Security Considerations for Collaborations in an Industrial IoT-based Lab of Labs

The productivity and sustainability advances for (smart) manufacturing resulting from (globally) interconnected Industrial IoT devices in a lab of labs are expected to be significant. While such visions introduce opportunities for the involved parties, the associated risks must be considered as well. In particular, security aspects are crucial challenges and remain unsolved. So far, single stakeholders only had to consider their local view on security. However, for a global lab, we identify several fundamental research challenges in (dynamic) scenarios with multiple stakeholders: While information security mandates that models must be adapted wrt. confidentiality to address these new influences on business secrets, from a network perspective, the drastically increasing amount of possible attack vectors challenges today's approaches. Finally, concepts addressing these security challenges should provide backwards compatibility to enable a smooth transition from today's isolated landscape towards globally interconnected IIoT environments.

[1]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[2]  Klaus Wehrle,et al.  A Case for Integrated Data Processing in Large-Scale Cyber-Physical Systems , 2019, HICSS.

[3]  Daniel J. Benny Industrial Espionage: Developing a Counterespionage Program , 2013 .

[4]  Song Han,et al.  Industrial Internet of Things: Challenges, Opportunities, and Directions , 2018, IEEE Transactions on Industrial Informatics.

[5]  Christian Brecher,et al.  Towards an Infrastructure Enabling the Internet of Production , 2019, 2019 IEEE International Conference on Industrial Cyber Physical Systems (ICPS).

[6]  Xiaofeng Chen,et al.  Introduction to Secure Outsourcing Computation , 2016, Introduction to Secure Outsourcing Computation.

[7]  Stefan Decker,et al.  Schema Extraction for Privacy Preserving Processing of Sensitive Data , 2018 .

[8]  Marcin Nawrocki,et al.  Uncovering Vulnerable Industrial Control Systems from the Internet Core , 2019, NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium.

[9]  Timo M. Deist,et al.  Infrastructure and distributed learning methodology for privacy-preserving multi-centric rapid learning health care: euroCAT , 2017, Clinical and translational radiation oncology.

[10]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[11]  Joe Kilian Secure Computation , 2011, Encyclopedia of Cryptography and Security.

[12]  Thiago Alves,et al.  Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers , 2018, IEEE Embedded Systems Letters.

[13]  Renato Ianella Open Digital Rights Language (ODRL) , 2007 .

[14]  Vitaly Shmatikov,et al.  De-anonymizing Social Networks , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[15]  Primavera De Filippi,et al.  Cloud Computing: Centralization and Data Sovereignty , 2012, Eur. J. Law Technol..

[16]  Vlad Trifa,et al.  Towards the Web of Things: Web Mashups for Embedded Devices , 2009 .

[17]  Klaus Wehrle,et al.  Towards In-Network Security for Smart Homes , 2018, ARES.

[18]  Klaus Wehrle,et al.  Website Fingerprinting at Internet Scale , 2016, NDSS.

[19]  Christian Brecher,et al.  Dataflow Challenges in an Internet of Production: A Security & Privacy Perspective , 2019, CPS-SPC@CCS.

[20]  Giovanni Vigna,et al.  Intrusion detection: a brief history and overview , 2002 .

[21]  John M. Bryson,et al.  Designing and Implementing Cross‐Sector Collaborations: Needed and Challenging , 2015 .

[22]  Christian Brecher,et al.  The Need of Dynamic and Adaptive Data Models for Cyber-Physical Production Systems , 2017 .

[23]  Brian Fitzgerald,et al.  Open Content Licensing: Cultivating the Creative Commons , 2007 .

[24]  Martin Henze,et al.  Tailoring Onion Routing to the Internet of Things: Security and Privacy in Untrusted Environments , 2019, 2019 IEEE 27th International Conference on Network Protocols (ICNP).

[25]  Klaus Wehrle,et al.  CPPL: Compact Privacy Policy Language , 2016, WPES@CCS.

[26]  Jens Eschenbächer,et al.  Business and legal issues in enterprise collaborations: A German perspective , 2001 .

[27]  Karen A. Scarfone,et al.  Guide to Industrial Control Systems (ICS) Security , 2015 .

[28]  Seong-Moo Yoo,et al.  Securing SCADA Applications Using OpenPLC With End-To-End Encryption , 2017, ICSS.

[29]  A. Link,et al.  Commercial knowledge transfers from universities to firms: improving the effectiveness of university–industry collaboration , 2003 .

[30]  Deborah L. McGuinness,et al.  PROV-O: The PROV Ontology , 2013 .

[31]  Axel Polleres,et al.  A Scalable Consent, Transparency and Compliance Architecture , 2018, ESWC.

[32]  Klaus Wehrle,et al.  Stamping Process Modelling in an Internet of Production , 2020 .

[33]  P. Lambin,et al.  Distributed learning: Developing a predictive model based on data from multiple hospitals without data leaving the hospital - A real life proof of concept. , 2016, Radiotherapy and oncology : journal of the European Society for Therapeutic Radiology and Oncology.

[34]  Ilias Kaperonis,et al.  Industrial espionage , 1984, Comput. Secur..

[35]  Robin Berthier,et al.  An Internet-wide view of ICS devices , 2016, 2016 14th Annual Conference on Privacy, Security and Trust (PST).

[36]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[37]  Paul Voigt,et al.  The EU General Data Protection Regulation (GDPR) , 2017 .

[38]  Paul Voigt,et al.  The Eu General Data Protection Regulation (Gdpr): A Practical Guide , 2017 .

[39]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[40]  Jens Hiller,et al.  Privacy-Preserving Remote Knowledge System , 2019, 2019 IEEE 27th International Conference on Network Protocols (ICNP).

[41]  Brahim Chaib-draa,et al.  Information Sharing as a Coordination Mechanism for Reducing the Bullwhip Effect in a Supply Chain , 2007, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).