Physical Layer Encryption for Industrial Ethernet in Gigabit Optical Links

Industrial Ethernet is a technology widely spread in factory floors and critical infrastructures where a high amount of data need to be collected and transported. Fiber optic networks at gigabit rates fit well with that type of environments where speed, system performance and reliability are critical. In this work a new encryption method for high speed optical communications suitable for such kind of networks is proposed. This new encryption method consists of a symmetric streaming encryption of the 8b/10b data flow at PCS (Physical Coding Sublayer) level. It is carried out thanks to an FPE (Format Preserving Encryption) blockcipher working in CTR (Counter) mode. The overall system has been simulated and implemented in an FPGA (Field Programmable Gate Array). Thanks to experimental results it can be concluded that it is possible to cipher traffic at this physical level in a secure way. In addition, no overhead is introduced during encryption, getting minimum latency and maximum throughput

One datum and many values for sustainable Industry 4.0: a prognostic and health management use case

Industrial context of today, driven by the Industry 4.0 paradigm, is overwhelmed by data. Decreasing cost of innovative technologies, and recent market dynamics have pushed and pulled respectively for those architectures and practices in which data are the masters. While advancing, we have to take care of waste, even though intangibility of data makes them hardly connected to waste. In this paper we are going to reflect on data intensive context of today, focusing on the industrial sector. A smart approach for fully exploiting data collecting infrastructures is proposed, and its declination in a prognostic and health management (PHM) use case set inside an automatic painting system is presented. The contributions of this papers are mainly two: first of all, the general conceptual take-away of "data re-use" is presented and discussed. Moreover, a PHM solution for painting system's number plates, based on optical character recognition (OCR), is proposed and tested as a proof-of-concept for the "data re-use" concept. Summarizing, the already-in-use data sharing principle for achieving transparency and integration inside Industry 4.0, is presented as complementary with the proposed "data re-use", in order to develop a really sustainable shift toward the future

Physical Layer Encryption for Industrial Ethernet in Gigabit Optical Links

Industrial Ethernet is a technology widely spread in factory floors and critical infrastructures where a high amount of data need to be collected and transported. Fiber optic networks at gigabit rates fit well with that type of environment, where speed, system performance, and reliability are critical. In this paper, a new encryption method for high-speed optical communications suitable for such kinds of networks is proposed. This new encryption method consists of a symmetric streaming encryption of the 8b/10b data flow at physical coding sublayer level. It is carried out thanks to a format preserving encryption block cipher working in CTR (counter) mode. The overall system has been simulated and implemented in a field programmable gate array. Thanks to experimental results, it can be concluded that it is possible to cipher traffic at this physical level in a secure way. In addition, no overhead is introduced during encryption, getting minimum latency and maximum throughput

Towards Digital Twin-enabled DevOps for CPS providing Architecture-Based Service Adaptation & Verification at Runtime

Industrial Product-Service Systems (IPSS) denote a service-oriented (SO) way of providing access to CPS capabilities. The design of such systems bears high risk due to uncertainty in requirements related to service function and behavior, operation environments, and evolving customer needs. Such risks and uncertainties are well known in the IT sector, where DevOps principles ensure continuous system improvement through reliable and frequent delivery processes. A modular and SO system architecture complements these processes to facilitate IT system adaptation and evolution. This work proposes a method to use and extend the Digital Twins (DTs) of IPSS assets for enabling the continuous optimization of CPS service delivery and the latter's adaptation to changing needs and environments. This reduces uncertainty during design and operations by assuring IPSS integrity and availability, especially for design and service adaptations at CPS runtime. The method builds on transferring IT DevOps principles to DT-enabled CPS IPSS. The chosen design approach integrates, reuses, and aligns the DT processing and communication resources with DevOps requirements derived from literature. We use these requirements to propose a DT-enabled self-adaptive CPS model, which guides the realization of DT-enabled DevOps in CPS IPSS. We further propose detailed design models for operation-critical DTs that integrate CPS closed-loop control and architecture-based CPS adaptation. This integrated approach enables the implementation of A/B testing as a use case and central concept to enable CPS IPSS service adaptation and reconfiguration. The self-adaptive CPS model and DT design concept have been validated in an evaluation environment for operation-critical CPS IPSS. The demonstrator achieved sub-millisecond cycle times during service A/B testing at runtime without causing CPS operation interferences and downtime.Comment: Final published version appearing in 17th Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS 2022

Industrial robotics in factory automation: from the early stage to the Internet of Things

Robotics is a surprisingly old discipline, and robots have shaped industry and the various industrial revolutions for many decades. This paper covers topics relevant to the IES Technical Committee on Factory Automation, focusing in particular on the evolution of industrial robotics. After providing a historical perspective on the topic, the paper addresses current and future trends, revealing the close link between the progress in industrial robotics and the parallel evolution of industrial communication systems, which represent an enabling technology for modern industrial robotics.Peer ReviewedPostprint (author's final draft

Software Defined Networking Firewall for Industry 4.0 Manufacturing Systems

[EN] Purpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal. Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines. Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section. Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.This research has been partially funded by the European Commission, under Grant Agreement 723710.Tsuchiya, A.; Fraile Gil, F.; Koshijima, I.; Ortiz Bas, Á.; Poler, R. (2018). Software Defined Networking Firewall for Industry 4.0 Manufacturing Systems. Journal of Industrial Engineering and Management. 11(2):318-332. https://doi.org/10.3926/jiem.2534S31833211

A Comprehensive Review on Time Sensitive Networks with a Special Focus on Its Applicability to Industrial Smart and Distributed Measurement Systems

The groundbreaking transformations triggered by the Industry 4.0 paradigm have dramati-cally reshaped the requirements for control and communication systems within the factory systems of the future. The aforementioned technological revolution strongly affects industrial smart and distributed measurement systems as well, pointing to ever more integrated and intelligent equipment devoted to derive accurate measurements. Moreover, as factory automation uses ever wider and complex smart distributed measurement systems, the well-known Internet of Things (IoT) paradigm finds its viability also in the industrial context, namely Industrial IoT (IIoT). In this context, communication networks and protocols play a key role, directly impacting on the measurement accuracy, causality, reliability and safety. The requirements coming both from Industry 4.0 and the IIoT, such as the coexistence of time-sensitive and best effort traffic, the need for enhanced horizontal and vertical integration, and interoperability between Information Technology (IT) and Operational Technology (OT), fostered the development of enhanced communication subsystems. Indeed, established tech-nologies, such as Ethernet and Wi-Fi, widespread in the consumer and office fields, are intrinsically non-deterministic and unable to support critical traffic. In the last years, the IEEE 802.1 Working Group defined an extensive set of standards, comprehensively known as Time Sensitive Networking (TSN), aiming at reshaping the Ethernet standard to support for time-, mission-and safety-critical traffic. In this paper, a comprehensive overview of the TSN Working Group standardization activity is provided, while contextualizing TSN within the complex existing industrial technological panorama, particularly focusing on industrial distributed measurement systems. In particular, this paper has to be considered a technical review of the most important features of TSN, while underlining its applicability to the measurement field. Furthermore, the adoption of TSN within the Wi-Fi technology is addressed in the last part of the survey, since wireless communication represents an appealing opportunity in the industrial measurement context. In this respect, a test case is presented, to point out the need for wirelessly connected sensors networks. In particular, by reviewing some literature contributions it has been possible to show how wireless technologies offer the flexibility necessary to support advanced mobile IIoT applications