Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On Pre-deployment Assessment and Security Bootstrapping of Industrial Communication Networks
Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. ABB Corporate Research. (ISS (Embedded Systems))ORCID iD: 0000-0002-5361-2196
2017 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

The severity of cyber threats towards existing and future industrial systems has resulted in an increase of security awareness in the industrial automation domain. Compared to traditional information systems, industrial communication systems have different performance and reliability requirements. The safety and availability requirements can also sometimes conflict with the system security design of plants. For instance, it is not acceptable to create a secure system that may take up additional time to establish security and as a consequence disrupt the production in plants. Similarly, a system that requires authentication and authorization procedures before an emergency action may not be suitable in industrial plants. On the other hand, lack of security can hamper safety of a plant. Therefore, there is a need for improvement of the security workflow in industrial plants, so that the practical realization of security can be achieved. This includes secure device deployment and secure data communication inside the industrial plants. Furthermore, the industrial plant networks are heterogeneous in terms of hardware, software, and protocols. This complicates security assessment of industrial networks.

 

In this thesis, the focus is on achieving a secured communication infrastructure for heterogeneous industrial networks. The initial trust establishment is the starting point for enabling a secure communication infrastructure. A framework for the initial trust establishment for industrial devices that can support key management using the existing trust of employees in a plant is proposed. With the help of a proof-of-concept implementation and security analysis, it is shown that the proposed framework is feasible to implement and satisfies the security objectives. After establishing initial trust within industrial devices, assessing heterogeneous security properties based on the network architecture is another focus of this thesis. A model to estimate the security assurance of nodes in a heterogeneous network, where all devices are not having the same level of security mechanisms, is given. Along with cyber security requirements of industrial plants, it is also necessary to consider other important requirements of plants in terms of network performance. In this thesis, identification of an optimized path between two systems in a heterogeneous network in terms of the network performance and the network security is explored. The applicability of this balancing approach has been demonstrated in a specific case of smart grid application where security, network capacity and reachability need to be optimal for successful network operation.

Place, publisher, year, edition, pages
Mälardalens högskola , 2017.
Series
Mälardalen University Press Dissertations, ISSN 1651-4238 ; 207
National Category
Engineering and Technology Computer Systems
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:mdh:diva-35260ISBN: 978-91-7485-327-8 (print)OAI: oai:DiVA.org:mdh-35260DiVA: diva2:1091642
Public defence
2017-06-19, Kappa, Mälardalens högskola, Västerås, 13:15 (English)
Opponent
Supervisors
Available from: 2017-04-28 Created: 2017-04-27 Last updated: 2017-07-10Bibliographically approved

Open Access in DiVA

fulltext(3954 kB)9 downloads
File information
File name FULLTEXT01.pdfFile size 3954 kBChecksum SHA-512
bb384386874f1b5dade573391bac11c8768d60176c34c3f70873e702295c790d2fd067e016f7a56bc4a7bf9d7d9615d4812f85b7d5781fe62fca90f4346fb974
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Ray, Apala
By organisation
Embedded Systems
Engineering and TechnologyComputer Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 9 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 150 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf