Security Analysis for Distributed IoT-Based Industrial Automation | IEEE Journals & Magazine | IEEE Xplore

Security Analysis for Distributed IoT-Based Industrial Automation


Abstract:

Internet of Things (IoT) technologies enable development of reconfigurable manufacturing systems—a new generation of modularized industrial equipment suitable for highly ...Show More

Abstract:

Internet of Things (IoT) technologies enable development of reconfigurable manufacturing systems—a new generation of modularized industrial equipment suitable for highly customized manufacturing. Sequential control in these systems is largely based on discrete events, whereas their formal execution semantics is specified as control interpreted Petri nets (CIPN). Despite industry-wide use of programming languages based on the CIPN formalism, formal verification of such control applications in the presence of adversarial activity is not supported. Consequently, in this article, we introduce security-aware modeling and verification techniques for CIPN-based sequential control applications. Specifically, we show how CIPN models of networked industrial IoT controllers can be transformed into time Petri net (TPN)-based models and composed with plant and security-aware channel models in order to enable system-level verification of safety properties in the presence of network-based attacks. Additionally, we introduce realistic channel-specific attack models that capture adversarial behavior using nondeterminism. Moreover, we show how verification results can be utilized to introduce security patches and facilitate design of attack detectors that improve system resiliency and enable satisfaction of critical safety properties. Finally, we evaluate our framework on an industrial case study. Note to Practitioners—Our main goal is to provide formal security guarantees for distributed sequential controllers. Specifically, we target smart automation controllers geared toward Industrial IoT applications that are typically programed in C/C++ and are running applications originally designed in, for example, GRAFCET (IEC 60848)/SFC (IEC 61131-3) automation programming languages. Since existing tools for the design of distributed automation do not support system-level verification of relevant safety properties, we show how security-aware transceiver and communication models can be deve...
Published in: IEEE Transactions on Automation Science and Engineering ( Volume: 19, Issue: 4, October 2022)
Page(s): 3093 - 3108
Date of Publication: 03 September 2021

ISSN Information:

Funding Agency:


References

References is not available for this document.