Biblio

With the ever-increasing use of large-scale IoT networks in different sectors of the industry, it has become critical to realise seamless and secure communication between devices in the network. Realising secure group communication in the IoT requires solving the problem of group-key establishment. In this work, we solve the problem by designing a new lattice-based Key Encapsulation Mechanism (KEM) for resource-constrained devices that enable the distribution of a symmetric key or any other data between all the devices in a given network. This is achieved by coupling multiple private keys to a unique public key. Moreover, we present a proof-of-concept implementation based on the GGH algorithm. The results show it is feasible to use lattice-based cryptography to allow for seamless and secure group communications within a decentralised IoT network. It has been bench-marked against other common post-quantum constructs and proven to be more practical with respect to memory consumption and security, although considerably slower due to lack of optimisation in the implementation.

In the last decade, numerous Industrial IoT systems have been deployed. Attack vectors and security solutions for these are an active area of research. However, to the best of our knowledge, only very limited insight in the applicability and real-world comparability of attacks exists. To overcome this widespread problem, we have developed and realized an approach to collect attack traces at a larger scale. An easily deployable system integrates well into existing networks and enables the investigation of attacks on unmodified commercial devices.

The Industrial Internet of Things is expected to attract significant investments for Industry 4.0. In this new environment, the blockchain has immediate potential in industrial applications, providing unchanging, traceable and auditable access control. However, recent work and present in blockchain literature are based on a cloud infrastructure that requires significant investments. Furthermore, due to the placement and distance of the cloud infrastructure to industrial control devices, such approaches present a communication latency that can compromise the strict deadlines for accessing and communicating with this device. In this context, this article presents a blockchain-based access control architecture, which is deployed directly to edge devices positioned close to devices that need access control. Performance assessments of the proposed approach were carried out in practice in an industrial mining environment. The results of this assessment demonstrate the feasibility of the proposal and its performance compared to cloud-based approaches.

Industry 4.0 connectivity requires ensuring end-to-end (E2E) security for industrial data. This requirement is critical when retrieving data from the OT network. Ciphertext-Policy Attribute-Based Encryption (CP-ABE) guarantees E2E security by encrypting data according to a policy and generating user keys according to attributes. To use this encryption scheme in manufacturing environments, policies must be updatable. This paper proposes a Multi-Layered Policy Key Encapsulation Method for CP-ABE that allows flexible policy update and revocation without modifying the original CP-ABE scheme.

The ecosystem of the Internet of Things (IoT) continues growing now and covers more and more fields. One of these areas is the Industrial Internet of Things (IIoT) which integrates sensors and actuators, business applications, open web applications, multimedia security systems, positioning, and tracking systems. Each of these components creates its own data stream and has its own parameters of the probability distribution when transmitting information packets. One such distribution, specific to the TrumpfTruPrint 1000 IIoT system, is the beta distribution. We described issues of the processing of such a data flow by an agent model of the \$5\textbackslashtextbackslashtimes5\$ NoC switch fabric. The concepts of modern telecommunication networks 5G/6G imply the processing of “small” data in the place of their origin, not excluding the centralized processing of big data. This process, which involves the transmission, distribution, and processing of data, involves a large number of devices: routers, multiprocessor systems, multi-core systems, etc. We assumed that the data stream is processed by a device with the network structure, such as NoC, and goes to its built-in router. We carried out a study how the average queues of the \$5\textbackslashtextbackslashtimes5\$ router change with changes in the parameters of a data stream that has a beta distribution.

Carefully constructed cyber-attacks directly influence the data integrity and the operational functionality of the smart energy grid. In this paper, we have explored the data integrity attack behaviour in a wide-area sensor-enabled IIoT-SCADA system. We have demonstrated that an intelligent cyber-attacker can inject false information through the sensor devices that may remain stealthy in the traditional detection module and corrupt estimated system states at the utility control centres. Next, to protect the operation, we defined a set of critical measurements that need to be protected for the resilient operation of the grid. Finally, we placed the measurement units using an optimal allocation strategy by ensuring that a limited number of nodes are protected against the attack while the system observability is satisfied. Under such scenarios, a wide range of experiments has been conducted to evaluate the performance considering IEEE 14-bus, 24 bus-reliability test system, 85-bus, 141-bus and 145-bus test systems. Results show that by ensuring the protection of around 25% of the total nodes, the IIoT-SCADA enabled energy grid can be protected against injection attacks while observability of the network is well-maintained.

Industrial IoT (IIoT) is a specialized subset of IoT which involves the interconnection of industrial devices with ubiquitous control and intelligent processing services to improve industrial system's productivity and operational capability. In essence, IIoT adapts a use-case specific architecture based on RFID sense network, BLE sense network or WSN, where heterogeneous industrial IoT devices can collaborate with each other to achieve a common goal. Nonetheless, most of the IIoT deployments are brownfield in nature which involves both new and legacy technologies (SCADA (Supervisory Control and Data Acquisition System)). The merger of these technologies causes high degree of cross-linking and decentralization which ultimately increases the complexity of IIoT systems and introduce new vulnerabilities. Hence, industrial organizations becomes not only vulnerable to conventional SCADA attacks but also to a multitude of IIoT specific threats. However, there is a lack of understanding of these attacks both with respect to the literature and empirical evaluation. As a consequence, it is infeasible for industrial organizations, researchers and developers to analyze attacks and derive a robust security mechanism for IIoT. In this paper, we developed a multi-layer taxonomy of IIoT attacks by considering both brownfield and greenfield architecture of IIoT. The taxonomy consists of 11 layers 94 dimensions and approximately 100 attack techniques which helps to provide a holistic overview of the incident attack pattern, attack characteristics and impact on industrial system. Subsequently, we have exhibited the practical relevance of developed taxonomy by applying it to a real-world use-case. This research will benefit researchers and developers to best utilize developed taxonomy for analyzing attack sequence and to envisage an efficient security platform for futuristic IIoT applications.

The Industrial Internet of Things (IIoT) paradigm represents nowadays the cornerstone of the industrial automation since it has introduced new features and services for different environments and has granted the connection of industrial machine sensors and actuators both to local processing and to the Internet. One of the most advanced network protocol stack for IoT-IIoT networks that have been developed is 6LoWPAN which supports IPv6 on top of Low-power Wireless Personal Area Networks (LoWPANs). 6LoWPAN is usually coupled with the IEEE 802.15.4 low-bitrate and low-energy MAC protocol that relies on the time-slotted channel hopping (TSCH) technique. In TSCH networks, a coordinator node synchronizes all end-devices and specifies whether (and when) they can transmit or not in order to improve their energy efficiency. In this scenario, the scheduling strategy adopted by the coordinator plays a crucial role that impacts dramatically on the network performance. In this paper, we present a novel scheduling strategy for time-slot allocation in IIoT communications which aims at the improvement of the overall network fairness. The proposed strategy mimics the well-known shell game turning the totally unfair mechanics of this game into a fair scheduling strategy. We compare our proposal with three allocation strategies, and we evaluate the fairness of each scheduler showing that our allocator outperforms the others.

The Internet of Things (IoT) is a vast collection of interconnected sensors, devices, and services that share data and information over the Internet with the objective of leveraging multiple information sources to optimize related systems. The technologies associated with the IoT have significantly improved the quality of many existing applications by reducing costs, improving functionality, increasing access to resources, and enhancing automation. The adoption of IoT by industries has led to the next industrial revolution: Industry 4.0. The rise of the Industrial IoT (IIoT) promises to enhance factory management, process optimization, worker safety, and more. However, the rollout of the IIoT is not without significant issues, and many of these act as major barriers that prevent fully achieving the vision of Industry 4.0. One major area of concern is the security and privacy of the massive datasets that are captured and stored, which may leak information about intellectual property, trade secrets, and other competitive knowledge. As a way forward toward solving security and privacy concerns, we aim in this paper to identify common input-output (I/O) design patterns that exist in applications of the IIoT. These design patterns enable constructing an abstract model representation of data flow semantics used by such applications, and therefore better understand how to secure the information related to IIoT operations. In this paper, we describe communication protocols and identify common I/O design patterns for IIoT applications with an emphasis on data flow in edge devices, which, in the industrial control system (ICS) setting, are most often involved in process control or monitoring.

Internet of Things (IoT) revolution in 5th Generation (5G) will dynamically support all user, devices and customer worldwide where these devices, mechanical and digital machines will be connected and are able to communicate and transfer data over the network. In industries, the evolution of these technologies, known as Industrial IoT (IIoT) will enable machines to be connected and communicate where else, Internet of Everything (IoE) makes the connection more relevant between all smart devices, machines and also people with a huge data, high speed and high security. The growth of these technologies has made Radio Frequency (RF) spectrum resources for wireless communication to be more saturated. In order to solve this problem, new wireless communication technologies are proposed to meet the demand and also to enhance the performance of the system and overcome the existing bandwidth limitations. Studies done shows that Light-Fidelity (Li-Fi), based on Visible Light Communications (VLC) is one of the most promising technology in future which is based on optical wireless communication. Initial study on the Li-Fi concept has focuses on achieving speed, bi-directional transmission concept and supports multiuser access. In this paper we propose a frame work focuses on the handover process for indoor environment by using the steerable Access Point (AP) and compare the output result with fix Access Point.

The amount of connected devices in the industrial environment is growing continuously, due to the ongoing demands of new features like predictive maintenance. New business models require more data, collected by IIoT edge node sensors based on inexpensive and low performance Microcontroller Units (MCUs). A negative side effect of this rise of interconnections is the increased attack surface, enabled by a larger network with more network services. Attaching badly documented and cheap devices to industrial networks often without permission of the administrator even further increases the security risk. A decent method to monitor the network and detect “unwanted” devices is network scanning. Typically, this scanning procedure is executed by a computer or server in each sub-network. In this paper, we introduce network scanning and mapping as a building block to scan directly from the Industrial Internet of Things (IIoT) edge node devices. This module scans the network in a pseudo-random periodic manner to discover devices and detect changes in the network structure. Furthermore, we validate our approach in an industrial testbed to show the feasibility of this approach.

Industry 4.0 or the fourth industrial revolution encapsulates future industry development trends to achieve more intelligent manufacturing processes, including reliance on Cyber Physical Systems (CPS). The increase in online access and control given by the incorporation of CPSs introduces a new challenge securing the operations of the CPS in that they are not supported by standard security protocols. This paper describes a process used to effectively protect the operations of an IIoT system by implementing security protocols on the CPS within the IIoT. A series of predefined boundary conditions of the safety critical parameters for which a heating and cooling CPS can safely operate within were established. If the CPS is commended to operate outside of these boundaries, it will disconnect from all external communication network and default to some pre-defined safe-operation mode until the system has been evaluated locally by an administrator and released from the safe-mode. This method was tested and validated by establishing a sample IIoT and CPS testbed setup which monitor and control the temperature of a target environment. An attack was initiated to force the target environment outside of the determined safety-critical parameters. The system responded by disabling all network ports and defaulted to the safe-operation mode established previously.

Early Internet of Things(IoT) applications have been build around cloud-centric architectures where information generated at the edge by the "things" in conveyed and processed in a cloud infrastructure. These architectures centralise processing and decision on the data-centre assuming sufficient connectivity, bandwidth and latency. As applications of the Internet of Things extend to industrial and more demanding consumer applications, the assumptions underlying cloud-centric architectures start to be violated as for several of these applications connectivity, bandwidth and latency to the data-centre are a challenge. Fog and Mist computing have emerged as forms of "Cloud Computing" closer to the "Edge" and to the "Things" that should alleviate the connectivity, bandwidth and latency challenges faced by Industrial and extremely demanding Consumer Internet of Things Applications. This keynote, will (1) introduce Cloud, Fog and Mist Computing architectures for the Internet of Things, (2) motivate their need and explain their applicability with real-world use cases, and (3) assess their technological maturity and highlight the areas that require further academic and industrial research.