A lightweight authentication mechanism for M2M communications in industrial IoT environment

In the emerging Industrial IoT era, Machine-to-Machine (M2M) communication technology is considered as a key underlying technology for building Industrial IoT environments where devices (e.g., sensors, actuators, gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the Industrial IoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the Industrial IoT environment. Therefore, lightweight security mechanisms are required for M2M communications in Industrial IoT in order to reach its full potential. As a step towards this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in Industrial IoT environment. The proposed mechanism is characterized by low computational cost, communication and storage overhead, while achieving mutual authentication, session key agreement, device’s identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack

Distributed Control Architecture

This document describes the development and testing of a novel Distributed Control Architecture (DCA). The DCA developed during the study is an attempt to turn the components used to construct unmanned vehicles into a network of intelligent devices, connected using standard networking protocols. The architecture exists at both a hardware and software level and provides a communication channel between control modules, actuators and sensors. A single unified mechanism for connecting sensors and actuators to the control software will reduce the technical knowledge required by platform integrators and allow control systems to be rapidly constructed in a Plug and Play manner. DCA uses standard networking hardware to connect components, removing the need for custom communication channels between individual sensors and actuators. The use of a common architecture for the communication between components should make it easier for software to dynamically determine the vehicle s current capabilities and increase the range of processing platforms that can be utilised. Implementations of the architecture currently exist for Microsoft Windows, Windows Mobile 5, Linux and Microchip dsPIC30 microcontrollers. Conceptually, DCA exposes the functionality of each networked device as objects with interfaces and associated methods. Allowing each object to expose multiple interfaces allows for future upgrades without breaking existing code. In addition, the use of common interfaces should help facilitate component reuse, unit testing and make it easier to write generic reusable software

Communication model using Data distribution service and communication security assessment

Diplomová práca sa zameriava na problematiku middleware vrstvy v distribuovaných systémoch. Uvádza typicky používané komunikačné protokoly a štandardy, ktoré na tejto vrstve pracujú. Jej užšie zameranie je z hľadiska teoretickej aj praktickej časti na špecifikáciu OMG DDS. Priblížené sú jej základné funkcionality a architektúra spolu s jednotlivými prvkami. V práci je taktiež popísaný RTPS protokol. Na záver teoretickej časti sú popísané existujúce implementácie štandardu OMG DDS. V praktickej časti je využitá OpenDDS 3.13 implementácia tejto špecifikácie. Otestované je jej nasadenie na rôznych platformách. V ďalšej časti je overená vlastnosť zabezpečenia prenosu dát pomocou beta verzie OMG DDS Security, ktorú táto implementácia obsahuje. Porovnaný je zabezpečený a nezabezpečený prenos. V distribuovaných systémoch je dôležité aj oneskorenie prenosu systému. Pre analýzu rôznych vplyvov na výsledné oneskorenie prenosu je v praktickej časti vytvorený DDS systém, ktorý meria oneskorenie pri rôznych nastaveniach QoS a zabezpečení. Prevedené a analyzované sú merania pri rôznych vlastnostiach prenosu. Z výsledkov meraní sú zrejme vplyvy výkonu zariadenia pri zvyšovaní veľkosti odosielaných vzoriek. Zaznamené sú rozdiely oneskorenia medzi spoľahlivým a nespoľahlivým a zabezpečeným a nezabezpečeným prenosom. Uskutočnené sú aj merania medzi 2 fyzickými zariadeniami s útočníkom a bez neho. Útok je typu MITM a zachytáva RTPS prenos ktorý mu nie je určený.The diploma thesis is focusing on middleware layer in distributed systems. It introduces typically used communication protocols and standards operating on this layer. In theoretical part it brings closer look at OMG DDS specification. This part contains fundamental functionalities of this specification along with its architecture blocks. Thesis also describes the RTPS protocol functionality. Existing implementations of OMG DDS standard are described at the end of theoretical part. OpenDDS 3.13 implementation is used in practical part of thesis. It is deployed and tested on various platforms. Next part verifies option of securing RTPS data stream using beta version of OMG DDS Security, which OpenDDS 3.13 implementation contains. Secured and unsecured data flows are being compared. Latency of data stream is also important, especially in distributed systems. DDS system, which measures latency of RTPS stream is created in practical part. Latency of this DDS system can be measured in various configurations. Difference of devices’ performance used in measurements can be clearly seen in latency results where the size of data samples is increasing. Differences of measured latency are also recognizable between reliable and unreliable and secure and unsecure RTPS stream. Part of measurements is made between 2 physical devices with and without an attacker. Type of attack is MITM and it captures RTPS flow, which does not belong to attacking machine.

Edge and Big Data technologies for Industry 4.0 to create an integrated pre-sale and after-sale environment

The fourth industrial revolution, also known as Industry 4.0, has rapidly gained traction in businesses across Europe and the world, becoming a central theme in small, medium, and large enterprises alike. This new paradigm shifts the focus from locally-based and barely automated firms to a globally interconnected industrial sector, stimulating economic growth and productivity, and supporting the upskilling and reskilling of employees. However, despite the maturity and scalability of information and cloud technologies, the support systems already present in the machine field are often outdated and lack the necessary security, access control, and advanced communication capabilities. This dissertation proposes architectures and technologies designed to bridge the gap between Operational and Information Technology, in a manner that is non-disruptive, efficient, and scalable. The proposal presents cloud-enabled data-gathering architectures that make use of the newest IT and networking technologies to achieve the desired quality of service and non-functional properties. By harnessing industrial and business data, processes can be optimized even before product sale, while the integrated environment enhances data exchange for post-sale support. The architectures have been tested and have shown encouraging performance results, providing a promising solution for companies looking to embrace Industry 4.0, enhance their operational capabilities, and prepare themselves for the upcoming fifth human-centric revolution

A quality of service based framework for dynamic, dependable systems

There is currently much UK government and industry interest towards the integration of complex computer-based systems, including those in the military domain. These systems can include both mission critical and safety critical applications, and therefore require the dependable communication of data. Current modular military systems requiring such performance guarantees are mostly based on parameters and system states fixed during design time, thus allowing a predictable estimate of performance. These systems can exhibit a limited degree of reconfiguration, but this is typically within the constraints of a predefined set of configurations. The ability to reconfigure systems more dynamically, could lead to further increased flexibility and adaptability, resulting in the better use of existing assets. Current software architecture models that are capable of providing this flexibility, however, tend to lack support for dependable performance. This thesis explores the benefits for the dependability of future dynamic systems, built on a publish/subscribe model, from using Quality of Service (QoS) methods to map application level data communication requirements to available network resources. Through this, original contributions to knowledge are created, including; the proposal of a QoS framework that specifies a way of defining flexible levels of QoS characteristics and their use in the negotiation of network resources, a simulation based evaluation of the QoS framework and specifically the choice of negotiation algorithm used, and a test-bed based feasibility study. Simulation experimentation conducted comparing different methods of QoS negotiation gives a clear indication that the use of the proposed QoS framework and flexible negotiation algorithm can provide a benefit in terms of system utility, resource utilisation, and system stability. The choice of negotiation algorithm has a particularly strong impact on these system properties. The cost of these benefits comes in terms of the processing power and execution time required to reach a decision on the acceptance of a subscriber. It is suggested, given this cost, that when computational resources are limited, a simpler priority based negotiation algorithm should be used. Where system resources are more abundant, however, the flexible negotiation algorithm proposed within the QoS framework can offer further benefits. Through the implementation of the QoS framework within an existing military avionics software architecture based emulator on a test-bed, both the technical challenges that will need to be overcome and, more importantly, the potential viability for the inclusion of the QoS framework have been demonstrated