Andreas Walz, Karl-Heinz Niemann, Julian Göppert, K. Fischer, Simon Merklin, Dominik Ziegler, A. Sikora
{"title":"PROFINET Security: A Look on Selected Concepts for Secure Communication in the Automation Domain","authors":"Andreas Walz, Karl-Heinz Niemann, Julian Göppert, K. Fischer, Simon Merklin, Dominik Ziegler, A. Sikora","doi":"10.1109/INDIN51400.2023.10217985","DOIUrl":null,"url":null,"abstract":"We provide a brief overview of the cryptographic security extensions for PROFINET, as defined and specified by PROFIBUS & PROFINET International (PI). These come in three hierarchically defined Security Classes, called Security Class 1,2 and 3. Security Class 1 provides basic security improvements with moderate implementation impact on PROFINET components. Security Classes 2 and 3, in contrast, introduce an integrated cryptographic protection of PROFINET communication. We first highlight and discuss the security features that the PROFINET specification offers for future PROFINET products. Then, as our main focus, we take a closer look at some of the technical challenges that were faced during the conceptualization and design of Security Class 2 and 3 features. In particular, we elaborate on how secure application relations between PROFINET components are established and how a disruption-free availability of a secure communication channel is guaranteed despite the need to refresh cryptographic keys regularly. The authors are members of the PI Working Group CB/PG10 Security.","PeriodicalId":174443,"journal":{"name":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN51400.2023.10217985","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
We provide a brief overview of the cryptographic security extensions for PROFINET, as defined and specified by PROFIBUS & PROFINET International (PI). These come in three hierarchically defined Security Classes, called Security Class 1,2 and 3. Security Class 1 provides basic security improvements with moderate implementation impact on PROFINET components. Security Classes 2 and 3, in contrast, introduce an integrated cryptographic protection of PROFINET communication. We first highlight and discuss the security features that the PROFINET specification offers for future PROFINET products. Then, as our main focus, we take a closer look at some of the technical challenges that were faced during the conceptualization and design of Security Class 2 and 3 features. In particular, we elaborate on how secure application relations between PROFINET components are established and how a disruption-free availability of a secure communication channel is guaranteed despite the need to refresh cryptographic keys regularly. The authors are members of the PI Working Group CB/PG10 Security.
我们提供了PROFINET的加密安全扩展的简要概述,由PROFIBUS和PROFINET国际(PI)定义和指定。它们分为三个层次结构定义的安全类,称为安全类1、2和3。Security Class 1提供了基本的安全性改进,对PROFINET组件的实现影响不大。相比之下,安全等级2和3引入了PROFINET通信的集成加密保护。我们首先强调并讨论PROFINET规范为未来的PROFINET产品提供的安全特性。然后,作为我们的主要焦点,我们将仔细研究在概念化和设计安全类2和3功能期间所面临的一些技术挑战。特别是,我们详细说明了如何在PROFINET组件之间建立安全的应用程序关系,以及如何在需要定期刷新加密密钥的情况下保证安全通信通道的无中断可用性。作者是PI工作组CB/PG10 Security的成员。
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
