ABSTRACT
Today, embedded, mobile, and cyberphysical systems are ubiquitous and used in many applications, from industrial control systems, modern vehicles, to critical infrastructure. Current trends and initiatives, such as "Industrie 4.0" and Internet of Things (IoT), promise innovative business models and novel user experiences through strong connectivity and effective use of next generation of embedded devices. These systems generate, process, and exchange vast amounts of security-critical and privacy-sensitive data, which makes them attractive targets of attacks. Cyberattacks on IoT systems are very critical since they may cause physical damage and even threaten human lives. The complexity of these systems and the potential impact of cyberattacks bring upon new threats.
This paper gives an introduction to Industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.
- SmartFactory --- From Vision to Reality in Factory Technologies. International Federation of Automatic Control, 2008.Google Scholar
- C. Alcaraz, R. Roman, P. Najera, and J. Lopez. Security of industrial sensor network-based remote substations in the context of the internet of things. Ad Hoc Netw., 11(3), 2013. Google ScholarDigital Library
- W. Arbaugh, D. Farber, and J. Smith. A secure and reliable bootstrap architecture. In IEEE Symposium on Security and Privacy (S&P), 1997. Google ScholarDigital Library
- F. Armknecht, A.-R. Sadeghi, S. Schulz, and C. Wachsmann. A security framework for the analysis and design of software attestation. In ACM Conference on Computer & Communications Security (CCS). ACM, 2013. Google ScholarDigital Library
- M. Blackstock and R. Lea. Toward interoperability in a web of things. In ACM Conference on Pervasive and Ubiquitous Computing Adjunct Publication (UbiComp). ACM, 2013. Google ScholarDigital Library
- F. Brasser, P. Koeberl, B. E. Mahjoub, A.-R. Sadeghi, and C. Wachsmann. TyTAN: Tiny trust anchor for tiny devices. In Design Automation Conference (DAC). ACM, 2015. Google ScholarDigital Library
- E. Byres and J. Lowe. The myths and facts behind cyber security risks for industrial control systems. Technical report, PA Consulting Group, 2004.Google Scholar
- S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. Comprehensive experimental analyses of automotive attack surfaces. In USENIX Conference on Security. USENIX Association, 2011. Google ScholarDigital Library
- D. J. Cook and S. K. Das. How smart are our environments? An updated look at the state of the art. Pervasive Mob. Comput., 3(2), 2007. Google ScholarDigital Library
- A. Costin, J. Zaddach, A. Francillon, and D. Balzarotti. A large-scale analysis of the security of embedded firmwares. In USENIX Conference on Security Symposium. USENIX Association, 2014. Google ScholarDigital Library
- A. Cui and S. J. Stolfo. A quantitative analysis of the insecurity of embedded network devices: Results of a wide-area scan. In Annual Computer Security Applications Conference (ACSAC). ACM, 2010. Google ScholarDigital Library
- D. Dzung, M. Naedele, T. von Hoff, and M. Crevatin. Security for industrial communication systems. Proceedings of the IEEE, 93(6), 2005.Google ScholarCross Ref
- K. Eldefrawy, A. Francillon, D. Perito, and G. Tsudik. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS), 2012.Google Scholar
- K. Eldefrawy, G. Tsudik, A. Francillon, and D. Perito. SMART: Secure and minimal architecture for (establishing a dynamic) root of trust. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2012.Google Scholar
- A. Francillon, Q. Nguyen, K. B. Rasmussen, and G. Tsudik. A minimalist approach to remote attestation. In Conference on Design, Automation & Test in Europe (DATE). European Design and Automation Association, 2014. Google ScholarDigital Library
- R. W. Gardner, S. Garera, and A. D. Rubin. Detecting code alteration by creating a temporary memory bottleneck. Trans. Info. For. Sec., 4(4), 2009. Google ScholarDigital Library
- E. Grosse and M. Upadhyay. Authentication at scale. IEEE Security Privacy, 11(1), 2013. Google ScholarDigital Library
- T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle. Security challenges in the ip-based internet of things. Wirel. Pers. Commun., 61(3), 2011. Google ScholarDigital Library
- G. Hernandez, O. Arias, D. Buentello, and Y. Jin. Smart Nest thermostat --- A smart spy in your home. In BlackHat USA, 2014.Google Scholar
- M. Hoekstra, R. Lal, P. Pappachan, V. Phegade, and J. Del Cuvillo. Using innovative instructions to create trustworthy software solutions. In Hardware and Architectural Support for Security and Privacy (HASP). ACM, 2013. Google ScholarDigital Library
- A. G. Illera and J. V. Vidal. Lights off! The darkness of the smart meters. In BlackHat Europe, 2014.Google Scholar
- M. Kabay. Attacks on power systems: Hackers, malware, 2010.Google Scholar
- H. Kagermann, W. Wahlster, and J. Helbig. Securing the future of German manufacturing industry --- Recommendations for implementing the strategic initiative Industrie 4.0, 2013.Google Scholar
- R. Kennell and L. H. Jamieson. Establishing the genuinity of remote computer systems. In USENIX Security. USENIX Association, 2003. Google ScholarDigital Library
- P. Koeberl, S. Schulz, A.-R. Sadeghi, and V. Varadharajan. TrustLite: A security architecture for tiny embedded devices. In European Conference on Computer Systems (EuroSys). ACM, 2014. Google ScholarDigital Library
- J. Kong, F. Koushanfar, P. K. Pendyala, A.-R. Sadeghi, and C. Wachsmann. PUFatt: Embedded platform attestation based on novel processor-based PUFs. In Design Automation Conference (DAC). ACM, 2014. Google ScholarDigital Library
- K. Koscher, A. Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. Experimental security analysis of a modern automobile. In IEEE Symposium on Security and Privacy (S&P), 2010. Google ScholarDigital Library
- F. Koushanfar, A.-R. Sadeghi, and H. Seudie. Eda for secure and dependable cybercars: Challenges and opportunities. In Proceedings of the 49th Annual Design Automation Conference. ACM, 2012. Google ScholarDigital Library
- X. Kovah, C. Kallenberg, C. Weathers, A. Herzog, M. Albin, and J. Butterworth. New results for timing-based attestation. In IEEE Symposium on Security and Privacy (S&P), 2012. Google ScholarDigital Library
- J. S. Kumar and D. R. Patel. A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11), 2014.Google Scholar
- E. Levy. Crossover: Online pests plaguing the off line world. IEEE Security Privacy, 1(6), 2003. Google ScholarDigital Library
- Y. Li, J. M. McCune, and A. Perrig. VIPER: Verifying the integrity of peripherals' firmware. In ACM Conference on Computer and Communications Security (CCS). ACM, 2011. Google ScholarDigital Library
- J. Liu, Y. Xiao, S. Li, W. Liang, and C. L. P. Chen. Cyber security and privacy issues in smart grids. IEEE Communications Surveys Tutorials, 14(4), 2012.Google ScholarCross Ref
- Y. Liu and G. Zhou. Key technologies and applications of internet of things. In 5th International Conference on Intelligent Computation Technology and Automation (ICICTA), 2012. Google ScholarDigital Library
- J. McCune, Y. Li, N. Qu, Z. Zhou, A. Datta, V. Gligor, and A. Perrig. TrustVisor: Efficient TCB reduction and attestation. In IEEE Symposium on Security and Privacy (S&P), 2010. Google ScholarDigital Library
- F. McKeen, I. Alexandrovich, A. Berenzon, C. V. Rozas, H. Shafi, V. Shanbhogue, and U. R. Savagaonkar. Innovative instructions and software model for isolated execution. In Hardware and Architectural Support for Security and Privacy (HASP). ACM, 2013. Google ScholarDigital Library
- C. Medaglia and A. Serbanati. An overview of privacy and security issues in the internet of things. In The Internet of Things. Springer, 2010.Google ScholarCross Ref
- M. Miettinen, N. Asokan, F. Koushanfar, T. D. Nguyen, J. Rios, A.-R. Sadeghi, M. Sobhani, and S. Yellapantula. I know where you are: Proofs of presence resilient to malicious provers. In ACM Symposium on Information, Computer and Communications Security (ASIACCS). ACM, 2015. Google ScholarDigital Library
- M. Miettinen, N. Asokan, T. D. Nguyen, A.-R. Sadeghi, and M. Sobhani. Context-based zero-interaction pairing and key evolution for advanced personal devices. In Conference on Computer and Communications Security (CCS). ACM, 2014. Google ScholarDigital Library
- B. Miller and D. Rowe. A survey SCADA of and critical infrastructure incidents. In Research in Information Technology (RIIT). ACM, 2012. Google ScholarDigital Library
- C. Miller and C. Valasek. A survey of remote automotive attack surfaces. In BlackHat USA, 2014.Google Scholar
- D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac. Survey internet of things: Vision, applications and research challenges. Ad Hoc Netw., 10(7), 2012. Google ScholarDigital Library
- D. M. Nicol. Hacking the lights out. Scientific American, 305, 2011.Google Scholar
- P. Nixon, W. Wagealla, C. English, and S. Terzis. Security, privacy and trust issues in smart environments, 2004.Google ScholarCross Ref
- J. Noorman, P. Agten, W. Daniels, R. Strackx, A. Van Herrewege, C. Huygens, B. Preneel, I. Verbauwhede, and F. Piessens. Sancus: Low-cost trustworthy extensible networked devices with a zero-software trusted computing base. In USENIX Conference on Security. USENIX Association, 2013. Google ScholarDigital Library
- E. Owusu, J. Guajardo, J. McCune, J. Newsome, A. Perrig, and A. Vasudevan. OASIS: On achieving a sanctuary for integrity and secrecy on untrusted platforms. In ACM Conference on Computer & Communications Security (CCS). ACM, 2013. Google ScholarDigital Library
- H. Park, D. Seo, H. Lee, and A. Perrig. SMATT: Smart meter attestation using multiple target selection and copy-proof memory. In Computer Science and its Applications. Springer, 2012.Google ScholarCross Ref
- B. Parno, J. McCune, and A. Perrig. Bootstrapping trust in commodity computers. In IEEE Symposium on Security and Privacy (S&P), 2010. Google ScholarDigital Library
- N. L. Petroni, Jr., T. Fraser, J. Molina, and W. A. Arbaugh. Copilot --- A coprocessor-based kernel runtime integrity monitor. In USENIX Security Symposium. USENIX Association, 2004. Google ScholarDigital Library
- J. Pollet and J. Cummins. Electricity for free --- The dirty underbelly of SCADA and smart meters. In BlackHat USA, 2010.Google Scholar
- K. Poulsen. Slammer worm crashed Ohio nuke plant network, 2003.Google Scholar
- PR Newswire. Computer virus strikes CSX transportation computers, 2003.Google Scholar
- J. Rifkin. The Third Industrial Revolution: How Lateral Power is Transforming Energy, the Economy, and the World. Palgrave MacMillan, 2011.Google Scholar
- M. Rostami, A. Juels, and F. Koushanfar. Heart-to-heart (h2h): authentication for implanted medical devices. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013. Google ScholarDigital Library
- M. Rostami, F. Koushanfar, and R. Karri. A primer on hardware security: Models, methods, and metrics. Proceedings of the IEEE, 2014.Google ScholarCross Ref
- S. Schulz, A.-R. Sadeghi, and C. Wachsmann. Short paper: Lightweight remote attestation using physical functions. In ACM Conference on Wireless Network Security (WiSec). ACM, 2011. Google ScholarDigital Library
- A. Seshadri, M. Luk, and A. Perrig. SAKE: Software attestation for key establishment in sensor networks. In Distributed Computing in Sensor Systems. Springer, 2008. Google ScholarDigital Library
- A. Seshadri, M. Luk, A. Perrig, L. van Doorn, and P. Khosla. SCUBA: Secure code update by attestation in sensor networks. In ACM Workshop on Wireless Security (WiSe). ACM, 2006. Google ScholarDigital Library
- A. Seshadri, M. Luk, E. Shi, A. Perrig, L. van Doorn, and P. Khosla. Pioneer: Verifying code integrity and enforcing untampered code execution on legacy systems. In ACM Symposium on Operating Systems Principles (SOSP). ACM, 2005. Google ScholarDigital Library
- A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla. SWATT: Software-based attestation for embedded devices. In IEEE Symposium on Security and Privacy (S&P), 2004.Google ScholarCross Ref
- D. Shahrjerdi, J. Rajendran, S. Garg, F. Koushanfar, and R. Karri. Shielding and securing integrated circuits with sensors. In Computer-Aided Design (ICCAD), 2014 IEEE/ACM International Conference on. IEEE, 2014. Google ScholarDigital Library
- A. Soullie. Industrial control systems: Pentesting PLCs 101. In BlackHat Europe, 2014.Google Scholar
- R. Strackx, F. Piessens, and B. Preneel. Efficient isolation of trusted subsystems in embedded systems. In Security and Privacy in Communication Networks. Springer, 2010.Google ScholarCross Ref
- G. E. Suh, D. Clarke, B. Gassend, M. van Dijk, and S. Devadas. AEGIS: Architecture for tamper-evident and tamper-resistant processing. In Annual International Conference on Supercomputing (CIS). ACM, 2003. Google ScholarDigital Library
- H. Suo, J. Wan, C. Zou, and J. Liu. Security in the internet of things: A review. In International Conference on Computer Science and Electronics Engineering (ICCSEE), 2012. Google ScholarDigital Library
- H. T. T. Truong, X. Gao, B. Shresthab, N. Saxena, N. Asokan, and P. Nurmi. Using contextual co-presence to strengthen zero-interaction authentication: Design, integration and usability. Pervasive and Mobile Computing, 2014.Google Scholar
- Trusted Computing Group (TCG). Website, 2011.Google Scholar
- A. Vasudevan, J. McCune, J. Newsome, A. Perrig, and L. van Doorn. CARMA: A hardware tamper-resistant isolated execution environment on commodity x86 platforms. In ACM Symposium on Information, Computer and Communications Security (ASIACCS). ACM, 2012. Google ScholarDigital Library
- O. Vermesan and P. Friess. Internet of Things --- From Research and Innovation to Market Deployment. River Publishers, 2014.Google Scholar
- J. Vijayan. Stuxnet renews power grid security concerns, 2010.Google Scholar
- M. Waidner, M. Kasper, T. Henkel, C. Rudolph, and O. Küch. Eberbacher Gespräch zu "Sicherheit in der Industrie 4.0", 2013.Google Scholar
- J. Winter. Trusted computing building blocks for embedded linux-based ARM Trustzone platforms. In ACM Workshop on Scalable Trusted Computing (STC). ACM, 2008. Google ScholarDigital Library
- K. Zhao and L. Ge. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013. Google ScholarDigital Library
- B. Zhu, A. Joseph, and S. Sastry. A taxonomy of cyber attacks on SCADA systems. In International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing. IEEE, 2011. Google ScholarDigital Library
- S. Zonouz, J. Rrushi, and S. McLaughlin. Detecting industrial control malware using automated PLC code analytics. IEEE Security and Privacy, 12(6), 2014.Google ScholarCross Ref
- D. Zuehlke. Smartfactory --- towards a factory of things. Annual Reviews in Control, 34(1), 2010.Google ScholarCross Ref
Index Terms
- Security and privacy challenges in industrial internet of things
Recommendations
Internet of things security: challenges and perspectives
ICC '17: Proceedings of the Second International Conference on Internet of things, Data and Cloud ComputingNo one can deny that the Internet of Things (IOT) will revolutionize our daily thanks to its many benefits in order to improve and simplify people's lives. Us any new technology the internet of things has a number of problems that prevents it to reach ...
Privacy and Security Challenges in Internet of Things
ICDCIT 2015: Proceedings of the 11th International Conference on Distributed Computing and Internet Technology - Volume 8956Internet of Things IoT envisions as a global network, connecting any objects around us, ranging from home appliances, wearable things to military applications. With IoT infrastructure, physical objects such as wearable objects, television, refrigerator, ...
Internet of Things security
The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the ...
Comments