Policy-based security for distributed manufacturing execution systems

ABSTRACT This paper discusses the main security-related challenges raised in distributed Manufacturing Execution System (MES) architectures. In contrast to monolithic control architectures, where security is centralised, the distributed control architectures encourage the migration of the information processing to the shop floor, using intelligent devices, thus enabling local decision-making. While the benefits of this distributed architecture are obvious, the security aspects, specifically pertaining to unauthorised access to information, theft of proprietary information and impersonation still require some formalisation. This paper proposes a policy-based mechanism to handle transport security by introducing a real-time Public Key Architecture platform using certification authorities to generate certificates on the fly and secure socket communication. Additionally, this paper introduces a document-level encryption and signing mechanism for all MES messages exchanged between intelligent products, sensors, shop floor resources and different MES components. This is especially useful for securing parts of the architecture that cannot rely on transport layer security due to functional requirements, i.e. content-based message routing at manufacturing service bus layer.

[1]  Cristina Morariu,et al.  Manufacturing Integration Framework: A SOA Perspective on Manufacturing , 2012 .

[2]  Sebastiaan H. von Solms,et al.  From secure wired networks to secure wireless networks - what are the extra risks? , 2004, Comput. Secur..

[3]  V. Agarwal,et al.  The intelligent product driven supply chain , 2002, IEEE International Conference on Systems, Man and Cybernetics.

[4]  Paulo Leitão,et al.  Agent-based distributed manufacturing control: A state-of-the-art survey , 2009, Eng. Appl. Artif. Intell..

[5]  Theodor Borangiu A Service-Orientated Arhitecture for Holonic Manufacturing Control , 2009, Towards Intelligent Engineering and Information Technology.

[6]  Weiming Shen,et al.  Wise-ShopFloor: a web-based and sensor-driven shop floor environment , 2002, The 7th International Conference on Computer Supported Cooperative Work in Design.

[7]  Olli Ventä,et al.  Intelligent Products and Systems. Technology theme: Final report , 2007 .

[8]  Hal Berghel,et al.  Wireless infidelity II: airjacking , 2004, CACM.

[9]  Jie Xiong,et al.  SecureArray: improving wifi security with fine-grained physical-layer information , 2013, MobiCom.

[10]  Slim Kallel,et al.  Enabling Technologies: Infrastructure for Collaborative Enterprises , 2015, Comput. J..

[11]  Hal Berghel,et al.  WiFi attack vectors , 2005, CACM.

[12]  Dimitris Kiritsis,et al.  Research issues on product lifecycle management and information tracking using smart embedded systems , 2003, Adv. Eng. Informatics.

[13]  Hyunbo Cho,et al.  CORBA-based integration framework for distributed shop floor control⋆ , 2003, Comput. Ind. Eng..

[14]  Erland Jonsson,et al.  Creating a Secure Infrastructure for Wireless Diagnostics and Software Updates in Vehicles , 2008, SAFECOMP.

[15]  Liang-Jie Zhang,et al.  SOMA-ME: A platform for the model-driven design of SOA solutions , 2008, IBM Syst. J..

[16]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[17]  Holger Peine,et al.  Security concepts and implementation in the Ara mobile agent system , 1998, Proceedings Seventh IEEE International Workshop on Enabling Technologies: Infrastucture for Collaborative Enterprises (WET ICE '98) (Cat. No.98TB100253).

[18]  Bradley Reaves,et al.  Discovery, infiltration, and denial of service in a process control system wireless network , 2009, 2009 eCrime Researchers Summit.

[19]  Weiming Shen,et al.  iShopFloor: an Internet-enabled agent-based intelligent shop floor , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[20]  Lihui Wang,et al.  Remote real-time CNC machining for web-based manufacturing , 2004 .

[21]  Jan Holmström,et al.  Intelligent Products: A survey , 2009, Comput. Ind..

[22]  T. Sauter,et al.  The continuing evolution of integration in manufacturing automation , 2007, IEEE Industrial Electronics Magazine.

[23]  M. Warren,et al.  Cyber attacks against supply chain management systems: A short note , 2000 .

[24]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[25]  Dimitris Kiritsis,et al.  A framework for RFID applications in product lifecycle management , 2009, Int. J. Comput. Integr. Manuf..

[26]  Lihui Wang,et al.  Wise-ShopFloor: An Integrated Approach for Web-Based Collaborative Manufacturing , 2008, IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews).

[27]  BerghelHal,et al.  Wireless infidelity II , 2004 .

[28]  Rebecca T. Mercuri Analyzing security costs , 2003, CACM.

[29]  James Brusey,et al.  Requirements on unique identifiers for managing product lifecycle information: comparison of alternative approaches , 2007, Int. J. Comput. Integr. Manuf..

[30]  V VasilakosAthanasios,et al.  Security of the Internet of Things , 2014 .

[31]  Antonio Lioy,et al.  Dependability in Wireless Networks: Can We Rely on WiFi? , 2007, IEEE Security & Privacy.

[32]  Robert Boncella Wireless Security: An Overview , 2002, Commun. Assoc. Inf. Syst..

[33]  Dominique Guinard,et al.  SOCRADES: A Web Service Based Shop Floor Integration Infrastructure , 2008, IOT.

[34]  Bruce Potter Wireless hotspots , 2006, Commun. ACM.

[35]  Sanjay E. Sarma,et al.  THE INTELLIGENT PRODUCT IN MANUFACTURING CONTROL AND MANAGEMENT , 2002 .

[36]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[37]  Weiming Shen,et al.  Nrc Publications Archive (nparc) Archives Des Publications Du Cnrc (nparc) Distributed Device Networks with Security Constraints Distributed Device Networks with Security Constraints* Distributed Device Networks with Security Constraints , 2022 .

[38]  S Vinjosh Reddy,et al.  Wireless hacking - a WiFi hack by cracking WEP , 2010, 2010 2nd International Conference on Education Technology and Computer.

[39]  Yuguang Fang,et al.  A queueing analysis for the denial of service (DoS) attacks in computer networks , 2007, Comput. Networks.