اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدSecure Links: Secure-by-Design Communications in IEC 61499 Industrial Control Applications
191
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Increasing automation and external connectivity in industrial control systems (ICS) demand a greater emphasis on software-level communication security. In this article, we propose a secure-by-design development method for building ICS applications, where requirements from security standards like ISA/IEC 62443 are fulfilled by design-time abstractions called secure links. Proposed as an extension to the IEC 61499 development standard, secure links incorporate both light-weight and traditional security mechanisms into applications with negligible effort. Applications containing secure links can be automatically compiled into fully IEC 61499-compliant software. Experimental results show secure links significantly reduce design and code complexity and improve application maintainability and requirements traceability.
قيم البحث
اقرأ أيضاً
Programmable Logic Controllers (PLCs) execute critical control software that drives Industrial Automation and Control Systems (IACS). PLCs can become easy targets for cyber-adversaries as they are resource-constrained and are usually built using lega
cy, less-capable security measures. Security attacks can significantly affect system availability, which is an essential requirement for IACS. We propose a method to make PLC applications more security-aware. Based on the well-known IEC 61499 function blocks standard for developing IACS software, our method allows designers to annotate critical parts of an application during design time. On deployment, these parts of the application are automatically secured using appropriate security mechanisms to detect and prevent attacks. We present a summary of availability attacks on distributed IACS applications that can be mitigated by our proposed method. Security mechanisms are achieved using IEC 61499 Service-Interface Function Blocks (SIFBs) embedding Intrusion Detection and Prevention System (IDPS), added to the application at compile time. This method is more amenable to providing active security protection from attacks on previously unknown (zero-day) vulnerabilities. We test our solution on an IEC 61499 application executing on Wago PFC200 PLCs. Experiments show that we can successfully log and prevent attacks at the application level as well as help the application to gracefully degrade into safe mode, subsequently improving availability.
Significant developments have taken place over the past few years in the area of vehicular communication (VC) systems. Now, it is well understood in the community that security and protection of private user information are a prerequisite for the dep
loyment of the technology. This is so, precisely because the benefits of VC systems, with the mission to enhance transportation safety and efficiency, are at stake. Without the integration of strong and practical security and privacy enhancing mechanisms, VC systems could be disrupted or disabled, even by relatively unsophisticated attackers. We address this problem within the SeVeCom project, having developed a security architecture that provides a comprehensive and practical solution. We present our results in a set of two papers in this issue. In this first one, we analyze threats and types of adversaries, we identify security and privacy requirements, and we present a spectrum of mechanisms to secure VC systems. We provide a solution that can be quickly adopted and deployed. In the second paper, we present our progress towards the implementation of our architecture and results on the performance of the secure VC system, along with a discussion of upcoming research challenges and our related current results.
Quantum computing and quantum communications are exciting new frontiers in computing and communications. Indeed, the massive investments made by the governments of the US, China, and EU in these new technologies are not a secret and are based on the
expected potential of these technologies to revolutionize communications, computing, and security. In addition to several field trials and hero experiments, a number of companies such as Google and IBM are actively working in these areas and some have already reported impressive demonstrations in the past few years. While there is some skepticism about whether quantum cryptography will eventually replace classical cryptography, the advent of quantum computing could necessitate the use of quantum cryptography as the ultimate frontier of secure communications. This is because, with the amazing speeds demonstrated with quantum computers, breaking cryptographic keys might no longer be a daunting task in the next decade or so. Hence, quantum cryptography as the ultimate frontier in secure communications might not be such a far-fetched idea. It is well known that Heisenbergs Uncertainty Principle is essentially a negative result in Physics and Quantum Mechanics. It turns out that Heisenbergs Uncertainty Principle, one of the most interesting results in Quantum Mechanics, could be the theoretical basis and the main scientific principle behind the ultimate frontier in quantum cryptography or secure communications in conjunction with Quantum Entanglement.
Unmanned aerial vehicles (UAVs) can be utilized as aerial base stations to provide communication service for remote mobile users due to their high mobility and flexible deployment. However, the line-of-sight (LoS) wireless links are vulnerable to be
intercepted by the eavesdropper (Eve), which presents a major challenge for UAV-aided communications. In this paper, we propose a latency-minimized transmission scheme for satisfying legitimate users (LUs) content requests securely against Eve. By leveraging physical-layer security (PLS) techniques, we formulate a transmission latency minimization problem by jointly optimizing the UAV trajectory and user association. The resulting problem is a mixed-integer nonlinear program (MINLP), which is known to be NP hard. Furthermore, the dimension of optimization variables is indeterminate, which again makes our problem very challenging. To efficiently address this, we utilize bisection to search for the minimum transmission delay and introduce a variational penalty method to address the associated subproblem via an inexact block coordinate descent approach. Moreover, we present a characterization for the optimal solution. Simulation results are provided to demonstrate the superior performance of the proposed design.
Information leakage rate is an intuitive metric that reflects the level of security in a wireless communication system, however, there are few studies taking it into consideration. Existing work on information leakage rate has two major limitations d
ue to the complicated expression for the leakage rate: 1) the analytical and numerical results give few insights into the trade-off between system throughput and information leakage rate; 2) and the corresponding optimal designs of transmission rates are not analytically tractable. To overcome such limitations and obtain an in-depth understanding of information leakage rate in secure wireless communications, we propose an approximation for the average information leakage rate in the fixed-rate transmission scheme. Different from the complicated expression for information leakage rate in the literature, our proposed approximation has a low-complexity expression, and hence, it is easy for further analysis. Based on our approximation, the corresponding approximate optimal transmission rates are obtained for two transmission schemes with different design objectives. Through analytical and numerical results, we find that for the system maximizing throughput subject to information leakage rate constraint, the throughput is an upward convex non-decreasing function of the security constraint and much too loose security constraint does not contribute to higher throughput; while for the system minimizing information leakage rate subject to throughput constraint, the average information leakage rate is a lower convex increasing function of the throughput constraint.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
