Claudio Zanasi,Silvio Russo,Michele Colajanni

DOI: https://doi.org/10.1016/j.adhoc.2024.103414

IF: 4.816

2024-04-01

Ad Hoc Networks

Abstract:The growing digitalization of industrial systems and the increasing adoption of cloud technologies pose significant challenges to the secure management of modern industrial infrastructures integrating different Industrial Internet of Things (IIoT). Existing cybersecurity solutions can manage uniform and centralized software systems but are not designed to accommodate the requirements of heterogeneous IIoT devices, such as hard real-time operations, high reliability, and decentralization for distributed decision-making. We present a novel security architecture that is specifically designed to address the stringent requirements of IIoT systems. It is based on a network micro-segmentation that can be seamlessly integrated into existing environments, and two main components: a software-defined network (SDN) ensuring a unified abstraction layer for policy enforcement across diverse environments; and a centralized security management layer that simplifies the policy execution of any architectural design. We demonstrate the feasibility and effects of this original combination through a prototype. It experimentally demonstrates that our peer-to-peer SDN coupled with an asynchronous policy distribution process guarantees resiliency to individual failures, and enables fully decentralized operations while still ensuring a central flexible management of network topology and security policies.

computer science, information systems,telecommunications

Han Zhang,Qian Wang,Xiaoli Zhang,Yi He,Bo Tang,Qi Li

DOI: https://doi.org/10.1109/mcom.001.2300390

IF: 9.03

2024-01-01

IEEE Communications Magazine

Abstract:Internet of things (IoT) networks allow cross-device interactions to achieve various intelligent applications, for example, smart homes and smart commercial spaces. However, cross-device interactions are often protected by inadequate authorization mechanisms, making them susceptible to various attacks, including connection-based attacks, application impersonation attacks, and so on. In this article, we propose a zero-trust IoT network architecture, OUTSIDE, designed to provide fine-grained authorization for IoT applications. It achieves the application-level authorization at the network layer by encoding the capability information of applications into verifiable tokens. Meanwhile, it enables a zero-trust service for per-packet verification, ensuring that every packet is sent by an authorized application with proper access privileges. Particularly, our architecture is versatile and compatible with various IoT protocols. We prototype and deploy OUTSIDE in Raspberry Pis and ESP32 microcontrollers running over the constrained application protocol (CoAP). The experimental results show that our architecture incurs negligible performance degradation.

Zheng Zhang,Liang Huang,Renzhong Tang,Tao Peng,Lihang Guo,Xingwei Xiang

DOI: https://doi.org/10.1109/case48305.2020.9216817

2020-01-01

Abstract:Industrial Internet of Things (IIoT) is regarded as a promising transformation technology for manufacturing industry. We expect the information flow through along the process of material flow, gauging and collective devices feed IIoT platform with essential data. AI and big data analytical techniques can then be used to process the data to support a series of decision-making. Users at both managerial and operational levels can take actions accordingly, which significantly improve management efficiency in one organization, enhance supply chain coordination, and attract investment, etc. Powerful as bigdata and AI technology, they cannot operate without data. In centralized, third-party-managed IIoT platform, few manufactures are willing to share their critical data. This study extends IIoT framework with blockchain technology to provide a solution for trustless data sharing. The solution embeds encrypted ledger to avoid credential data tampering, employs m- in-n-out smart contracts to secure data exchange, and utilizes consensus mechanism to improve cyber security. The proposed framework integrates blockchain with IIoT to operate the entire industrial data exchange in a decentralized network, namely Industrial Blockchain of Things (IBoT).

Mukhtar Hussain,Shantanu Pal,Zahra Jadidi,Ernest Foo,Salil Kanhere

DOI: https://doi.org/10.1109/mwc.001.2300405

IF: 12.777

2024-04-12

IEEE Wireless Communications

Abstract:Cloud computing services have become ubiquitous, and currently, every organization uses some form of cloud computing service. Furthermore, even if an organization does not allow BYOD for work, employees will still bring their own devices to manage their personal communication while at work. Moreover, in this post COVID-19 era, working from home has become common. These new trends have diminished the previously known boundary between the enterprise-owned trusted network and untrusted outside networks. Therefore, a new cybersecurity paradigm is emerging that is referred to as zero trust architecture (ZTA). A ZTA protects an enterprise infrastructure based on the principles of never trusting and always verifying. The core component of ZTA is a Zero Trust (ZT) algorithm which ensures dynamic access control and continuous monitoring to establish never trusting and always verifying principles. This article provides a novel research direction based on federated artificial intelligence to develop a ZT algorithm.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Zhuocheng Xu,Boya Di,Lingyang Song

DOI: https://doi.org/10.1109/iwrfat61200.2024.10594530

2024-01-01

Abstract:Zero-trust architecture (ZTA) has been viewed as a powerful security framework to deal with the increasingly complex network environment and connection exposure in high-risk environments. Since the standard ZTA was established in 2020, a large amount of research works have been carried out on ZTA. However, the centralized ZTA established by companies such as Huawei has the problem of single point of failure, which affects the security greatly. In addition, research works on the distributed ZTA pay less attention on the design of workflows, thus making it difficult to deploy their ZTAs in smart factories. In this paper, we establish a cloud-edge-gateway collaborative ZTA based on the distributed ZTA, named CEGC-ZTA, for smart factories. We design the workflow of CEGC-ZTA based on the software-defined perimeter (SDP) model. An implementation case of CEGC-ZTA is given in a smart factory scenario. Simulations and theoretical analysis show that CEGC-ZTA has a superior performance in terms of both the security and efficiency.

Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Han Zhang,Ziyan Zhang,Liquan Chen

DOI: https://doi.org/10.1016/j.dcan.2024.03.011

IF: 6.348

2024-03-01

Digital Communications and Networks

Abstract:With the introduction of 5G, users and devices can access the industrial network from anywhere in the world. Therefore, traditional perimeter-based security technologies for industrial networks can no longer work well. To solve this problem, a new security model called Zero Trust(ZT) is desired, which believes in “never trust and always verify”. Every time the asset in the industrial network is accessed, the subject is authenticated and its trustworthiness is assessed. In this way, the asset in industrial network can be well protected, whether the subject is in the internal network or the external network. However, in order to construct the zero trust model in the 5G Industrial Internet collaboration system, there are still many problems to be solved. In this paper, we first introduce the security issues in the 5G Industrial Internet collaboration system, and illustrate the zero trust architecture. Then, we analyze the gap between existing security techniques and the zero trust architecture. Finally, we discuss several potential security techniques that can be used to implement the zero trust model. The purpose of this paper is to point out the further direction for the realization of the Zero Trust Architecture(ZTA) in the 5G Industrial Internet collaboration system.

telecommunications

Rongkai Wang,Luyue Ji,Tong Ren,Shibo He,Zhiguo Shi

DOI: https://doi.org/10.1109/indin45582.2020.9442203

2020-01-01

Abstract:Industrial Internet of Things (IIoT) as an emerging and prospective paradigm, has great potential to significantly improve production efficiency of manufacturing systems. An open data exchange standard, namely OPCUA, has been proposed for the IIoT systems to provide semantic interoperability over heterogeneous devices. However, a mass of traditional devices that do not support OPC UA, are still operating in legacy automation systems. To address this problem, in this paper, we propose a three-layer IIoT architecture for manufacturing system, which combines OPC UA-based gateways and Time-Sensitive Software-Defined Networking (TSSDN) switches to realize the efficient and reliable communication. The OPC UA is adopted to realize the interoperability of heterogeneous devices and the TSSDN achieves centralized control of network resources and flexible configuration in real-time industrial networks. Finally, we design a smart factory test bed, to evaluate the applicability of the proposed system architecture, in which we implement the information model and data transmission based on OPC UA.

Heng Zhang,Yinchu Wang,Yawen Xue,Ruilong Deng,Hongran Li,Jian Zhang

DOI: https://doi.org/10.23919/ccc63176.2024.10662787

2024-01-01

Abstract:Industrial network control systems (INCSs) are easy to be targeted by attackers due to their high economic value. Most of the existing defense methods are deployed at the network boundary, which causes high-security risks to INCS once an attacker enters the system. In addition, many existing intrusion detection systems (IDSs) build detection models based on historical data. When INCS lacks sufficient historical data, it is difficult to build detection models with high accuracy. In this paper, we propose a trust assessment model for INCS based on Fourier series fitting employing concept of zero trust to assess the real-time trust of INCS. The model alerts when INCS has low trust. We test two data injection attacks in the experiment to prove the effectiveness of our approach.

Maha Ali Allouzi,Javed Khan

2024-02-16

Abstract:Internet of Medical Things (IoMT) deals with a patient-data-rich segment, which makes security and privacy a severe concern for patients. Therefore, access control is a significant aspect of ensuring trust in the IoMT. However, deploying existing authentication and authorization solutions to the Internet of Medical Things (IoMT) is not straightforward because of highly dynamic and possibly unprotected environments and untrusted supply chain for the IoT devices. In this article, we propose Soter, a Zero-Trust based authentication system for the IoMT. Soter Incorporates trust negotiation mechanisms within the Zero Trust framework to enable dynamic trust establishment. When a user or device seeks access to a resource, initiate a trust negotiation process. During this process, credentials, attributes, and contextual information are exchanged between the requester and the resource owner. Soter defines access rules based on various factors, including user identity, device health, and location. Access is granted or denied based on these conditions.

Cryptography and Security,Computers and Society

Mahmud Hasan

2024-10-24

Abstract:Zero Trust Architecture (ZTA) represents a transformative approach to modern cybersecurity, directly addressing the shortcomings of traditional perimeter-based security models. With the rise of cloud computing, remote work, and increasingly sophisticated cyber threats, perimeter defenses have proven ineffective at mitigating risks, particularly those involving insider threats and lateral movement within networks. ZTA shifts the security paradigm by assuming that no user, device, or system can be trusted by default, requiring continuous verification and the enforcement of least privilege access for all entities. This paper explores the key components of ZTA, such as identity and access management (IAM), micro-segmentation, continuous monitoring, and behavioral analytics, and evaluates their effectiveness in reducing vulnerabilities across diverse sectors, including finance, healthcare, and technology. Through case studies and industry reports, the advantages of ZTA in mitigating insider threats and minimizing attack surfaces are discussed. Additionally, the paper addresses the challenges faced during ZTA implementation, such as scalability, integration complexity, and costs, while providing best practices for overcoming these obstacles. Lastly, future research directions focusing on emerging technologies like AI, machine learning, blockchain, and their integration into ZTA are examined to enhance its capabilities further.

Cryptography and Security

Sheng Sun,Morris Repeta,Mike Healy,Vish Nandall,Eddy Fung,Chris Thomas

DOI: https://doi.org/10.48550/arXiv.2211.03776

2022-11-08

Abstract:5G is destined to be supporting large deployment of Industrial IoT (IIoT) with the characteristics of ultra-high densification and low latency. 5G utilizes a more intelligent architecture, with Radio Access Networks (RANs) no longer constrained by base station proximity or proprietary infrastructure. The 3rd Generation Partnership Project (3GPP) covers telecommunication technologies including RAN, core transport networks and service capabilities. Open RAN Alliance (O-RAN) aims to define implementation and deployment architectures, focusing on open-source interfaces and functional units to further reduce the cost and complexity. O-RAN based 5G networks could use components from different hardware and software vendors, promoting vendor diversity, interchangeability and 5G supply chain resiliency. Both 3GPP and O-RAN 5G have to manage the security and privacy challenges that arose from the deployment. Many existing research studies have addressed the threats and vulnerabilities within each system. 5G also has the overwhelming challenges in compliance with privacy regulations and requirements which mandate the user identifiable information need to be protected. In this paper, we look into the 3GPP and O-RAN 5G security and privacy designs and the identified threats and vulnerabilities. We also discuss how to extend the Zero Trust Model to provide advanced protection over 5G air interfaces and network components.

Cryptography and Security

Hejia Zhou,Shantanu Pal,Zahra Jadidi,Alireza Jolfaei

DOI: https://doi.org/10.1109/iotm.002.2200195

2023-03-01

IEEE Internet of Things Magazine

Abstract:The Industrial Internet of Things (IIoT) is a developing research area with potential global Internet connectivity, turning everyday objects into intelligent devices with more autonomous activities. IIoT services and applications are not only being used in smart homes and smart cities, but they have also become an essential element of the Industry 4.0 concept. The emergence of the IIoT helps traditional industries simplify production processes, reduce production costs, and improve industrial efficiency. However, the involvement of many heterogeneous devices, the use of third-party software, and the resource-constrained nature of the IoT devices bring new security risks to the production chain and expose vulnerabilities to the systems. The Distributed Denial of Service (DDoS) attacks are significant, among others. This article analyzes the threats and attacks in the IIoT and discusses how DDoS attacks impact the production process and communication dysfunctions with IIoT services and applications. This article also proposes a reference security framework that enhances the advantages of fog computing to demonstrate countermeasures against DDoS attacks and possible strategies to mitigate such attacks at scale.

Shahid Latif,Zeba Idrees,Jawad Ahmad,Lirong Zheng,Zhuo Zou

DOI: https://doi.org/10.1016/j.jii.2020.100190

IF: 11.718

2021-01-01

Journal of Industrial Information Integration

Abstract:The industrial Internet of Things (IIoT) plays an important role in the industrial sector, where secure, scalable, and easily adopted technologies are being implemented for the smart industry. The traditional IIoT architectures are generally based on centralized architectures that are vulnerable to a single point of failure and to several cyber-attacks. Blockchain technology is frequently adopted in the modern industry because of its security and decentralization. This paper proposes a blockchain-based architecture that ensures secure and trustworthy industrial operations. A private and lightweight blockchain architecture is proposed to regulate access to valuable sensor and actuator data. To enhance the computational performance of the proposed architecture, real-time cryptographic algorithms are processed using a low-power ARM Cortex-M4 processor, and a highly scalable, fast, and energy-efficient consensus mechanism proof of authentication (PoAh) is deployed in the blockchain network. Extensive experiments and analysis proved the effectiveness of the proposed framework for smart industrial environments. Finally, we transform a conventional fruit processing plant into a secure and smart industrial platform by implementing the proposed architecture.

Britta Hale,Ryan Arlitt,Nikolaos Papakonstantinou,Douglas Van Bossuyt

DOI: https://doi.org/10.1115/1.4062597

IF: 2.3

2023-05-23

Journal of Computing and Information Science in Engineering

Abstract:Abstract In an age of worsening global threat landscape and accelerating uncertainty, the design and manufacture of systems must increase resilience and robustness across both the system itself and the entire systems design process. We generally trust our colleagues after initial clearance/background checks; and systems to function as intended and within operating parameters after safety engineering review, verification, validation, and/or system qualification testing. This approach has led to increased insider threat impacts; thus we suggest moving to the “trust, but verify” approach embodied by the Zero-Trust paradigm. Zero-Trust is increasingly adopted for network security but has not seen wide adoption in systems design and operation. Achieving the goal of Zero-Trust throughout the systems lifecycle will help to ensure that no single bad actor -- whether human or machine learning / artificial intelligence (ML/AI) -- can induce failure anywhere in a system's lifecycle. Additionally, while ML/AI and their associated risks are already entrenched within the operations phase of many systems' lifecycles, ML/AI is gaining traction during the design phase. For example, generative design algorithms are increasingly popular but there is less understanding of potential risks. Adopting the Zero-Trust philosophy helps ensure robust and resilient design, manufacture, operations, maintenance, upgrade, and disposal of systems. We outline the rewards and challenges of implementing Zero-Trust and propose the Framework for Zero-Trust for the System Design Lifecycle. The paper highlights several areas of ongoing research with focus on high priority areas where the community should focus efforts.

engineering, manufacturing,computer science, interdisciplinary applications

Yuanhang He,Daochao Huang,Lei Chen,Yi Ni,Xiangjie Ma

DOI: https://doi.org/10.1155/2022/6476274

2022-06-16

Wireless Communications and Mobile Computing

Abstract:The traditional perimeter-based network protection model cannot adapt to the development of current technology. Zero trust is a new type of network security model, which is based on the concept of never trust and always verify. Whether the access subject is in the internal network or the external network, it needs to be authenticated to access resources. The zero trust model has received extensive attention in research and practice because it can meet the new network security requirements. However, the application of zero trust is still in its infancy, and enterprises, organizations, and individuals are not fully aware of the advantages and disadvantages of zero trust, which greatly hinders the application of zero trust. This paper introduces the existing zero trust architecture and analyzes the core technologies including identity authentication, access control, and trust assessment, which are mainly relied on in the zero trust architecture. The main solutions under each technology are compared and analyzed to summarize the advantages and disadvantages, as well as the current challenges and future research trends. Our goal is to provide support for the research and application of future zero trust architectures.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mirador G. Labrador,Abegail Bordios,Weiyan Hou

DOI: https://doi.org/10.11591/ijeecs.v24.i2.pp780-788

2021-11-01

Indonesian Journal of Electrical Engineering and Computer Science

Abstract:The convergence of microelectronics and micromechanical system within a sensing device, the proliferation of wireless communication, and the use of software-driven equipment are already changing the landscape of the manufacturing industries. This situation compels the industries to adopt industrial internet of things (IIoT) systems and processes with the main objective-to improve the processes and increase production. However, it is undeniable that despite IIoT advantages, it posed significant issues on the security and privacy on industry automation especially along data generation and control system. Hence, this paper proposes a cloud based 3-tier data security framework that performs two-level security verification processes. The framework has been tested and validated using an experimental industry automation system and has been found to be functionally effective with an acceptable handoff delay.

Chao Li,Hui Yang,Zhengjie Sun,Qiuyan Yao,Bowen Bao,Jie Zhang,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/jiot.2022.3200854

IF: 10.6

2022-12-24

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) is considered to be one of the most promising revolutionary technologies to increase productivity. With the refined development of manufacturing, the entire manufacturing process is split up into several areas of IoT production. Devices from different domains cooperate to perform the same task, which cause security problems in interacted communication among them. Existing authentication methods cause heavy key management overhead or rely on a trusted third party. It is imperative to protect privacy and ensure the credibility of the device during device interaction. This article proposes a federated hierarchical trust interaction scheme (FHTI) for the cross-domain industrial IoT. It builds a low-privacy network platform through blockchain and protects the data privacy of the IIoT. A hierarchical trust mechanism based on federated detection is designed to realize the unified trust evaluation of cross-domain devices. A trusted cross-domain method based on device trust value is designed to ensure the security and trustworthiness of cross-domain devices. The simulation results show that the FHTI scheme can improve the speed of identity authentication and the detection accuracy of malicious devices.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mohammad Ali Alipour,Saeid Ghasemshirazi,Ghazaleh Shirvani

DOI: https://doi.org/10.48550/arXiv.2210.01739

2022-10-21

Abstract:One of the most promising applications of the IoT is the Smart Grid (SG). Integrating SG's data communications network into the power grid allows gathering and analyzing information from power lines, distribution power stations, and end users. A smart grid (SG) requires a prompt and dependable connection to provide real-time monitoring through the IoT. Hence 5G could be considered a catalyst for upgrading the existing power grid systems. Nonetheless, the additional attack surface of information infrastructure has been brought about by the widespread adoption of ubiquitous connectivity in 5G, to which the typical information security system in the smart grid cannot respond promptly. Therefore, guaranteeing the Privacy and Security of a network in a threatening, ever-changing environment requires groundbreaking architectures that go well beyond the limitations of traditional, static security measures. With "Continuous Identity Authentication and Dynamic Access Control" as its foundation, this article analyzes the Zero Trust (ZT) architecture specific to the power system of IoT and uses that knowledge to develop a security protection architecture.

Cryptography and Security,Computers and Society,Networking and Internet Architecture

Keyvan Ramezanpour,Jithin Jagannath

DOI: https://doi.org/10.1016/j.comnet.2022.109358

IF: 5.493

2022-11-09

Computer Networks

Abstract:In this position paper, we discuss the critical need for integrating zero trust (ZT) principles into next-generation communication networks (5G/6G). We highlight the challenges and introduce the concept of an intelligent zero trust architecture (i-ZTA) as a security framework in 5G/6G networks with untrusted components. While network virtualization, software-defined networking (SDN), and service-based architectures (SBA) are key enablers of 5G networks, operating in an untrusted environment has also become a key feature of the networks. Further, seamless connectivity to a high volume of devices has broadened the attack surface on information infrastructure. Network assurance in a dynamic untrusted environment calls for revolutionary architectures beyond existing static security frameworks. To the best of our knowledge, this is the first position paper that presents the architectural concept design of an i-ZTA upon which modern artificial intelligence (AI) algorithms can be developed to provide information security in untrusted networks. We introduce key ZT principles as real-time Monitoring of the security state of network assets, Evaluating the risk of individual access requests, and Deciding on access authorization using a dynamic trust algorithm, called MED components. To ensure ease of integration, the envisioned architecture adopts an SBA-based design, similar to the 3GPP specification of 5G networks, by leveraging the open radio access network (O-RAN) architecture with appropriate real-time engines and network interfaces for collecting necessary machine learning data. Therefore, this work provides novel research directions to design machine learning based components that contribute towards i-ZTA for the future 5G/6G networks.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture