solutions. Collectively these components make up a set of protection systems referred to as the security zones. In this paper, a security zone model that has been deployed in practice for the industry is presented. The zone model serves as a design blueprint to validate existing architectures or to assist in the design of new cyber security zone deployments.
Security Introspection for Software ReuseIRJET Journal
1) The document examines the relationship between software reuse and security vulnerabilities by analyzing 1244 open-source projects.
2) The results indicate that the number of potential vulnerabilities in native and reused code is related to the scale of development. Additionally, the number of dependencies is closely related to the number of vulnerabilities.
3) Software reuse is neither a panacea that fully addresses vulnerabilities nor does it inherently lead to an excessive number; the relationship between reuse and security vulnerabilities depends on factors like the scale of the project.
A method for detecting abnormal program behavior on embedded devicesRaja Ram
The document presents a method for detecting abnormal program behavior on embedded devices using a self-organizing map (SOM) approach. It extracts features from the processor's program counter and cycles per instruction, and uses these features to train an unsupervised SOM to classify program behavior. Testing on an ARM Cortex-M3 processor showed the method can identify unknown program behaviors not in the training set with over 98.4% accuracy.
1 hour ago
Srinivas Goud Thadakapally
week 3 discussion
COLLAPSE
Top of Form
Separation in a network is essential, of course. It would be more annoyed with that much knowledgeability and security features if it were only about security. However, it makes this network much more flexible, and in some ways makes it more secure. It reduces the potential for internal and external attacks on the same network and makes it harder for someone to take over the network. Furthermore, this separation keeps our data away from third parties. Separation of access is essential in a network, for example, to ensure that a user cannot access the whole network. It is common for specific applications and software installations on the personal computer to operate in the background. In this regard, it is possible to customize the software operating mode to make the software operation hidden to not be visible to the user. No one server or group of servers is going to have to withstand many other servers. The first line of defense in any IT environment is resource partitioning to enable critical infrastructure to handle all requests without overloading the primary server (Jaeger et al., 2016).
Separation is basically the process of using multiple processes with some type of separation for Process separation of access to objects and data. Separation (or transient segregation) can occur in both physical and logical network segments. The trick with security is to keep it away from the IT infrastructure. For example, a firewall is still strictly considered a technical security tool because it is not supposed to affect business activities. it is possible to separate administrative control, physical systems, and data between those with different roles within the organization. The behavior within the network is like partitioning an IT environment into discrete services, although some elements of this concept have not been adopted in Active Directory–in particular, policies and modules. A system administrator can move control of the administrative control of physical systems or systems within the network to a different server. However, when implementing security controls on deployments, it becomes essential to understand the scale at which the resources need to be distributed. Simply put, separation makes IT more secure (Liu et al., 2019).
References
Jaeger, B., Kraft, R., Luhn, S., Selzer, A., & Waldmann, U. (2016, August). Access Control and Data Separation Metrics in Cloud Infrastructures. In 2016 11th International Conference on Availability, Reliability, and Security (ARES) (pp. 205-210). IEEE.
Liu, W., Zhang, K., Tu, B., & Lin, K. (2019, August). HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation. In 2019 IEEE 21st International Conference on High-Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) (pp. 981-988). IEEE.
Bott.
1 hour ago
Srinivas Goud Thadakapally
week 3 discussion
COLLAPSE
Top of Form
Separation in a network is essential, of course. It would be more annoyed with that much knowledgeability and security features if it were only about security. However, it makes this network much more flexible, and in some ways makes it more secure. It reduces the potential for internal and external attacks on the same network and makes it harder for someone to take over the network. Furthermore, this separation keeps our data away from third parties. Separation of access is essential in a network, for example, to ensure that a user cannot access the whole network. It is common for specific applications and software installations on the personal computer to operate in the background. In this regard, it is possible to customize the software operating mode to make the software operation hidden to not be visible to the user. No one server or group of servers is going to have to withstand many other servers. The first line of defense in any IT environment is resource partitioning to enable critical infrastructure to handle all requests without overloading the primary server (Jaeger et al., 2016).
Separation is basically the process of using multiple processes with some type of separation for Process separation of access to objects and data. Separation (or transient segregation) can occur in both physical and logical network segments. The trick with security is to keep it away from the IT infrastructure. For example, a firewall is still strictly considered a technical security tool because it is not supposed to affect business activities. it is possible to separate administrative control, physical systems, and data between those with different roles within the organization. The behavior within the network is like partitioning an IT environment into discrete services, although some elements of this concept have not been adopted in Active Directory–in particular, policies and modules. A system administrator can move control of the administrative control of physical systems or systems within the network to a different server. However, when implementing security controls on deployments, it becomes essential to understand the scale at which the resources need to be distributed. Simply put, separation makes IT more secure (Liu et al., 2019).
References
Jaeger, B., Kraft, R., Luhn, S., Selzer, A., & Waldmann, U. (2016, August). Access Control and Data Separation Metrics in Cloud Infrastructures. In 2016 11th International Conference on Availability, Reliability, and Security (ARES) (pp. 205-210). IEEE.
Liu, W., Zhang, K., Tu, B., & Lin, K. (2019, August). HyperPS: A Hypervisor Monitoring Approach Based on Privilege Separation. In 2019 IEEE 21st International Conference on High-Performance Computing and Communications; IEEE 17th International Conference on Smart City; IEEE 5th International Conference on Data Science and Systems (HPCC/SmartCity/DSS) (pp. 981-988). IEEE.
Bott.
How Test Labs Reduce Cyber Security Threats to Industrial Control Systemse cy...Schneider Electric
Federal agencies are moving their industrial control systems (ICS) from operational business networks to separate, dedicated networks in order to enhance security. However, without a system to test the new equipment and software coming into these separate networks, security risks will persist. This paper explores the impact on security of instituting a sanctioned ICS test lab and recommends best practices for setting up and operating these labs.
Training and Tips that are very helpful to gain knowledge in the field of information Security and passing your CISSP Certification Exam.
To be CISSP Certified Please Check out the link below:
http://asmed.com/cissp-isc2/
This document discusses how applying process safety best practices can improve operational technology (OT) cybersecurity. It outlines the five independent protection layers (IPLs) for process safety - inventory and configuration management, automatic process controls, human intervention, safety instrumented systems, and physical protection. Applying best practices to each IPL layer improves OT cybersecurity by making any operational changes from cyber attacks more apparent so they can be addressed quicker. Effective configuration management and change control are especially important, as the Stuxnet attack showed how undetected changes could damage equipment over time. Overall, following process safety practices enhances control performance, alarms, interfaces, and system resilience while countering modern cyber threats.
introduction to #OT cybersecurity for O&M teams.pdfPrabaKaran649935
The document discusses the importance of operational technology (OT) cybersecurity to protect industrial control systems from cyber threats and ensure their continued availability and integrity. It notes that OT environments face different risks and priorities than information technology (IT) networks. The document advocates applying a defense-in-depth strategy through effective risk assessment and selecting appropriate countermeasures informed by standards like ISA/IEC 62443.
IRJET- Secure Scheme For Cloud-Based Multimedia Content StorageIRJET Journal
This document proposes a secure scheme for cloud-based multimedia content storage. It has two novel components: (1) a method to create signatures for 3D videos that captures depth signals efficiently, and (2) a distributed matching engine for multimedia objects that achieves high scalability. The system was implemented and deployed on Amazon and private clouds. Experiments on over 11,000 3D videos and 1 million images showed the system accurately detects over 98% of copies, outperforming YouTube's protection system which fails to detect most 3D video copies. The system provides cost-efficient, scalable multimedia content protection leveraging cloud infrastructure.
This white paper discusses the importance of developing a comprehensive security policy to protect automation systems. It outlines several security guidelines that can be included in a policy, such as restricting physical access, implementing strong authentication and authorization practices, designing secure network architectures, controlling remote access securely, and establishing wireless and maintenance security procedures. The document emphasizes that a security policy coupled with secure products and ongoing maintenance is essential for securing modern automation networks that now connect to open enterprise networks.
The document provides guidance on implementing secure architectures for industrial control systems such as process control and SCADA systems. It advises understanding the business risks fully through risk assessment before selecting and implementing security measures. The risk assessment identifies the most critical vulnerabilities to address. Then a risk reduction workshop should be held to agree on target security architecture and an implementation plan for security improvements.
This document discusses the design and implementation of a network security model using routers and firewalls. It begins by outlining the importance of network security and some common vulnerabilities, threats, and attacks against network devices like routers. It then provides details on specific attacks like session hijacking, spoofing, and denial of service attacks. The document also discusses best practices for router and firewall security policies, including access control, authentication, and traffic filtering. The overall aim is to protect networks from vulnerabilities and security weaknesses by implementing preventative measures, securing devices like routers and firewalls, and establishing proper security policies.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
This document summarizes research on integrating safety critical systems in information technology. It discusses how modern information systems are increasingly safety critical as their failure can result in financial loss or loss of life. The document reviews literature on safety critical systems, including analyzing reliability and safety of parallel-series models. It also discusses modeling approaches for designing safety critical systems before hardware or software implementation. The goal is to reduce costs from design errors found later. Overall, the document examines how information technology is used in safety critical systems and approaches for analyzing and designing such systems.
1) The document discusses security challenges in software defined networks (SDNs) including threats to the application plane, control plane, and data plane due to the separation of the control and data planes in SDNs.
2) It describes various security approaches and platforms that can secure each plane and provide network-wide security in SDNs.
3) The paper analyzes SDN security according to several dimensions and highlights both present and future security challenges in SDNs to guide further research on secure SDN architectures.
The document proposes an agent-based architecture for multi-level security incident reaction in distributed telecommunication networks. The architecture has three levels: a low level interface with the infrastructure, an intermediate level using multi-agent systems to correlate alerts and deploy reactions across domains, and a high level for global supervision and policy management. The architecture was designed based on requirements like scalability, availability, autonomy, and robust reaction and alert management across distributed systems. It was successfully tested for implementing data access control policies.
Similar to Employee trust based industrial device (20)
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
YOUR RELIABLE WEB DESIGN & DEVELOPMENT TEAM — FOR LASTING SUCCESS
WPRiders is a web development company specialized in WordPress and WooCommerce websites and plugins for customers around the world. The company is headquartered in Bucharest, Romania, but our team members are located all over the world. Our customers are primarily from the US and Western Europe, but we have clients from Australia, Canada and other areas as well.
Some facts about WPRiders and why we are one of the best firms around:
More than 700 five-star reviews! You can check them here.
1500 WordPress projects delivered.
We respond 80% faster than other firms! Data provided by Freshdesk.
We’ve been in business since 2015.
We are located in 7 countries and have 22 team members.
With so many projects delivered, our team knows what works and what doesn’t when it comes to WordPress and WooCommerce.
Our team members are:
- highly experienced developers (employees & contractors with 5 -10+ years of experience),
- great designers with an eye for UX/UI with 10+ years of experience
- project managers with development background who speak both tech and non-tech
- QA specialists
- Conversion Rate Optimisation - CRO experts
They are all working together to provide you with the best possible service. We are passionate about WordPress, and we love creating custom solutions that help our clients achieve their goals.
At WPRiders, we are committed to building long-term relationships with our clients. We believe in accountability, in doing the right thing, as well as in transparency and open communication. You can read more about WPRiders on the About us page.
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc
Six months into 2024, and it is clear the privacy ecosystem takes no days off!! Regulators continue to implement and enforce new regulations, businesses strive to meet requirements, and technology advances like AI have privacy professionals scratching their heads about managing risk.
What can we learn about the first six months of data privacy trends and events in 2024? How should this inform your privacy program management for the rest of the year?
Join TrustArc, Goodwin, and Snyk privacy experts as they discuss the changes we’ve seen in the first half of 2024 and gain insight into the concrete, actionable steps you can take to up-level your privacy program in the second half of the year.
This webinar will review:
- Key changes to privacy regulations in 2024
- Key themes in privacy and data governance in 2024
- How to maximize your privacy program in the second half of 2024
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
Advanced Techniques for Cyber Security Analysis and Anomaly DetectionBert Blevins
Cybersecurity is a major concern in today's connected digital world. Threats to organizations are constantly evolving and have the potential to compromise sensitive information, disrupt operations, and lead to significant financial losses. Traditional cybersecurity techniques often fall short against modern attackers. Therefore, advanced techniques for cyber security analysis and anomaly detection are essential for protecting digital assets. This blog explores these cutting-edge methods, providing a comprehensive overview of their application and importance.
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
BT & Neo4j: Knowledge Graphs for Critical Enterprise Systems.pptx.pdfNeo4j
Presented at Gartner Data & Analytics, London Maty 2024. BT Group has used the Neo4j Graph Database to enable impressive digital transformation programs over the last 6 years. By re-imagining their operational support systems to adopt self-serve and data lead principles they have substantially reduced the number of applications and complexity of their operations. The result has been a substantial reduction in risk and costs while improving time to value, innovation, and process automation. Join this session to hear their story, the lessons they learned along the way and how their future innovation plans include the exploration of uses of EKG + Generative AI.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Scaling Connections in PostgreSQL Postgres Bangalore(PGBLR) Meetup-2 - MydbopsMydbops
This presentation, delivered at the Postgres Bangalore (PGBLR) Meetup-2 on June 29th, 2024, dives deep into connection pooling for PostgreSQL databases. Aakash M, a PostgreSQL Tech Lead at Mydbops, explores the challenges of managing numerous connections and explains how connection pooling optimizes performance and resource utilization.
Key Takeaways:
* Understand why connection pooling is essential for high-traffic applications
* Explore various connection poolers available for PostgreSQL, including pgbouncer
* Learn the configuration options and functionalities of pgbouncer
* Discover best practices for monitoring and troubleshooting connection pooling setups
* Gain insights into real-world use cases and considerations for production environments
This presentation is ideal for:
* Database administrators (DBAs)
* Developers working with PostgreSQL
* DevOps engineers
* Anyone interested in optimizing PostgreSQL performance
Contact info@mydbops.com for PostgreSQL Managed, Consulting and Remote DBA Services
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
20240704 QFM023 Engineering Leadership Reading List June 2024
Employee trust based industrial device
1. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
DOI : 10.5121/ijnsa.2016.8102 21
EMPLOYEE TRUST BASED INDUSTRIAL DEVICE
DEPLOYMENT AND INITIAL KEY ESTABLISHMENT
Apala Ray1, 2
and Johan Akerberg2, 3
and Mats Bjorkman3
and Mikael Gidlund4
1
ABB Corporate Research, Bangalore, India
2
Malardalen University, Vasteras, Sweden
3
ABB Corporate Research, Vasteras, Sweden
4
Mid Sweden University, Sundsvall, Sweden
ABSTRACT
An efficient key management system is required to support cryptography. Most key management systems
use either pre-installed shared keys or install initial security parameters using out-of-band channels. These
methods create an additional burden for engineers who manage the devices in industrial plants. Hence,
device deployment in industrial plants becomes a challenging task in order to achieve security. In this
work, we present a device deployment framework that can support key management using the existing trust
towards employees in a plant. This approach reduces the access to initial security parameters by
employees; rather it helps to bind the trust of the employee with device commissioning. Thus, this approach
presents a unique solution to the device deployment problem. Further, through a proof-of-concept
implementation and security analysis using the AVISPA tool, we present that our framework is feasible to
implement and satisfies our security objectives.
KEYWORDS
Key Distribution, Industrial Communication Security, Device deployment, Initial Trust, Device
Authentication, AVISPA.
1. INTRODUCTION
Industrial control systems, which include Supervisory Control and Data Acquisition (SCADA)
systems, Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC), are
used to monitor and control industrial processes. These control systems acquire data from an
industry process for monitoring and issue control commands whenever required. Industrial
control systems are typically used in process industries like pulp and paper, water and
wastewater, food and beverages, mining etc. A typical paper mill can have thirty to fifty thousand
sensors and actuators. The goal of industrial automation is to automate the operations involved in
the technical process with minimal or reduced human intervention. In the initial phase of
industrial automation, industrial plants were built as stand-alone systems, where specialized
hardware and software were used by proprietary control protocols. Many of these components
were not connected with the outside world, so security had less attention. Since the last decade,
industrial communication security has gained a lot of research interest. The reason is that
companies start to introduce Internet in a larger extent than before. This has posed the possibility
of cyber threats in industrial segments. Communication security with security objectives, types of
attack, cryptographic methods, security in communication protocols and security best practices is
discussed in [1]. The industrial communication security aims to protect the devices
(sensors/actuators/controllers) from any kind of security attacks. The security attacks from the IT
domain are also affecting the industrial automation domain. Recent known attacks like Stuxnet
have revealed another set of challenges where malware can spread itself, for example through
2. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
22
USB drives, and when finding the target system it can infect the PLC’s with a Trojan [2]. In the
security domain, cryptography is a well-known technique to protect communication between
devices from attackers. Generally, different cryptographic algorithms are used for communication
security and the security of cryptographic algorithms relies on underlying secret parameters. To
create a secure system, the initial setup for the cryptography details is very important. Therefore,
an effective key management in industrial plants is an important requirement for having a secure
system.
1.1. Motivations
Industrial plants have specific requirements on availability and at the same time on easier
workflow for the commissioning and maintenance engineers. The explicit assumption to have a
secured system is that the devices in the network are trusted. This trust may be established by the
explicit mechanism of out-of-band initial trust bootstrapping, such as manual entry of security
key parameters in the device. The issues involved in the assumptions or pre-requisite of “key
distribution” are discussed in detail in [3]. For instance, considering the large number of devices
inside a plant, such out-of-band initial trust bootstrapping methods create an additional burden for
engineers. It is also a non-trivial task for a commissioning and maintenance engineer to find the
physical devices that are spread over large areas and to configure with the right parameters for
each of the devices without transmitting secret keys.
Industrial plants also involve many employees for successful operation of the plant. Each
employee has a specific role in managing the plants for 24x7 operations. There are the following
roles relevant to security management in industrial plants, (a) manufacturers of the devices, (b)
system integrators who customize the devices, integrate them into the plant and perform
commissioning, (c) operators who monitor the system during their normal operation and respond
to alarms, and (d) service personnel who are responsible for maintaining and repairing the devices
[4]. In addition to this, these roles might be manned from different organizations. For example,
the system integrators of the plant may be the manufacturer, the asset owner, or an external
company. These roles are involved in operation of the plants including the device functionality
and their management. Successful function of plants is possible when the devices are properly
commissioned, operated and maintained. Therefore, the security management of devices inside
the plant is indirectly coupled with the different employees and their roles. The device
management can be restricted based on a role-based access control policy [5]. However, there
might be several employees who share the same role. For instance, in a medium size plant, there
might be fifty employees who are assigned to commission the plant. Therefore, the role-based
access control cannot guarantee accountability for an individual employee in case of device
configuration.
For a successful security deployment in the plant, it is necessary to create accountability and
establish a relationship between the employee and the device. At present, the industrial
automation life-cycle does not have a workflow which can link and manage both the device
security and the employee access. Therefore, there is a need to harmonize the link between device
security and employee access. An idea of distributing the initial trust to the devices in a
comparatively simple workflow for the commissioning and maintenance engineers is proposed in
[6]. In this paper, we enhance the idea of integrating the responsibility of an employee
management system with the security management component for the device management in the
plant.
3. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
23
1.2. Contributions
In this paper, we present an industrial device deployment framework based on the initial
bootstrapping of trust from employees.
We propose a framework to logically segregate the feature of security management of
devices from the role of employees in a plant. This independent device deployment
framework considers the dynamic environment of employee's roles in industrial plants.
We also propose a mechanism for the device to verify whether it is joining the intended
network.
We also propose key generation and key deployment mechanisms for heterogeneous
types of plants with devices of varying degree of computation capabilities.
Our framework is also adaptive and can be used where the devices do not have direct
connectivity with the central security management or employee management system.
Through a proof-of-concept implementation and security analysis, we show that the
proposed framework is feasible to implement and satisfies the security objectives.
We also simulate the proposed schemes and methods using the AVISPA (Automated
Validation of Internet Security Protocols and Applications) tool to validate the protocols
used in the framework.
1.3. Paper Structure
In this paper, section 2 discusses the related work. Section 3 presents an overview of the proposed
framework of industrial device deployment along with the trust and the threat model. In section 4,
the framework is discussed in detail. Section 5 presents the details of the proof-of-concept
implementation. The assessment of our proposed framework is presented in section 6. Finally,
conclusions are presented in section 7.
2. RELATED WORK
There is extensive and ongoing work on topics addressing key management issues. A. Kumar et
al. presented a detailed survey on the key management protocols for wired and wireless networks
[7]. S. Camtepe covers deterministic, probabilistic and hybrid pre-distribution schemes for
distributed networks and propose to establish pair-wise, group-wise and network-wise keys in
hierarchical networks [8]. This work analyzes many of the security and efficiency related
characteristics. Generally there is no single solution which can solve all key distribution related
problems. Additionally, in each of the key distribution approaches, there is either an explicit
assumption or an explicit mechanism to establish the initial parameters among the communication
parties. The explicit assumption is that the devices in the network are trusted or there is an
explicit mechanism of out-of-band parameters sharing. K. Fischer et al. compare different
approaches to initially bootstrap security credentials [9]. In this work, the authors concluded that
the best method to bootstrap initial credentials can be done through manufacturer provided
certificates. The automation device is manufactured by the device vendor and equipped with a
secure device identifier based on 802.1 AR [10]. However, this imposes a tight constraint on
manufacturers to provide a device with secure device identity. This also might increase the
manufacturing effort and costs as the credential generation will be included during production
process. F. Stajano et al. [11] discussed the issues of bootstrapping security devices and proposed
an solution to configure the trust relation of a device with a help of users. However, their solution
requires physical contact of the new device with a master device and the new device stay
loyal to master device. A. Perrig et al. present a special way of key distribution based on a
master-key pre-loading approach [12]. However, it needs to setup a shared secret key between
4. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
24
each node and the base station, as a pre-requisite for key distribution. L. Eschenauer et al.
proposed a key management scheme using probabilistic key sharing [13], which was improved by
C. Haowen and W. Du et al. [14, 15]. F. Gandino et al. proposed a random seed distribution with
transitory master key [16]. However, these type of schemes also need offline loading of keys
prior to distribution. A concept of polynomial key pre-distribution based on deployment
knowledge is presented by D. Liu et al. [17, 18]. Using deployment knowledge, a key pre-
distribution concept based on a key pool has been shown by Z. Yu et al. [19]. However, these
mechanisms have pre-requisite that each group of nodes should share the same secret matrix.
Using this matrix, pairwise keys can be generated between nodes. M. Shehab and V. Bulusu et al.
presented a hierarchical key distribution for sensor networks [20, 21]. K. Xue et al. presented
security improvement of a hierarchical key distribution mechanism for large-scale Wireless
Sensor Network [22] which was proposed by Y. Cheng et al. [23]. These schemes require pre-
loading of a `polynomial share' within the nodes before deployment. A secure and efficient
network bootstrapping protocol for 6LoWPAN has been proposed by H. Cha et al. [24], where
challenge response mechanism can be used for secure joining. However, this does not cover the
initial credential distribution process for authentication. Flaws of single-sign-on schemes are
discussed by G. Wang et al. [25]. There has been some research work using the advantage of
multi-path signal propagation as a source of randomness to generate secrets [26-28]. M. Wilhelm
et al. showed a key deployment protocol using key generation from physical layer information
[29]. This provides an elegant and user-friendly mechanism to the key deployment problem;
however the capability of generating ephemeral shared secrets from industrial channel
measurements needs to be verified. A tamper-evident pairing protocol that provides simple,
secure Wi-Fi pairing and protects against Man-In-The-Middle (MITM) attacks without an out-of-
band channel has been shown by S. Gollakota et al. [30]. This is an interesting solution for Wi-Fi
devices with push button configuration. It does not require out-of-band key pre-distribution,
however it requires pressing of push button on the Wi-Fi devices for initiating the mechanism.
Smart card based authentication is also discussed by J.-L. Tsai et al. [31]. An assessment of the
current security situation of industrial distributed computing systems has been discussed by M.
Cheminod [32]. The authors believe that because of the complexity and size of many industrial
plants, quick and effective security management decisions and (re)actions will become harder to
take in the near future, so that the scientific community is expected to propose and develop new
advanced techniques. The LTE security is explained by D. Forsberg et al. in detail [33]. The SIM
card or certificate based solutions in mobile telecommunication industry require a lot of
engineering either in manufacturer premises or in the industrial plant itself. A SIM card based
solution requires individual mapping between the SIM card and the devices, which adds extra
time consuming steps in the industrial workflow.
From the related work and to the best of our knowledge, there is no automated workflow of initial
credential distribution solution for industrial devices. There is either an assumption or a pre-
requisite of initial key availability in the industrial devices prior to the secure key distribution. In
industrial plants, employees manage devices, and the employees can be identified through their
registered identity with the system. Therefore, in this work we propose a workflow to use the
already established trust of the employees for enabling the initial bootstrap of trust in the devices.
The flexibility of this approach enables commissioning engineers to download the required
configuration data in the device. This approach is a unique solution to the initial trust
distribution problem reusing the existing features and facilities in industrial plants.
5. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
25
3. SYSTEM ARCHITECTURES, THREAT MODEL AND SYSTEM OBJECTIVE
In this section, we present our proposed concept and the design goals of a device deployment
framework for industrial plants. We also describe the components we need to use in this
framework along with the assumptions. The initial trust of the employee is transferred to the
device during the commissioning phase of the plant life-cycle and we assume that this step can be
performed either by the manufacturers, the asset owners, or external companies. In our
framework, the employee management system keeps track of physical accesses for all the
employees where they are authorized to enter in the different areas and rooms in the plant, as well
as handling the devices. Furthermore, the plant also has a security management component to
handle the security of the devices.
3.1. System Architecture:
3.1.1. System components and Trust Model
The components which are used in the device deployment framework are presented below. In
Table 1, we summarize the trust assumptions for the system components.
Security management component: This component handles the security parameters
required for the device communication, and monitors the security state of the devices in a
running plant. This component has to be the most secure component as it will be the
weakest link in the security chain. If this component is compromised, then the security
chain will be broken. If there is any other security management system within the plant,
this component will coordinate with that system.
Employee management system: This component is responsible for issuing ID cards to
employees. At the plant there is physical security and a first level of access control is
used to securely store the employee access data. The employee might be from an
organization such as the manufacturer, site owner, or a third party. The details of the
employees who are going to handle the devices are stored in this component.
Commissioning engineer/maintenance engineer: This engineer is authorized to configure
or commission devices prior to the operational phases or during the maintenance phase.
The employee has an identity card which is registered with the Employee management
system. A unique password for the identity card is required and this password is the same
password which is used to get physical access to the building.
ID card of a commissioning engineer: The information related to the Commissioning
engineer/maintenance engineer provided by the Employee management system is stored
inside this component. This component is used for transferring the trust of the engineer to
the devices.
Commissioning device: This component is primarily used as a medium for transferring
the trust of engineer to the device.
Slave device: This component is the device which needs access for the network. During
the commissioning phase, the trust from the commissioning engineer is transferred to this
component.
Master device: This component resides at the upper communication level from the Slave
device.
6. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
26
Table 1. Notations used in Deployment Framework.
Components Trust Assumption
Security management component This component cannot be compromised
Employee management system This component cannot be compromised
Commissioning engineer/
maintenance engineer
This person is trusted from the organization and
keeps the own password confidential.
Reporting the loss of the identity card is
expected from this person
ID card of a commissioning engineer The content of this card can only be accessed
through the employee password
Commissioning device This is a trusted component in the plant. When
it reads the content of the card through
employee password, it stores it in temporary
memory. When the information is properly
transferred to the device, it erases the content
immediately
Slave device The trust assumption is similar to current
industrial devices where physical access control
is present for field devices. Firmware analysis
or side channel attacks are not possible when
the device is commissioned inside the plant
Master device The trust assumption is similar to current
industrial devices where physical access control
is present for field devices. Firmware analysis
or side channel attacks are not possible when
the device is commissioned inside the plant
3.1.2. Threat Model
The adversary is an ordinary device or a resourceful device which can create malicious activities
in a network. This threat model defines adversaries and their possible attacks to the proposed
framework. We focus on proposing a framework which can mitigate the threats which can arise
from this threat model.
Adversaries can listen to message exchanges between slave device, master device and
security manager
Adversaries can inject messages in the network
Adversaries can capture or replay messages later
Adversaries can steal the ID card of an employee
3.1.3. Framework Overview
The proposed device deployment framework consists of basically three phases as shown in Figure
1, which presents a simplified conceptual overview of our proposed industrial device deployment
framework.
7. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
27
Figure 1. Device Deployment Framework
Initial Trust based authentication: In the first phase, the initial trust is established where the
commissioning engineer/maintenance engineer configures the device and the trust of the engineer
is transferred to the device. The device capabilities can also be stored into the device during
commissioning. The device is authenticated based on the trust of the engineer which was
transferred to the device during commissioning.
Authenticity Verification: In the second phase, the device is verified whether it can present the
proof of possessing the correct trust information. The device also verifies whether it is joining the
intended network.
Key Establishment: In the third phase, the key generation occurs for the device. Based on the
device capability, the security management component decides which type of key should be
generated for the device. In a plant, there are different types of devices with different
computational resources. Our framework is designed for such heterogeneous types of systems.
Therefore, based on the device capabilities, the asymmetric keys or a symmetric key is generated
by the security management component. These keys can either be used for secure single-hop
communication, or to support end-to-end encryption in multi-hop topologies. If the device is
capable of generating its own key, it can share its key with the security management component
once the verification phase is done.
The proposed framework is developed to support hierarchical trust establishment. In this
framework, some of the devices might have direct connectivity with the employee management
system and can be directly verified by the employee management system. We define these
devices as Level 1 trusted devices. Once the trust relation is established between the employee
management system, the security management component and the Level 1 devices, these Level 1
devices can be used to anchor the trust establishment procedure for next level devices. The next
level devices will have one-hop connectivity with the employee management system. In our
proposed framework we categorize the initial trust establishment in two scenarios. In the first
scenario as captured in Figure 2, the device can be directly verified by the employee management
system. We define the first scenario as direct topology.
8. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
28
Figure 2. Device Deployment – Direct Topology
In the second scenario as captured in Figure 3, the device can be verified by employee
management system through an intermediate device, such as a master device. We define the
second scenario as hierarchical topology.
3.2. System Objectives
The security objective of industrial communication is to ensure that all the entities in the
industrial plants are communicating through a secure channel. This implies that the plant is
required to have an infrastructure where devices are deployed and the secure communication
channel is established. This leads to an efficient security management scheme for industrial
environments. Our proposed framework is designed to meet the following identified objectives.
The framework is also supposed to maintain the basic properties of crypto for confidentiality,
integrity and device authentication.
Initial secret key never leaves the node: The security parameters which will be shared between
two devices should stay within devices, such that only intended devices can read the parameters.
System resilience: Compromise of one device should have minimal impact on the rest of the
system.
Accountability for device configuration: The person who has configured the device should be
traced.
Ease of configuration: Replacing or adding a device should be easier for any employee without
having in-depth security understanding.
9. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
29
Time to configure: The system should allow fast access to devices for replacement or extension
by the authorized users.
Ease of system deployment: This property demands that the workflow can be deployed without
much effort to set up or maintain the security life-cycle.
Figure 3. Device Deployment – Hierarchical Topology
4. INDUSTRIAL DEVICE DEPLOYMENT – FRAMEWORK
This section introduces the industrial device deployment framework with the security protocols in
more detail. Our proposed algorithms are used in one time activity for bootstrapping. In Table 2,
we summarize the notation used in the framework description to make easier for readers to refer
to.
Table 2. Notations used in Deployment Framework.
A → B :< M > A sends message M to B
ID ID card of the Commissioning Engineer
HH Commissioning Device Handheld
S Slave Device
M Master Device
EMS Employee Management System
SM Security Management Component
EMP Employee Commissioning Engineer
AID Unique identity of any device A
sign(AID) Signature of any device ID AID
E(K,T) Encryption function for text T with key K
D(K,T) Decryption function for text T with key K
inc(N) Increment function for N
10. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
30
CertEMS Certificate of EMS
Kpr(A) Private key of any device A
Kpub(A) Public key of any device A
KA-B Symmetric key between device A and B
NONCES Random numbers generated by slave to prevent message replay and
support authentication verification
RNDA Random numbers generated by any device A to support
authentication verification
APARAM Authentication parameter for employee
ENCAPARAM Authentication parameter encrypted with EMS public key
CD Configuration Data Packet commissioned for slave device
PauthComm Encrypted configuration Packet along with authentication parameter
downloaded to slave
Pjoin Joining Packet sent from slave to master or EMS
PjoinFwd Forwarded Joining Packet for slave sent from master to EMS
PauthDev Authorized Packet for device sent from EMS to SM
PDH Packet shared between slave to master or EMS during DH
a,b Large random numbers used in the DH key exchange
A,B Public keys used in the DH key exchange
KS Key used between slave and master or slave and SM based on DH
4.1. Initial Trust based authentication phase
At the beginning of the initial trust setup phase, the commissioning engineer or maintenance
engineer swipes the ID card in the commissioning device HH and enters the password. The
encrypted authentication parameters ENCAPARAM is stored in the ID card. The HH verifies the
password and the ENCAPARAM with the EMS certificate CertEMS.
Once this verification is done, the HH creates a packet with the configuration data CD and the
ENCAPARAM. The CD may contain the identity of the commissioning engineer EMPID and
optionally the identity of the commissioning device HHID along with the device configuration
details. As a next step, the HH encrypts the CD and ENCAPARAM with the public key of the
employee management system Kpub(EMS). This encrypted packet is denoted as PauthComm. Then
PauthComm along with the CD and the Kpub(EMS) are downloaded in the device (S). The PauthComm
can also be stored in tamper proof memory of the device, so that if the device is captured by the
adversary, the information cannot be retrieved from the device.
In the initial trust based authentication as shown in Algorithm 1, the slave device S generates one
random nonce NONCES. It also appends its own device identity SID and then it encrypts the
downloaded PauthComm, SID, and NONCES with the Kpub(EMS). This encrypted packet is denoted as
Pjoin. The Pjoin is sent to the higher level devices for further security management.
In direct topology, the slave device S has direct connectivity with the employee management
system. The employee management system can retrieve the content of the packet Pjoin using the
private key of the employee management system Kpr(EMS). It retrieves PauthComm, nonce and slave
device identity. Then again using the Kpr(EMS) it retrieves the encrypted authentication parameter
and then after another decryption, it retrieves APARAM. This authentication parameter APARAM
can only be downloaded by an authorized engineer having an authenticated ID Card. Therefore,
through the secret APARAM within the packet Pjoin, the employee management system can verify
that the device is commissioned by an authorized person. The employee management system has
a trusted connection with the security management component SM. EMS signs its own identity
11. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
31
EMSID with Kpr(EMS) and create packet sign(EMSID). It also creates a packet PauthDev by
encrypting the CD, the NONCES and the sign(EMSID) with the public key of the security
management component Kpub(SM). Then the employee management system sends the packet
PauthDev to the security management component.
In hierarchical topology, the slave device does not have direct connectivity with the employee
management system. Therefore, in that case, the slave device S sends the packet to the master
device M. Master device signs its identity MID with the private key of the master device Kpr(M)
and creates the packet sign(MID). Using authentication of direct topology, master device has
already established the trust relation with the security management component and the employee
management system, it encrypts the packet Pjoin and sign(MID) with the public key of the
employee management system Kpub(EMS) and sends the encrypted packet PjoinFwd to the employee
management system. The employee management system decrypts the packet PjoinFwd with its
private key Kpr(EMS) and retrieves PauthDev and sign(MID). Then it can verify the identity of the
master device MID through the public key of the master device Kpub(M) and can retrieve the
content of the packet PauthComm using the private key of the employee management system
12. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
32
Kpr(EMS). Once the employee management system can verify that the master device has
forwarded the data from a slave device which is commissioned by a trusted person, it shares the
information of the slave device with the security management component in a similar way as in
the case of direct topology.
4.2. Authenticity verification phase
The goal of this phase is to ensure that the device which presents the trust information from the
employee can also present the proof of possessing the correct trust information before
establishing the key between the device and the security management component. At the same
time, the device should also ensure that it is joining the correct network which it is supposed to
join. As shown in Algorithm 2, the security management component can retrieve the content of
the packet PauthDev which is forwarded by the employee management system, using the private key
of the security management component Kpr(SM).
During authentication in direct topology, the security management component generates a
random number RNDSM and increments the nonce NONCES by 1. Then it sends the packet to the
slave by encrypting it with the NONCES. The slave device can decrypt the content as it has the
generated nonce NONCES and read the RNDSM and incremented NONCES. Thus, the slave knows
that the packet has come from an authorized component that has retrieved the correct
configuration data from the slave. The slave device again generates a random number RNDS and
increments the incremented NONCES by 1, then it encrypts the RNDS and inc(NONCES) with
RNDSM. Once the security management component gets this new packet from the slave, it can
verify that the slave device possesses the correct configuration data as it was configured by an
authorized engineer.
In hierarchical topology, the security management component signs its own identity and create
sign(SMID). Then it encrypts the NONCES and sign(SMID). With the public key of the master
13. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
33
device Kpub(M). Here, the assumption is that the master device can support public key
cryptography. If the master device does not support public key cryptography, then the packet can
be encrypted with the common shared key between the security management component and the
master device. The rest of the verification phase to verify whether the slave device possesses the
correct configuration data is similar to direct topology.
4.3. Key establishment phase
The goal of this phase is to establish an authenticated secret which will be used to protect the
communication in the network. In our framework, we have focused to bootstrap the device trust
so that key management can be done from a centralized component. Once the devices are verified
inside the plant as properly commissioned by an engineer, then the security manager component
can enforce the key establishment for the network as different state-of-the-art key establishment.
4.3.1. Symmetric Key based security management
As shown in Algorithm 3, during authentication in direct topology, both the security management
component and the slave device will use the same key if symmetric key based security
management is used. In hierarchical topology, both the master device and the slave device will
use a common key.
In direct topology, the slave device has direct connectivity with the employee management
system and once the device is verified, the security management component generates the key
KSM-S which will be used for first time communication between the security management
component and the slave device S and is later replaced by the security manager component which
enforces standard key establishment for the network as state-of-the-practice. Then it encrypts the
KSM-S with RNDS and sends it to the slave device.
In hierarchical topology once the device is verified by master device, the master device uses the
key KM-S which can be received from the security management component or it can be generated
by the master device if the master device has the key generation capability. It then encrypt KM-S
with RNDS and send encrypted KM-S to the slave device.
14. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
34
4.3.2. Asymmetric Key based security management
If devices have the necessary computation power for public key cryptography operations once in
a while, then this workflow will be suitable for those types of devices. This concept is similar to
Password-based Encrypted Key Exchange [34].
As shown in Algorithm 4, the security management component generates secret key a and
computes A = ga
mod p. The modulus p and base exponent g are the parameters denoted as
PUBDH. Then the security management component increments the nonce by 1 and creates the
packet with A, PUBDH and nonce. It then forwards the packet to the slave device encrypting with
RNDS. The encrypted packet is denoted as PDH. The slave device decrypts the packet PDH with
RNDS and retrieves PUBDH and verifies that the nonce is incremented by 1. It generates a secret
key b, and computes B = gb
mod p. Then it generates the secret key KS by Ab
mod p. It encrypts
the incremented nonce by KS and encrypts B by RNDS. It forwards the packet to security
management component. The security management component retrieves B by decrypting with
RNDS and generates secret key KS by Ba
mod p. It also retrieves the new incremented nonce by
decrypting with KS. It again increments the new nonce by 1 and encrypts with KS. It then forwards
the packet to the slave device. The slave device verifies that the nonce is again incremented by 1.
5. PROOF-OF-CONCEPT IMPLEMENTATION
We have implemented the deployment framework to verify the feasibility of our proposed
scheme. The device deployment framework is implemented using four components, Employee
15. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
35
Management System (EMS), Commissioning Device (HH), Field Device (FD) and Security
Manager (SM).
The overall packet transfer in this proof-of-concept implementation is presented in Figure 4 to
make it easier for readers to visualize the framework implementation. The EMS component keeps
the APARAM as secret. It encrypts the APARAM with the EMS public key and downloads it to the
ID card. The HH component, takes this encrypted APARAM value once the employee verification
is done and adds the configuration of the slave device. Then it encrypts the whole packet with the
EMS public key. The HH also downloads the slave configuration file inside the device. The slave
device takes the encrypted packet and adds a generated nonce and its identity. Then it encrypts
the whole packet with the EMS public key and sends it to the next level of device. After receiving
the packet, the master device adds its configuration data and encrypts the whole packet with the
EMS public key. It also signs its identity and forwards the packet to the next forwarding device or
the EMS. Using the private key of the EMS, the EMS can retrieve the forwarding device details,
joining device details, the configuration of joining device and the APARAM.
Figure 4. Data Flow in Proof-of-concept Implementation
16. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
36
This implementation shows that the proposed framework is simple to implement. In our
framework, we can use standardized encryption functions such as AES, 3DES or cipher block
chaining libraries for encryption, decryption and signature verification. Therefore, this framework
utilizes available standard security libraries for implementing those algorithms and this
accelerates the implementation phase.
6. ASSESSMENT AND DISCUSSION OF THE DEVICE DEPLOYMENT
FRAMEWORK FOR INDUSTRIAL PLANTS
In this paper, we have proposed a framework for efficient, user friendly device deployment
reusing the concept of initial trust establishment. Our aim is to ensure that the entities in the
industrial plants are communicating through a secure channel. In this section we will discuss
whether this framework fulfils the objectives as mentioned earlier along with comparisons
between different industry standard practices. We will also analyse the protocol using the
AVISPA tool [35].
6.1. Framework performance comparison
As mentioned in Section 2, there is no automated workflow of initial credential distribution for
industrial devices to the best of our knowledge. Hence, we will focus on the performance
improvement through the proposed deployment framework compared to the industry current
practices.
Overview of different initial key distribution workflows in industrial plants:
The initial key distribution in industrial plant is broadly categorized in seven categories [3]. These
are:
(a) Master Device provides unique Symmetric Key for every device, (b) Master Device provides
same Symmetric Key for all devices, (c) Master Device provides Public/Private key pair for Slave
Device, (d) Device Manufacturer provides unique Symmetric Key for every device, (e) Device
Manufacturer provides same Symmetric Key for all devices, (f) Device manufacturer provides
Public/Private key pair, (g) Slave device provides Public/Private key pair. We summarize
workflows for initial key distribution in Table 3.
We also define two broad categories of channels for key distributions. The first one is the Trusted
Channel which is the medium where communicating parties are authenticated, though transmitted
messages can be public. The second type of channel is the Secured Channel which is the medium
where no one can listen to the exchanged messages except communicating parties.
Table 3. Overview of initial key distribution workflow in industrial plants
Approaches Type of Channel Property
Approach 1: Master device provides
unique Symmetric Key for every
device
Out-of-band Secure channel
Approach 2: Master device provides
same Symmetric Key for all devices
Out-of-band Secure channel
Approach 3: Master device provides
Public/Private key pair for Slave
Device
Out-of-band Secure channel for private key
and Trusted channel for public
key
17. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
37
Approach 4: Device Manufacturer
provides unique Symmetric Key for
every device
Out-of-band Secure channel
Approach 5: Device Manufacturer
provides same Symmetric Key for
all device
Out-of-band Secure channel
Approach 6: Device manufacturer
Provides Public/Private key pair
Out-of-band Trusted channel for public key
Approach 7: Slave device provides
Public/Private key pair
Out-of-band Trusted channel for public key
A comparison of different initial key distribution workflows for industrial plants:
In all these seven approaches we mentioned, the public/private key or symmetric key is required
to be installed in the device using an out-of-band mechanism. This requires a trusted, or trusted
and secured channel. Table 4 presents a high level comparison between proposed method and
other approaches for the following objectives.
Framework Objectives:
Objective 1: Initial secret key never leaves the node
Objective 2: System resilience
Objective 3: Accountability for device configuration
Objective 3: Ease of configuration
Objective 5: Time to configure
Objective 6: Ease of system deployment Security Objectives:
Objective 7: Confidentiality
Objective 8: Integrity
Objective 9: Device Authentication
Table 4. A comparison of workflows for initial credential distributions in industrial devices.
Framework Objectives Security Objectives
Approach Obj
1
Obj
2
Obj
3
Obj
4
Obj
5
Obj
6
Obj
7
Obj
8
Obj
9
Master Device
provides
Unique Symmetric
Key for every device
No High Low Medi
um
Low Medi
um
Yes Yes Yes
Master Device
provides same
Symmetric Key for all
device
No Low Low Low Medi
um
Medi
um
Yes Yes Yes
Master Device
provides
Public/Private key pair
for Slave Device
No High Low Medi
um
Low Medi
um
Yes Yes Yes
Device Manufacturer
Provides unique
Symmetric Key for
No High Low High Medi
um
Low Yes Yes Yes
18. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
38
every device
Device Manufacturer
provides same
Symmetric Key for all
device
No Low Low High Medi
um
Low Yes Yes Yes
Device manufacturer
provides
Public/Private
key pair
Yes High Low High High Low Yes Yes Yes
Slave device provides
Public/Private key pair
Yes High Low Low High Low Yes Yes Yes
Initial Trust
Establishment
Framework (Proposed
Idea)
Yes High High Low High Low Yes Yes Yes
As we know that, during symmetric key distribution, there is a need for a trusted and secured
channel where no one can listen when the initial key is going to be distributed. In an industrial
plant, there might be many employees who will be handling the commissioning of devices.
Therefore, when the device is configured for key management, then the secured and trusted
channel is also being handled by different employees in the plant. If the secret key is required to
be entered during commissioning, the key will be known to the employee who is configuring the
device. For example, when an employee is commissioning/configuring 100 devices, there is a
need to access 100 different secret symmetric keys for 100 devices. This affects the initial secret
key never leaves the node property. Entering manually a symmetric key, which might be a 16
digit number, is an error prone and tedious job for the commissioning engineer. This reduces the
ease of configuration of the system. In addition to it, the secret key is also getting revealed while
entering the key during configuration. If a key is leaked in the network, it is difficult to find who
has initiated the problem, as individual accountability is not tied with device configuration. To
improve the ease of configuration, there is a probability of using the same initial bootstrapping
key for all the devices in the network. However, this reduces the resilience of the system. If the
same key is used to bootstrap all the devices in the network, then compromise of a single device
will have high impact on the whole system. Therefore, approach 1 and 2 reveals the key but
approach 1 has low ease of configuration and high resilience, whereas approach 2 has medium
ease of configuration but low resilience. The time to configure property is also medium for both
the approaches as it needs to configure security parameters during maintenance or replacement of
devices. The problem of individual accountability of employees is also not solved, as we will not
be able to identify who has commissioned the device. There is also a medium effort to set up a
central security management component like Master Device which handles the security of large
number of devices in industrial plants, which affects the system deployment property.
When public key cryptography is used, a trusted channel is created to transmit the public key.
However, when the private/public key pair is generated from a central security server inside the
plant, there is also a requirement of a secured channel to transfer the private key inside the device.
Creating a secure channel to transmit the private key has similar usability issues similar to
symmetric key distribution. Therefore, in approach 3, private key leaves the environment through
an out-of-band channel and has low ease of configuration. The time to configure property is
medium as it needs to configure security parameters during maintenance or replacement of
device. The problem of individual accountability of employees is also not solved, as we will not
be able to identify who has commissioned the device. There is also a medium effort to set up a
19. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
39
central security management component like Master Device which handles the security of large
numbers of devices in industrial plants, which affects the system deployment property.
On the other hand in approach 4 and 5, if the vendor puts the secret key in the device during
manufacturing, the same key has to be transferred to the industrial plant through a secured
channel. This requires that employee will know the secret key for commissioning the system. The
resilience property will be affected the same way as in approach 1 and 2, if the same key is used
for all devices. This approach improves the ease of configuration to an extent as the device is not
required to be configured with a symmetric key during commissioning. However, this increases
the time to configure property as during maintenance or replacement of a device, the device
manufacturer is required to be contacted for acquiring new key pair for devices. There is also a
high effort to set up the trusted and secured channel between manufacturer and industrial plant,
which affects the system deployment property.
When public key cryptography is used and the manufacturers are responsible for generating
public/private key pairs in approach 6, we can remove the secret handling by employees. This
will not reveal the secret key and the public key mechanism will improve the resilience.
However, the time to configure property will be high and there will be a high effort in system
deployment to set up the trusted and secured channel between manufacturer and industrial plant.
In approach 7, the slave device itself is capable of generating a public/private key pair. This
improves most of the properties but accountability of the commissioning engineer is not tied with
this approach. Therefore, if the device is misbehaving then it is difficult to know who has
configured the device and whether the configuration issues have created the problem. It also
assumes that the slave device is computationally efficient to generate public/private key pairs by
themselves.
In our proposed framework, the employee needs to swipe the ID card to the handheld terminal
and provide authenticity. The employee is not required to enter any specific secret key for the
device, instead the ID card is used in the same way it is used to access factory entry. The devices
can present this trust information to receive the keys from the security management component.
Therefore, in this framework, the initial security parameters do not get revealed to the employee
who is configuring, instead the encrypted parameters are used to verify the authenticity of the
device and the engineer. Once the device is authenticated by the employee management system,
the configuration data and the related information is transferred to the security management
component. Then the security management component becomes responsible for the key
management of the whole network.
In our proposed framework, the key which is distributed based on the device capability of
supporting encryption, is limited to only two communicating parties. Therefore, if the attacker
can retrieve the key for a particular slave, it cannot compromise the entire system and
communication. If the key of the master device is compromised, then the slave devices which are
under the cluster of that particular master device will be compromised. However, it cannot
compromise the other master devices in the network. When asymmetric key cryptography is used,
compromise of one particular device cannot compromise the entire system.
Devices which are involved in data communication are commissioned by commissioning or
maintenance personnel. The employees are the authorized persons to handle a device, therefore
when the commissioning person places the device in the network; the trust parameter of the
employee which is stored in the ID card is transferred to the device. When the device presents the
configuration credentials, it also presents the encrypted employee trust. Commissioning engineers
have sufficient experience to demonstrate that they know the safety regulations and machine
directives to formally “sign-off” a commissioned plant. Hence, a commissioning engineer is
20. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
40
trusted for the operational safety of a plant. Verifying that employee trust, the device can be
authenticated that it is commissioned by an authorized person. This trust of the employee is
transferred to the device only when the authorized commissioning or maintenance personnel
swipes the employee identification card in card reader. Therefore, any other device which is not
commissioned by authorized persons in the plant can easily be detected in this framework as only
the employee can store this encrypted trust. In the future if the device has the capability to read
the identity card, then the trust can be transferred directly without the need of an additional
commissioning device.
In our framework we provide a mechanism which integrates the employee management system
with the security management component for devices. The employee management system deals
with the management of the employees who handle the device in a plant or organization. The
security management component deals with the security of the devices in the plant. To configure
a device, our framework requires that the employee swipes the ID card in an ID card reader, like
a handheld commissioning device, and enters the configuration data. This procedure does not take
extra time compared to the commissioning time without any security mechanism. This provides a
user friendly procedure for the employees without accessing the secure data storage or manually
entering the security related parameters.
This framework partially satisfies physical security where once an attack is detected, it can be
tracked who has configured the device. In earlier approaches, there was no individual
accountability. However, our proposal is highly dependent on an Employee Management System.
This might affect the ease of system deployment as our method assumes that inside the plant there
is a first level of access control and this component is used to securely store the employee access
data. This is an additional requirement on current employee management systems. However, this
will be a one-time activity and in most industrial plants, there exist a system for employee
management.
6.2. Formal verification and validation of framework using AVISPA
In this section the results of formal verification of our proposed framework is presented to verify
the correctness of the protocols. AVISPA (Automated Validation of Internet Security Protocols
and Applications) [35, 36] is used for the analysis of large-scale Internet security-sensitive
protocols and applications. To specify the security protocol and their properties, the HLSPL
(High Level Protocols Specification Language) language is used. Protocols to be studied by the
AVISPA tool should be specified in HLPSL and written in a file with the extension hlpsl. The
HLPSL specification is translated into the Intermediate Format (IF) using a hlpsl2if translator. IF
is a lower-level language than HLPSL and is read directly by the back-ends of the AVISPA Tool.
The AVISPA Tool comprises four back-ends; OFMC (On the Fly Model Checker), CL-AtSe
(Constraint Logic based Attack Searcher), SATMC (SAT based Model Checker), TA4SP (Tree
Automata based on Protocol Analyzer). These back-ends are used to identify flaws in protocols.
SPAN [37, 38] is a security protocol animator for AVISPA which is designed to help protocol
developers in writing HLPSL specifications. A HLPSL specification is composed of three parts,
namely a list of definitions of roles, a list of declarations of goals, and the read call of the main
role.
Roles are used as independent processes and they have a name, receive information by
parameters and contain local declarations. To formally verify the protocols used in our
framework, we have used basic roles similar to our implemented version, Employee Management
System (EMS), Handheld Device (HH) and Security Manager (SM). We also modelled ID card
also as a role. For the sake of completion we have separated the Field Device component into
Master Device (M) and Slave Device (S). Each basic role is independent from the others and has
initial information. In our implementation each role contains local declarations, initialization and
transitions. The transitions in a role are spontaneous actions enabled when the state predicates on
21. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
41
the left-hand side are true. In our implementation, the sessions of the protocol is described as the
composed role. In composed roles, the roles can execute parallel or sequentially.
In this paper, we have used both the OFMC and AtSe back-ends using SPAN to verify our
protocol. In SPAN, CAS+ is used as a language. In CAS+, we declare the identifiers of the
protocol from certain types, namely user (principal name), public key, symmetric key, function,
number. The Table 5, summarizes the identifiers used to verify our proposed protocol.
Table 5. Identifier declaration.
Type Identifiers
User EMS, ID, HH, S, M1, M2, SM
Number APARAM, CD, NONCES, RNDs, RNDSM, RNDM1, RNDM2
Public Key Kpub(EMS), Kpub(SM), Kpub(M1), Kpub(M2)
Function Increment
When a protocol execution initiates, each principal needs initial knowledge to compose its
messages. The identifiers in user category need to have the knowledge of data it uses for its
protocol execution. The Table 6, captures the knowledge of each user in our implementation.
Table 6. Knowledge of User.
User Knowledge
EMS EMS, ID, HH, M1, M2, SM, Increment, Kpub(EMS), Kpub(SM), Kpub(M1),
Kpub(M2)
ID EMS, ID, Kpub(EMS)
HH EMS, ID, HH, S, Increment, Kpub(EMS)
S EMS, ID, HH, S, SM, Increment, Kpub(EMS)
M1 EMS, M1, M2, SM, Increment, Kpub(EMS), Kpub(SM), Kpub(M1), Kpub(M2)
M2 EMS, M1, M2, SM, Increment, Kpub(EMS), Kpub(SM), Kpub(M1), Kpub(M2)
SM EMS, M1, M2, SM, Increment, Kpub(EMS), Kpub(SM), Kpub(M1), Kpub(M2)
The message section contains the core of the protocol specification. We use the message
exchange algorithms as discussed in Section 4. We declare the goal of verification as secrecy of
APARAM, whether SM and S can authenticate each other by RNDS and RNDSM respectively. Each
role communicates with other roles through Dolev-Yao channels. In Dolev-Yao model, the
adversary can overhear, intercept, and synthesize any messages. We have analysed our protocol
with OFMC and ATSC.
The On-the-Fly Model-Checker OFMC builds the infinite tree of the problem in a demand-driven
way. The state space is represented by different symbolic techniques. By using this, OFMC can
detect attacks fast and prove the protocol is correct. The CL-based Model-Checker (CL-AtSe) is
used to translate any protocol specification into a set of constraints. This is useful to find attacks
on protocols [35]. The analysis with both the OFMC and ATSE shows that our proposed protocol
has no security flaw that can be detected by AVISPA.
22. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
42
7. CONCLUSIONS AND FUTURE WORK
In this paper, we have presented a framework for industrial device deployment. We started by
introducing the objectives of the device deployment framework. Then we presented our
framework in detail and assessed the objectives of the device deployment framework. It is found
that the device can be verified by the security management component once the commissioning
engineer or maintenance engineer has established the initial trust by transferring the employee
parameters to the device. The configuration parameters can also be downloaded during the initial
trust establishment. Therefore, based on the cryptographic computational capability of the device,
our proposed framework can support both symmetric and asymmetric key distribution. By
reusing the initial trust establishment workflow, this framework simplifies the key distribution
mechanisms and eliminates the need of prior sharing of secret parameters. The initial trust
establishment phase does not require any unique secret for the device which is difficult to
manage, rather the key distribution occurs from a central management component once the device
can show that it has been commissioned by an authorized person. The authentication verification
phase also provides a mechanism for the device to verify whether it is joining the intended
network. We also logically segregate the security management for devices from the role of the
commissioning engineer. Therefore, this framework provides a solution for the dynamic
environment of employee roles in industrial plants. This framework is also adaptive where the
devices do not have direct connectivity with the central security management or employee
management system. Through the proposed authentication in direct and hierarchical topology,
any device can be verified once initial trust has been established by the commissioning engineer.
As future work, we are planning to demonstrate the practicability of this framework with working
devices in a plant.
ACKNOWLEDGEMENTS
This work has been supported by the Swedish Knowledge Foundation (KKS) through ITS-EASY,
Embedded Software and Systems Industrial Research School, affiliated with the School of
Innovation, Design and Engineering (IDT) at Malardalen University (MDH, Vasteras, Sweden) as
well as by the ABB Industrial Communication and Electronics Program
.
REFERENCES
[1] D. Dzung, M. Naedele, T. P. Hoff, and M. Crecatin, “Security for industrial communication systems,”
Proceedings of the IEEE, vol. 93, no. 6, pp. 1152–1177, 2005.
[2] Symantec, “ Stuxnet introduces the first known rootkit for industrial control systems,” 2010.
[3] A. Ray, M. Bjorkman, J. Akerberg, and M. Gidlund, “Initial key distribution for industrial wireless
sensor networks,” in IEEE International Conference on Industrial Technology (ICIT 2013), February
2013.
[4] S. Obermeier, R. Schierholz, H. Hadeli, R. R. Enderlein, A. Hristova, and T. Locher, “Secure
management of certificates for industrial control systems,” in 39th Annual Conference of the IEEE
Industrial Electronics Society (IECON 2013), November 2013.
[5] D. Ferraiolo and R. Kuhn, “Role-based access control,” in In 15th NIST-NCSC National Computer
Security Conference, 1992, pp. 554– 563.
[6] A. Ray, M. Bjorkman, J. Akerberg, and M. Gidlund, “A solution for industrial device commissioning
along with the initial trust establishment,” in 39th Annual Conference of the IEEE Industrial
Electronics Society (IECON 2013), November 2013.
[7] A. Kumar, A. Aggarwal, and C. Kumar, “Survey and Taxonomy of Key Management Protocols for
Wired and Wireless Networks,” International Journal of Network Security and Its Applications, vol.
4, no. 3, may 2012.
[8] S. Camtepe, “Key distribution mechanisms for wireless sensor networks: a survey,” in Rensselaer
Polytechnic Institute, vol. 07, 2005.
23. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
43
[9] K. Fischer and J. Gesner, “Security architecture elements for iot enabled automation networks,” in
Emerging Technologies Factory Automation (ETFA), 2012 IEEE 17th Conference on, Sept 2012,
pp.1–8.
[10] IEEE Standard for Local and metropolitan area networks, Secure Device Identity, 802.1AR-2009
Std., 2009.
[11] F. Stajano and R. J. Anderson, “The resurrecting duckling: Security issues for ad-hoc wireless
networks,” in Proceedings of the 7th International Workshop on Security Protocols, 2000, pp. 172–
194.
[12] A. Perrig, R. Szewczyk, J. D. Tygar, V. Wen, and D. E. Culler, “SPINS: Security protocols for sensor
networks,” in ACM Wireless Network, vol. 8, Sep. 2002, pp. 521–534.
[13] L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,” in
Proceedings of the 9th ACM conference on Computer and communications security, ACM, 2002, pp.
41–47.
[14] C. Haowen, A. Perrig, and D. Song, “Random key predistribution schemes for sensor networks,” in
Security and Privacy, 2003. Proceedings. 2003 Symposium on, May 2003, pp. 197–213.
[15] W. Du, J. Deng, Y. S. Han, P. K. Varshney, J. Katz, and A. Khalili, “A pairwise key predistribution
scheme for wireless sensor networks,” ACM Trans. Inf. Syst. Secur., vol. 8, no. 2, pp. 228–258, May
2005.
[16] F. Gandino, B. Montrucchio, and M. Rebaudengo, “Key management for static wireless sensor
networks with node adding,” Industrial Informatics, IEEE Transactions on, vol. 10, no. 2, pp. 1133–
1143, May 2014.
[17] D. Liu and P. Ning, “Location-based pairwise key establishments for static sensor networks,” in
Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, ser. SASN ’03.
New York, NY, USA: ACM, 2003, pp. 72–82.
[18] D. Liu and P. Ning, “Improving key predistribution with deployment knowledge in static sensor
networks,” ACM Trans. Sen. Netw., vol. 1, no. 2, pp. 204–239, Nov. 2005.
[19] Z. Yu and Y. Guan, “A Key Management Scheme Using Deployment Knowledge for Wireless
Sensor Networks,” IEEE Trans. Parallel Distrib. Syst., vol. 19, no. 10, pp. 1411–1425, 2008.
[20] M. Shehab, E. Bertino, and A. Ghafoor, “Efficient hierarchical key generation and key diffusion for
sensor networks,” in Sensor and Ad Hoc Communications and Networks, 2005. pp. 76–84.
[21] V. Bulusu, A. Durresi, V. Paruchuri, and M. Durresi, “Key Distribution in Mobile Heterogeneous
Sensor Networks,” in In Proceedings of 49th annual IEEE Global Telecommunications Conference,
2006, pp. 1–5.
[22] K. Xue, P. Hong, H. Lu, B. Zhu, and L. Li, “Security improvement on an efficient key distribution
mechanism for large-scale Wireless Sensor Network,” in 2nd International Conference on
Anticounterfeiting, Security and Identification, 2008. Ieee, 2008, pp. 140–143.
[23] Y. Cheng and D. P. Agrawal, “An improved key distribution mechanism for large-scale hierarchical
wireless sensor networks,” Ad Hoc Networks, vol. 5, no. 1, pp. 35–48, 2007.
[24] H. Cha, K.-H. Kim, and S. Yoo, “Lbp: A secure and efficient network bootstrapping protocol for
6lowpan,” in Proceedings of the 5th International Conference on Ubiquitous Information
Management and Communication, ser. ICUIMC ’11. New York, NY, USA: ACM, 2011, pp. 54:1–
54:8.
[25] G. Wang, J. Yu, and Q. Xie, “Security analysis of a single signon mechanism for distributed computer
networks,” Industrial Informatics, IEEE Transactions on, vol. 9, no. 1, pp. 294–302, Feb 2013.
[26] S. Mathur, W. Trappe, N. Mandayam, C. Ye, and A. Reznik, “Radio-telepathy: extracting a secret key
from an unauthenticated wireless channel,” in Proceedings of the 14th ACM international conference
on Mobile computing and networking, ser. MobiCom ’08. New York, NY, USA: ACM, 2008, pp.
128–139.
[27] S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy, “On the
effectiveness of secret key extraction from wireless signal strength in real environments,” in
Proceedings of the 15th annual international conference on Mobile computing and networking, ser.
MobiCom ’09. ACM, 2009, pp. 321–332.
[28] M. Wilhelm, I. Martinovic, and J. B. Schmitt, “Secret keys from entangled sensor motes:
implementation and analysis,” in Proceedings of the third ACM conference on Wireless network
security, ser. WiSec ’10. ACM, 2010, pp. 139–144.
[29] M. Wilhelm, I. Martinovic, E. Uzun, and J. B. Schmitt, “SUDOKU: Secure and usable deployment of
keys on wireless sensors,” 6th IEEE Workshop on Secure Network Protocols, pp. 1–6, Oct. 2010.
24. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.1, January 2016
44
[30] S. Gollakota, N. Ahmed, N. Zeldovich, and D. Katabi, “Secure in-band wireless pairing,” in
Proceedings of the 20th USENIX conference on Security, Berkeley, CA, USA, 2011, p. 16.
[31] J.-L. Tsai, N.-W. Lo, and T.-C. Wu, “Novel anonymous authentication scheme using smart cards,”
Industrial Informatics, IEEE Transactions on, vol. 9, no. 4, pp. 2004–2013, Nov 2013.
[32] M. Cheminod, L. Durante, and A. Valenzano, “Review of security issues in industrial networks.”
IEEE Trans. Industrial Informatics, vol. 9, no. 1, pp. 277–293, 2013.
[33] D. Forsberg, G. Horn, W. Moeller, and V. Niemi, LTE Security: Second Edition, 2nd ed., 2012.
[34] S. Bellovin and M. Merritt, “Encrypted key exchange: passwordbased protocols secure against
dictionary attacks.” IEEE Comput. Soc. Press, 1992, pp. 72–84.
[35] “AVISPA: a tool for Automated Validation of Internet Security Protocols.” [Online]. Available:
http://www.avispa-project.org
[36] A. Armando, D. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuellar, P. H. Drielsma, P. C.
He´am, O. Kouchnarenko, J. Mantovani, S. M¨odersheim, D. v. Oheimb, M. Rusinowitch, J.
Santiago, M. Turuani, L. Vigan` o, and L. Vigneron, “The AVISPA Tool for the Automated
Validation of Internet Security Protocols and Applications,” in Proceedings of the 17th International
Conference on Computer Aided Verification (CAV’05), 2005, vol. 3576.
[37] “SPAN: a Security Protocol ANimator for AVISPA .” [Online]. Available:
http://www.irisa.fr/celtique/genet/span/
[38] O. Heen, T. Genet, and N. Prigent, “An industrial and academic joint experiment on automated
verification of a security protocol,” 2008.