Companies are generally focused on how to improve their global performance. Concepts, methods and tools are regularly used to transform them. Key performance indicators are used to measure how performance is increased...Companies are generally focused on how to improve their global performance. Concepts, methods and tools are regularly used to transform them. Key performance indicators are used to measure how performance is increased. Industry 4.0 concepts and sustainability expectations actually contribute to this performance improvement. Indeed, cybersecurity as one of these concepts is required to increase the company performance. Even if it is well-known and applied in companies through the protection of their information systems, progress is expected in research on how to ensure the security of data and factory processes in the manufacturing, as the number of cyberattacks towards industries is growing these last few years. This paper aims to increase the company performance and sustainability to enforce factory machines protection by creating private security network groups. But currently, most of the Programmable Logic Controller PLC protocols have not been securely designed. Thus, the creation of secure groups of machines by combining strong authentication, strong or lightweight ciphering, and data stream integrity is proposed. The security is enforced by a continuous key’s renewal algorithm. An experiment on an industry’s architecture has been led to validate the concepts of the proposition. The study is compared to existing OPC-UA and MACsec standards in terms of drawbacks and advantages. This work could be implemented in hardware for further performance improvement.展开更多
Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-inde...Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-independent time-proven security knowledge and expertise. How are they useful for developing secure IoT-based smart systems? Are there architectures that support IoT security? We aim to systematically review the research work published on patterns and architectures for IoT security (and privacy). Then, we want to provide an analysis on that research landscape to answer our research questions. We follow the well-known guidelines for conducting systematic literature reviews. From thousands of candidate papers initially found in our search process, we have systematically distinguished and analyzed thirty-six (36) papers that have been peer-reviewed and published around patterns and architectures for IoT security and privacy in the last decade (January 2010–December 2020). Our analysis shows that there is a rise in the number of publications tending to patterns and architectures for IoT security in the last three years. We have not seen any approach of applying systematically architectures and patterns together that can address security (and privacy) concerns not only at the architectural level, but also at the network or IoT devices level. We also explored how the research contributions in the primary studies handle the different issues from the OWASP Internet of Things (IoT) top ten vulnerabilities list. Finally, we discuss the current gaps in this research area and how to fill in the gaps for promoting the utilization of patterns for IoT security and privacy by design.展开更多
文摘Companies are generally focused on how to improve their global performance. Concepts, methods and tools are regularly used to transform them. Key performance indicators are used to measure how performance is increased. Industry 4.0 concepts and sustainability expectations actually contribute to this performance improvement. Indeed, cybersecurity as one of these concepts is required to increase the company performance. Even if it is well-known and applied in companies through the protection of their information systems, progress is expected in research on how to ensure the security of data and factory processes in the manufacturing, as the number of cyberattacks towards industries is growing these last few years. This paper aims to increase the company performance and sustainability to enforce factory machines protection by creating private security network groups. But currently, most of the Programmable Logic Controller PLC protocols have not been securely designed. Thus, the creation of secure groups of machines by combining strong authentication, strong or lightweight ciphering, and data stream integrity is proposed. The security is enforced by a continuous key’s renewal algorithm. An experiment on an industry’s architecture has been led to validate the concepts of the proposition. The study is compared to existing OPC-UA and MACsec standards in terms of drawbacks and advantages. This work could be implemented in hardware for further performance improvement.
基金The research leading to these results has partially received funding from the European Commission's H2020 Programme under the grant agreement numbers 958363(Dat4.ZERO)958357(InterQ).
文摘Security of the Internet of Things (IoT)-based Smart Systems involving sensors, actuators and distributed control loop is of paramount importance but very difficult to address. Security patterns consist of domain-independent time-proven security knowledge and expertise. How are they useful for developing secure IoT-based smart systems? Are there architectures that support IoT security? We aim to systematically review the research work published on patterns and architectures for IoT security (and privacy). Then, we want to provide an analysis on that research landscape to answer our research questions. We follow the well-known guidelines for conducting systematic literature reviews. From thousands of candidate papers initially found in our search process, we have systematically distinguished and analyzed thirty-six (36) papers that have been peer-reviewed and published around patterns and architectures for IoT security and privacy in the last decade (January 2010–December 2020). Our analysis shows that there is a rise in the number of publications tending to patterns and architectures for IoT security in the last three years. We have not seen any approach of applying systematically architectures and patterns together that can address security (and privacy) concerns not only at the architectural level, but also at the network or IoT devices level. We also explored how the research contributions in the primary studies handle the different issues from the OWASP Internet of Things (IoT) top ten vulnerabilities list. Finally, we discuss the current gaps in this research area and how to fill in the gaps for promoting the utilization of patterns for IoT security and privacy by design.
