Hardware-secured and transparent multi-stakeholder data exchange for industrial IoT
- 1 July 2016
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 2016 IEEE 14th International Conference on Industrial Informatics (INDIN)
Abstract
Authentic and confidential, but at the same time traceable and transparent, data exchange among multiple stakeholders is a key challenge in Industrial Internet of Things (IIoT) applications. Specifically, smart service connectivity requires the secure and transparent acquisition of equipment status information, which we call snapshots, from globally distributed equipment instances at customer sites by the equipment vendor. Related work has proposed to use a Message Queue Telemetry Transport (MQTT) Broker and hardware-secured Transport Layer Security (TLS) with client authentication. However, this approach lacks strong cryptographic end-to-end protection of snapshots. Here we show a hardware-rooted snapshot protection system that utilizes a Broker-based messaging infrastructure, hybrid encryption and a single-pass Elliptic Curve Menezes-Qu-Vanstone (ECMQV) scheme. We evaluate our concept by means of a prototype implementation and discuss security and performance implications. Our approach provides strong end-to-end data protection, while at the same time enabling customers to trace what data has been transferred off their equipment. We believe that our concept can serve as a template for a multitude of Industrial Internet of Things applications, which by their very nature call for strong security.Keywords
This publication has 11 references indexed in Scilit:
- Hardware-security technologies for industrial IoT: TrustZone and security controllerPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Securing smart maintenance services: Hardware-security and TLS for MQTTPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Case study: From legacy to connectivity migrating industrial devices into the world of smart servicesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm CryptographyPublished by National Institute of Standards and Technology (NIST) ,2013
- Cycling Attacks on GCM, GHASH and Other Polynomial MACs and HashesLecture Notes in Computer Science, 2012
- Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS)Published by RFC Editor ,2010
- Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition ParadigmJournal of Cryptology, 2008
- Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content TypePublished by RFC Editor ,2007
- The Security and Performance of the Galois/Counter Mode (GCM) of OperationLecture Notes in Computer Science, 2004
- Advanced Encryption Standard (AES) Key Wrap AlgorithmPublished by RFC Editor ,2002