Christian M. Lesjak, H. Bock, Daniel M. Hein, Martin Maritsch
{"title":"Hardware-secured and transparent multi-stakeholder data exchange for industrial IoT","authors":"Christian M. Lesjak, H. Bock, Daniel M. Hein, Martin Maritsch","doi":"10.1109/INDIN.2016.7819251","DOIUrl":null,"url":null,"abstract":"Authentic and confidential, but at the same time traceable and transparent, data exchange among multiple stakeholders is a key challenge in Industrial Internet of Things (IIoT) applications. Specifically, smart service connectivity requires the secure and transparent acquisition of equipment status information, which we call snapshots, from globally distributed equipment instances at customer sites by the equipment vendor. Related work has proposed to use a Message Queue Telemetry Transport (MQTT) Broker and hardware-secured Transport Layer Security (TLS) with client authentication. However, this approach lacks strong cryptographic end-to-end protection of snapshots. Here we show a hardware-rooted snapshot protection system that utilizes a Broker-based messaging infrastructure, hybrid encryption and a single-pass Elliptic Curve Menezes-Qu-Vanstone (ECMQV) scheme. We evaluate our concept by means of a prototype implementation and discuss security and performance implications. Our approach provides strong end-to-end data protection, while at the same time enabling customers to trace what data has been transferred off their equipment. We believe that our concept can serve as a template for a multitude of Industrial Internet of Things applications, which by their very nature call for strong security.","PeriodicalId":421680,"journal":{"name":"2016 IEEE 14th International Conference on Industrial Informatics (INDIN)","volume":"519 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"18","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE 14th International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN.2016.7819251","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 18
Abstract
Authentic and confidential, but at the same time traceable and transparent, data exchange among multiple stakeholders is a key challenge in Industrial Internet of Things (IIoT) applications. Specifically, smart service connectivity requires the secure and transparent acquisition of equipment status information, which we call snapshots, from globally distributed equipment instances at customer sites by the equipment vendor. Related work has proposed to use a Message Queue Telemetry Transport (MQTT) Broker and hardware-secured Transport Layer Security (TLS) with client authentication. However, this approach lacks strong cryptographic end-to-end protection of snapshots. Here we show a hardware-rooted snapshot protection system that utilizes a Broker-based messaging infrastructure, hybrid encryption and a single-pass Elliptic Curve Menezes-Qu-Vanstone (ECMQV) scheme. We evaluate our concept by means of a prototype implementation and discuss security and performance implications. Our approach provides strong end-to-end data protection, while at the same time enabling customers to trace what data has been transferred off their equipment. We believe that our concept can serve as a template for a multitude of Industrial Internet of Things applications, which by their very nature call for strong security.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
