Obálka

End-to-End Framework for Identifying Vulnerabilities of Operational Technology Protocols and Their Implementations in Industrial IoT

Uloženo v:
Vydáno v:Future Internet vol. 17, no. 1 (2025), p. 34
Hlavní autor: Boeding, Matthew
Další autoři: Hempel, Michael, Sharif, Hamid
Vydáno:
MDPI AG
Témata:
Behavior
Performance evaluation
Protocol
Hardware-in-the-loop simulation
Communication
Test procedures
Modelling
Optimization
Cybersecurity
Remote monitoring
Systems stability
Virtual networks
Air monitoring
Distributed processing
Simulation
Convergence
Digital twins
Network reliability
Industrial Internet of Things
Design
Industrial applications
Communications systems
Real time
Software
Critical infrastructure
On-line přístup:Citation/Abstract
Full Text + Graphics
Full Text - PDF
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Abstrakt:The convergence of IT and OT networks has gained significant attention in recent years, facilitated by the increase in distributed computing capabilities, the widespread deployment of Internet of Things devices, and the adoption of Industrial Internet of Things. This convergence has led to a drastic increase in external access capabilities to previously air-gapped industrial systems for process control and monitoring. To meet the need for remote access to system information, protocols designed for the OT space were extended to allow IT networked communications. However, OT protocols often lack the rigor of cybersecurity capabilities that have become a critical characteristic of IT protocols. Furthermore, OT protocol implementations on individual devices can vary in performance, requiring the comprehensive evaluation of a device’s reliability and capabilities before installation into a critical infrastructure production network. In this paper, the authors define a framework for identifying vulnerabilities within these protocols and their on-device implementations, utilizing formal modeling, hardware in the loop-driven network emulation, and fully virtual network scenario simulation. Initially, protocol specifications are modeled to identify any vulnerable states within the protocol, leveraging the Construction and Analysis of Distributed Processes (CADP) software (version 2022-d “Kista”, which was created by Inria, the French Institute for Research in Computer Science and Automation, in France). Device characteristics are then extracted through automated real-time network emulation tests built on the OMNET++ framework, and all measured device characteristics are then used as a virtual device representation for network simulation tests within the OMNET++ software (version 6.0.1., a public-soucre, open-architecture software, initially developed by OpenSim Limited in Budapest, Hungary), to verify the presence of any potential vulnerabilities identified in the formal modeling stage. With this framework, the authors have thus defined an end-to-end process to identify and verify the presence and impact of potential vulnerabilities within a protocol, as shown by the presented results. Furthermore, this framework can test protocol compliance, performance, and security in a controlled environment before deploying devices in live production networks and addressing cybersecurity concerns.
ISSN:1999-5903
DOI:10.3390/fi17010034
Zdroj:ABI/INFORM Global