Skip to main content
SpringerLink
Log in
Book cover

Critical Infrastructure Security and Resilience pp 201–217Cite as

Secure Interconnection of IT-OT Networks in Industry 4.0

  • Chapter
  • First Online:

Abstract

Increasingly, the society is witnessing how today’s industry is adapting the new technologies and communication protocols to offer more optimal and reliable services to end-users, with support for inter-domain communication belonging to diverse critical infrastructures. As a consequence of this technological revolution, interconnection mechanisms are required to offer transparency in the connections and protection in the different application domains, without this implying a significant degradation of the control requirements. Therefore, this book chapter presents a reference architecture for Industry 4.0 where the interconnection core is mainly concentrated in the Policy Decision Points (PDP), which can be deployed in high volume data processing and storage technologies such as cloud and fog servers. Each PDP authorizes actions in the field/plant according to a set of factors (entities, context and risks) computed through the existing access control measures, such as RBAC+ABAC+Risk-BAC (Role/Attribute/Risk-Based Access Control, respectively), to establish coordinated and constrained accesses in extreme situations. Part of these actions also includes proactive risk assessment measures to respond to anomalies or intrusive threats in time.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M, Ayyash M (2015) Internet of things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutorials 17(4):2347–2376

    Article  Google Scholar 

  2. Alcaraz C (2017) Resilient industrial control systems based on multiple redundancy. Int J Crit Infrastruct (IJCIS) 13(2/3):278–295

    Article  Google Scholar 

  3. Alcaraz C (2018) Cloud-assisted dynamic resilience for cyber-physical control systems. IEEE Wirel Commun 25(1):76–82

    Article  Google Scholar 

  4. Alcaraz C, Cazorla L, Fernandez G (2015) Context-awareness using anomaly-based detectors for smart grid domains. In: 9th International Conference on Risks and Security of Internet and Systems, vol 8924. Springer, Trento, pp 17–34

    Google Scholar 

  5. Alcaraz C, Fernandez-Gago C, Lopez J (2011) An early warning system based on reputation for energy control systems. IEEE Trans Smart Grid 2(4):827–834

    Article  Google Scholar 

  6. Alcaraz C, Lopez J (2010) A security analysis for wireless sensor mesh networks in highly critical systems. IEEE Trans Syst Man Cybern Part C Appl Rev 40(4):419–428

    Article  Google Scholar 

  7. Alcaraz C, Lopez J (2012) Analysis of requirements for critical control systems. Int J Crit Infrastruct Prot (IJCIP) 5:137–145

    Article  Google Scholar 

  8. Alcaraz C, Lopez J (2013) Wide-area situational awareness for critical infrastructure protection. IEEE Comput 46(4):30–37

    Article  Google Scholar 

  9. Alcaraz C, Lopez J (2017) Secure interoperability in cyber-physical systems. In: Security solutions and applied cryptography in smart grid communications, chap 8. IGI Global, USA, pp 137–158

    Chapter  Google Scholar 

  10. Alcaraz C, Lopez J, Choo KKR (2017) Resilient interconnection in cyber-physical control systems. Comput Secur 71:2–14

    Article  Google Scholar 

  11. Alcaraz C, Lopez J, Wolthusen S (2016) Policy enforcement system for secure interoperable control in distributed smart grid systems. J Netw Comput Appl 59:301–314

    Article  Google Scholar 

  12. Alcaraz C, Zeadally S (2013) Critical control system protection in the 21st century: threats and solutions. IEEE Comput 46(10):74–83. https://doi.org/10.1109/MC.2013.69

    Article  Google Scholar 

  13. Alizadeh M, Abolfazli S, Zamani M, Baharun S, Sakurai K (2016) Authentication in mobile cloud computing: a survey. J Netw Comput Appl 61:59–80

    Article  Google Scholar 

  14. H. F. Atlam, A. Alenezi, R. J. Walters, G. B. Wills and J. Daniel, ”Developing an Adaptive Risk-Based Access Control Model for the Internet of Things,” 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter, 2017, pp. 655–661.

    Google Scholar 

  15. Cazorla L, Alcaraz C, Lopez J (2018) Cyber stealth attacks in critical information infrastructures. IEEE Syst J 12:1778–1792

    Article  Google Scholar 

  16. Chen B, Wan J, Shu L, Li P, Mukherjee M, Yin B (2018) Smart factory of industry 4.0: key technologies, application case, and challenges. IEEE Access 6:6505–6519

    Article  Google Scholar 

  17. Chin WL, Lin YH, Chen HH (2016) A framework of machine-to-machine authentication in smart grid: a two-layer approach. IEEE Commun Mag 54(12):102–107

    Article  Google Scholar 

  18. Chow R, Jakobsson M, Masuoka R, Molina J, Niu Y, Shi E, Song Z (2010) Authentication in the clouds: a framework and its application to mobile users. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW’10. ACM, New York, pp 1–6

    Google Scholar 

  19. Cisneros-Cabrera S, Ramzan A, Sampaio P, Mehandjiev N (2017) Digital marketplaces for industry 4.0: a survey and gap analysis. In: Camarinha-Matos LM, Afsarmanesh H, Fornasiero R (eds) Collaboration in a data-rich world. Springer, Cham, pp 18–27

    Chapter  Google Scholar 

  20. CNN-CERT (2006) Centro Cripotológico Nacional. https://www.ccn-cert.cni.es. Last retrieved in June 2018

  21. Dar KS, Taherkordi A, Eliassen F (2016) Enhancing dependability of cloud-based IoT services through virtualization. In: 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI). IEEE, Berlin, pp 106–116

    Google Scholar 

  22. Department of Homeland Security (2004) Industrial control systems cyber emergency response team (ICS-CERT). https://ics-cert.us-cert.gov. Last retrieved in June 2018

  23. Derhamy H, Eliasson J, Delsing J (2017) Iot interoperability on-demand and low latency transparent multiprotocol translator. IEEE Internet Things J 4(5):1754–1763. https://doi.org/10.1109/JIOT.2017.2697718

    Article  Google Scholar 

  24. Dzung D, Naedele M, Von Hoff TP, Crevatin M (2005) Security for industrial communication systems. Proc IEEE 93(6):1152–1177

    Article  Google Scholar 

  25. Edwards NJ, Rouault J (2008) Multi-domain authorization and authentication. US 7.444,666B2

    Google Scholar 

  26. Esfahani A, Mantas G, Matischek R, Saghezchi FB, Rodriguez J, Bicaku A, Maksuti S, Tauber M, Schmittner C, Bastos J (2017) A lightweight authentication mechanism for m2m communications in industrial IoT environment. IEEE Internet Things J 1–1. https://ieeexplore.ieee.org/abstract/document/8006209/

  27. European Commision (2018) SealGRID: scalable, trustEd, and interoperAble pLatform for sEcureD smart GRID. http://www.sgrid.eu/. Last retrieved in June 2018

  28. Ferrag MA, Maglaras LA, Janicke H, Jiang J (2016) Authentication protocols for internet of things: a comprehensive survey. CoRR abs/1612.07206

    Google Scholar 

  29. Fraile F, Tagawa T, Poler R, Ortiz A (2018) Trustworthy industrial IoT gateways for interoperability platforms and ecosystems. IEEE Internet Things J 1–1. https://ieeexplore.ieee.org/document/8353121/

  30. Grangel-González I, Baptista P, Halilaj L, Lohmann S, Vidal ME, Mader C, Auer S (2017) The industry 4.0 standards landscape from a semantic integration perspective. In: 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), pp 1–8

    Google Scholar 

  31. Hernández-Ramos JL, Pawlowski MP, Jara AJ, Skarmeta AF, Ladid L (2015) Toward a lightweight authentication and authorization framework for smart objects. IEEE J Sel Areas Commun 33(4):690–702

    Article  Google Scholar 

  32. IEC-61850 (2003) Power utility automation – communication networks and systems in substations – parts 1–10. TC 57 – Power systems management and associated information exchange

    Google Scholar 

  33. IEC-62351 (2007–2011) IEC-62351 parts 1-8: information security for power system control operations, international electrotechnical commission. http://www.iec.ch/smartgrid/standards/. Last retrieved in June 2018

  34. Industrial Internet Consortium, Edge Computing Task Group (2018) Introduction to edge computing in IIoT. An Industrial Internet Consortium White Paper, IIC:WHT:IN24:V1.0:PB:20180618. https://www.iiconsortium.org. Last retrieved in June 2018

  35. International Electrotechnical Commission (2011) IEC-62351-8, Power systems management and associated information exchange – data and communications security – part 8: role-based access control. http://www.iec.ch/smartgrid/standards/. Last retrieved in June 2018

  36. Ishihara Y, Seki H, Kasami T (1993) A translation method from natural language specifications into formal specifications using contextual dependencies. In: Proceedings of the IEEE International Symposium on Requirements Engineering, pp 232–239

    Google Scholar 

  37. Lee JY, Lin WC, Huang YH (2014) A lightweight authentication protocol for internet of things. In: International Symposium on Next-Generation Electronics (ISNE), pp 1–2

    Google Scholar 

  38. Liu Q, Zhang H, Wan J, Chen X (2017) An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing internet of things. IEEE Access 5:7001–7011

    Article  Google Scholar 

  39. Lom M, Pribyl O, Svitek M (2016) Industry 4.0 as a part of smart cities. In: 2016 Smart Cities Symposium Prague (SCSP), pp 1–6

    Google Scholar 

  40. Lopez J, Alcaraz C, Roman R (2013) Smart control of operational threats in control substations. Comput Secur 38:14–27

    Article  Google Scholar 

  41. Lopez J, Rubio JE (2018) Access control for cyber-physical systems interconnected to the cloud. Comput Netw 134:46–54

    Article  Google Scholar 

  42. Norris R, Miller J, Saint-Andre P (2017) XEP-0034: SASL integration. https://xmpp.org/extensions/xep-0034.html. Last retrieved in June 2018

  43. OASIS (2012) OASIS advanced message queuing protocol (AMQP) version 1.0 Part 5: security. http://docs.oasis-open.org/amqp/core/v1.0/amqp-core-security-v1.0.html. Last retrieved in June 2018

  44. OASIS (2014) MQTT and the NIST cybersecurity framework version 1.0. http://docs.oasis-open.org/mqtt/mqtt-nist-cybersecurity/v1.0/mqtt-nist-cybersecurity-v1.0.html. Last retrieved in June 2018

  45. OMG (2015) Data distribution service specification v1.4. https://www.omg.org/spec/DDS/About-DDS/. Last retrieved in June 2018

  46. Pearson S, Benameur A (2010) Privacy, security and trust issues arising from cloud computing. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). IEEE, pp 693–702

    Google Scholar 

  47. Qiu Y, Ma M (2016) A mutual authentication and key establishment scheme for M2M communication in 6LoWPAN networks. IEEE Trans Ind Inf 12(6):2074–2085

    Article  Google Scholar 

  48. Raza S, Shafagh H, Hewage K, Hummen R, Voigt T (2013) Lithe: lightweight secure CoAP for the Internet of Things. IEEE Sens J 13(10):3711–3720 (2013)

    Article  Google Scholar 

  49. Rubio JE, Alcaraz C, Lopez J (2017) Preventing advanced persistent threats in complex control networks. In: 22nd European Symposium on Research in Computer Security (ESORICS 2017), vol 10493, pp 402–418

    Chapter  Google Scholar 

  50. Rubio JE, Alcaraz C, Roman R, López J (2017) Analysis of intrusion detection systems in industrial ecosystems. In: Proceedings of the 14th International Joint Conference on E-Business and Telecommunications (ICETE 2017), vol 4, pp 116–128

    Google Scholar 

  51. Rubio JE, Roman R, Alcaraz C, Zhang Y (2018), Tracking advanced persistent threats in critical infrastructures through opinion dynamics. In: European Symposium on Research in Computer Security. Springer, Barcelona, vol 11098, pp. 555–574

    Chapter  Google Scholar 

  52. Schwab D, Yang L (2013) Entity authentication in a mobile-cloud environment. In: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW’13). ACM, New York, pp 42:1–42:4

    Google Scholar 

  53. Sharaf-Dabbagh Y, Saad W (2017) Cyber-physical fingerprinting for Internet of Things authentication: demo abstract. In: Proceedings of the Second International Conference on Internet-of-Things Design and Implementation (IoTDI’17). ACM, New York, pp 301–302

    Chapter  Google Scholar 

  54. Shrouf F, Ordieres J, Miragliotta G (2014) Smart factories in industry 4.0: a review of the concept and of energy management approached in production based on the internet of things paradigm. In: 2014 IEEE International Conference on Industrial Engineering and Engineering Management (IEEM). IEEE, pp 301–302

    Google Scholar 

  55. Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in Internet of Things: the road ahead. Comput Netw 76:146–164

    Article  Google Scholar 

  56. Thamhain H (2013) Managing risks in complex projects. Proj Manag J 44(2):20–35

    Article  Google Scholar 

  57. Thomas MV, Chandrasekaran K (2016) Identity and access management in the cloud computing environments, chap. 3. ISI Global, Hershey, Pennsylvania, USA, pp 61–89

    Google Scholar 

  58. Thota P, Kim Y (2016) Implementation and comparison of M2M protocols for Internet of Things. In: 2016 4th International Conference on Applied Computing and Information Technology/3rd International Conference on Computational Science/Intelligence and Applied Informatics/1st International Conference on Big Data, Cloud Computing, Data Science Engineering (ACIT-CSII-BCD), pp 43–48

    Google Scholar 

  59. University of Malaga (2018) DISS-IIoT: design and implementation of security services for the industrial internet of things. https://www.nics.uma.es/projects/diss-iiot. Last retrieved in June 2018

  60. Vollbrecht J, Calhoun P, Farrell S, Gommans L, Gross G, de Bruijn B, de Laat C, Holdrege M, Spence D (2000) AAA authorization framework. RFC 2904

    Google Scholar 

  61. Wang H, Xiong D, Wang P, Liu Y (2017) A lightweight XMPP publish/subscribe scheme for resource-constrained IoT devices. IEEE Access 5:16393–16405

    Article  Google Scholar 

  62. Wang KH, Chen CM, Fang W, Wu TY (2018) On the security of a new ultra-lightweight authentication protocol in IoT environment for RFID tags. J Supercomput 74(1):65–70

    Article  Google Scholar 

  63. Wu XW, Yang EH, Wang J (2017) Lightweight security protocols for the Internet of Things. In: 2017 IEEE 28th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), pp 1–7

    Google Scholar 

  64. Yassein MB, Shatnawi MQ, Al-zoubi D (2016) Application layer protocols for the Internet of Things: a survey. In: 2016 International Conference on Engineering MIS (ICEMIS), pp 1–4

    Google Scholar 

  65. Zheng P, Wang H, Sang Z, Zhong RY, Liu Y, Liu C, Mubarok K, Yu S, Xu X (2018) Smart manufacturing systems for industry 4.0: conceptual framework, scenarios, and future perspectives. Front Mech Eng 13(2):137–150

    Article  Google Scholar 

  66. Zhong RY, Xu X, Klotz E, Newman ST (2017) Intelligent manufacturing in the context of Industry 4.0: a review. Engineering 3(5):616–630

    Article  Google Scholar 

  67. Zhou W, Zhang Y, Liu P (2018) The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. CoRR abs/1802.03110

    Google Scholar 

Download references

Acknowledgements

This work has been mainly supported by the EU H2020 project SealGRID (8.06.UE/47.8035), with partial support of the project DISS-IIoT financed by the University of Malaga (UMA) by means of the “I Plan Propio de Investigación y Transferencia” of UMA where specific knowledge about assembly and configuration of IIoT and control components has been widely received.

Author information

Authors and Affiliations

  1. Computer Science Department, University of Malaga, Malaga, Spain

    Cristina Alcaraz

Authors
  1. Cristina Alcaraz
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Cristina Alcaraz .

Editor information

Editors and Affiliations

  1. Department of Informatics, Athens University of Economics and Business, Athens, Greece

    Dimitris Gritzalis

  2. Directorate E. Space, Security and Migration European Commission – Joint Research Centre, Ispra, Italy

    Marianthi Theocharidou

  3. Department of Informatics, Athens University of Economics and Business, Athens, Greece

    George Stergiopoulos

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Alcaraz, C. (2019). Secure Interconnection of IT-OT Networks in Industry 4.0. In: Gritzalis, D., Theocharidou, M., Stergiopoulos, G. (eds) Critical Infrastructure Security and Resilience. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-00024-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-00024-0_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-00023-3

  • Online ISBN: 978-3-030-00024-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation