Software defined networking sareetako segurtasuna industria 4.0-N

Proiektu honen helburua irakurlea SDN (Software Defined Networking) arloan sartzea da eta horri dagokion zibersegurtasunean sakontzea, bereziki industria 4.0-ri dagokionez. Gaur egun sare hauek duten garrantzia aurkeztu ondoren, hurrengo pausoa sare hauen inguruko zerbitzu eta azpiegituretan sor daitezkeen arazoak aztertzea izango da. Kontroladoreari dagokionez, helburua software desberdinak ikertzea, frogatzea eta segurtasunaren arloan bakoitzaren egokitasuna ikustea izango da, sistema hauetako atal garrantzitsuena baita. Gainera, egoera erreal batzuk simulatuko dira ondorioak justifikatu eta dokumentatzeko, horrek definituko baitu proiektuaren arrakasta eta prozesuaren balioa.El objetivo de este proyecto es introducir al lector en SDN (Software Defined Networking) y profundizar en todo lo que afecta a la ciberseguridad en ese área, especialmente en lo que respecta a Industria 4.0. Después de presentar la importancia de estas redes hoy en día, el siguiente paso será examinar diferentes problemas que puedan surgir en los servicios e infraestructuras alrededor de estas redes. En lo que respecta al controlador, que es una de las partes más importantes de estos sistemas, el objetivo es probar diferentes softwares e identificar su idoneidad en cuanto a seguridad. Además, se simularán varias situaciones reales para documentar las decisiones, lo que definirá el éxito del proyecto.The aim of this project is to introduce the reader into SDN (Software Defined Networking) and to remark everything that involves cybersecurity in that area, specially regarding Industry 4.0. After showing the importance of these networks nowadays, next step is to examine the problems that can occur in services and infrastructure around it. When it comes to the "controller", which is one of the most crucial parts of these kind of systems, the goal is to try different software and to identify their suitability in terms of security. Furthermore, simulating various situations will help to document the outcome, which will define if the project is successful and the value of the process

Improving efficiency and security of IIoT communications using in-network validation of server certificate

The use of advanced communications and smart mechanisms in industry is growing rapidly, making cybersecurity a critical aspect. Currently, most industrial communication protocols rely on the Transport Layer Security (TLS) protocol to build their secure version, providing confidentiality, integrity and authentication. In the case of UDP-based communications, frequently used in Industrial Internet of Things (IIoT) scenarios, the counterpart of TLS is Datagram Transport Layer Security (DTLS), which includes some mechanisms to deal with the high unreliability of the transport layer. However, the (D)TLS handshake is a heavy process, specially for resource-deprived IIoT devices and frequently, security is sacrificed in favour of performance. More specifically, the validation of digital certificates is an expensive process from the time and resource consumption point of view. For this reason, digital certificates are not always properly validated by IIoT devices, including the verification of their revocation status; and when it is done, it introduces an important delay in the communications. In this context, this paper presents the design and implementation of an in-network server certificate validation system that offloads this task from the constrained IIoT devices to a resource-richer network element, leveraging data plane programming (DPP). This approach enhances security as it guarantees that a comprehensive server certificate verification is always performed. Additionally, it increases performance as resource-expensive tasks are moved from IIoT devices to a resource-richer network element. Results show that the proposed solution reduces DTLS handshake times by 50–60 %. Furthermore, CPU use in IIoT devices is also reduced, resulting in an energy saving of about 40 % in such devices.This work was financially supported by the Spanish Ministry of Science and Innovation through the TRUE-5G project PID2019-108713RB-C54/AEI/10.13039/501100011033. It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012), and by the Basque Country Government under the ELKARTEK Program, project REMEDY - Real tiME control and embeddeD securitY (KK-2021/00091)

Achieving Low Latency Communications in Smart Industrial Networks with Programmable Data Planes

Industrial networks are introducing Internet of Things (IoT) technologies in their manufacturing processes in order to enhance existing methods and obtain smarter, greener and more effective processes. Global predictions forecast a massive widespread of IoT technology in industrial sectors in the near future. However, these innovations face several challenges, such as achieving short response times in case of time-critical applications. Concepts like in-network computing or edge computing can provide adequate communication quality for these industrial environments, and data plane programming has been proved as a useful mechanism for their implementation. Specifically, P4 language is used for the definition of the behavior of programmable switches and network elements. This paper presents a solution for industrial IoT (IIoT) network communications to reduce response times using in-network computing through data plane programming and P4. Our solution processes Message Queuing Telemetry Transport (MQTT) packets sent by a sensor in the data plane and generates an alarm in case of exceeding a threshold in the measured value. The implementation has been tested in an experimental facility, using a Netronome SmartNIC as a P4 programmable network device. Response times are reduced by 74% while processing, and delay introduced by the P4 network processing is insignificant.This work was supported in part by the Spanish Ministry of Science and Innovation through the national project (PID2019-108713RB-C54) titled “Towards zeRo toUch nEtwork and services for beyond 5G” (TRUE-5G), and in part by the “Smart Factories of the Future” (5G-Factories) (COLAB19/06) project