Secure bootstrapping for next-gen industrial automation systems

IF 0.7 4区计算机科学 Q4 AUTOMATION & CONTROL SYSTEMS At-Automatisierungstechnik Pub Date : 2023-09-01 DOI:10.1515/auto-2023-0074

Sören Finster, Abdallah Dawoud, Florian Kohnhäuser, Abdulkadir Karaagac

{"title":"Secure bootstrapping for next-gen industrial automation systems","authors":"Sören Finster, Abdallah Dawoud, Florian Kohnhäuser, Abdulkadir Karaagac","doi":"10.1515/auto-2023-0074","DOIUrl":null,"url":null,"abstract":"Abstract The digitalization of industry and the convergence of IT and OT bring about the next generation of industrial automation systems which are expected to work with an orchestration of physical and virtualized components using a single converged network. The increase of complexity in such systems must be managed by an increase in automation for orchestration and management. However, bootstrapping such a complex system from out-of-the-box components is still a manual and error-prone process. We present a bootstrapping concept that brings up a system from out-of-the-box components to an operational solution with physical and virtualized components. The concept combines incremental network discovery with secure incremental bootstrapping of discovered physical components. The gained trust in the physical components of the network is then used to translate this trust into virtualized components. By attesting the trustworthiness of hosting infrastructure, the concept allows for virtualized components to be securely assigned a cryptographically secure identity that can be used in further application onboarding. Such securely bootstrapped systems are then capable to deliver the required adaptable, modular, and secure automation solutions of the future.","PeriodicalId":55437,"journal":{"name":"At-Automatisierungstechnik","volume":"71 1","pages":"748 - 758"},"PeriodicalIF":0.7000,"publicationDate":"2023-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"At-Automatisierungstechnik","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1515/auto-2023-0074","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"AUTOMATION & CONTROL SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract The digitalization of industry and the convergence of IT and OT bring about the next generation of industrial automation systems which are expected to work with an orchestration of physical and virtualized components using a single converged network. The increase of complexity in such systems must be managed by an increase in automation for orchestration and management. However, bootstrapping such a complex system from out-of-the-box components is still a manual and error-prone process. We present a bootstrapping concept that brings up a system from out-of-the-box components to an operational solution with physical and virtualized components. The concept combines incremental network discovery with secure incremental bootstrapping of discovered physical components. The gained trust in the physical components of the network is then used to translate this trust into virtualized components. By attesting the trustworthiness of hosting infrastructure, the concept allows for virtualized components to be securely assigned a cryptographically secure identity that can be used in further application onboarding. Such securely bootstrapped systems are then capable to deliver the required adaptable, modular, and secure automation solutions of the future.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

下一代工业自动化系统的安全引导

工业的数字化和IT与OT的融合带来了下一代工业自动化系统，这些系统有望使用单一融合网络与物理和虚拟化组件协同工作。这种系统中复杂性的增加必须通过编排和管理自动化的增加来管理。然而，从开箱即用的组件中引导如此复杂的系统仍然是一个手动且容易出错的过程。我们提出了一个引导概念，将系统从开箱即用组件提升到具有物理和虚拟组件的可操作解决方案。这个概念结合了增量网络发现和安全增量引导发现的物理组件。然后使用在网络的物理组件中获得的信任将这种信任转换为虚拟组件。通过验证托管基础设施的可信性，该概念允许为虚拟化组件安全地分配一个加密安全标识，该标识可用于进一步的应用程序登录。这样的安全引导系统能够提供未来所需的适应性强、模块化和安全的自动化解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

At-Automatisierungstechnik 工程技术-自动化与控制系统

CiteScore

2.00

自引率

10.00%

发文量

审稿时长

6-12 weeks

期刊介绍： Automatisierungstechnik (AUTO) publishes articles covering the entire range of automation technology: development and application of methods, the operating principles, characteristics, and applications of tools and the interrelationships between automation technology and societal developments. The journal includes a tutorial series on "Theory for Users," and a forum for the exchange of viewpoints concerning past, present, and future developments. Automatisierungstechnik is the official organ of GMA (The VDI/VDE Society for Measurement and Automatic Control) and NAMUR (The Process-Industry Interest Group for Automation Technology). Topics control engineering digital measurement systems cybernetics robotics process automation / process engineering control design modelling information processing man-machine interfaces networked control systems complexity management machine learning ambient assisted living automated driving bio-analysis technology building automation factory automation / smart factories flexible manufacturing systems functional safety mechatronic systems.

期刊最新文献

Investigating the rendering capability of embedded devices for graphical-user-interfaces in mobile machines Methods, approaches, and applications in mobile machines Communication in collaborating construction equipment Aligning process quality and efficiency in agricultural soil tillage OPC UA client-server connection over an ISO 11783 vehicle network