Securing smart maintenance services: Hardware-security and TLS for MQTT

Securing smart maintenance services: Hardware-security and TLS for MQTT

Increasing the efficiency of production and manufacturing processes is a key goal of initiatives like Industry 4.0. Within the context of the European research project ARROWHEAD, we enable and secure smart maintenance services. An overall goal is to proactively predict and optimize the Maintenance,...

Full description

Saved in:
Bibliographic Details
Published in:2015 IEEE 13th International Conference on Industrial Informatics (INDIN) pp. 1243 - 1250
Main Authors: Lesjak, Christian, Hein, Daniel, Hofmann, Michael, Maritsch, Martin, Aldrian, Andreas, Priller, Peter, Ebner, Thomas, Ruprechter, Thomas, Pregartner, Gunther
Format: Conference Proceeding
Language:English
Published: IEEE 01-07-2015
Subjects:
Authentication
Cryptography
Internet
Maintenance engineering
Production
Protocols
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Increasing the efficiency of production and manufacturing processes is a key goal of initiatives like Industry 4.0. Within the context of the European research project ARROWHEAD, we enable and secure smart maintenance services. An overall goal is to proactively predict and optimize the Maintenance, Repair and Operations (MRO) processes carried out by a device maintainer, for industrial devices deployed at the customer. Therefore it is necessary to centrally acquire maintenance relevant equipment status data from remotely located devices over the Internet. Consequently, security and privacy issues arise from connecting devices to the Internet, and sending data from customer sites to the maintainer's back-end. In this paper we consider an exemplary automotive use case with an AVL Particle Counter (APC) as device. The APC transmits its status information by means of a fingerprint via the publish-subscribe protocol Message Queue Telemetry Transport (MQTT) to an MQTT Information Broker in the remotely located AVL back-end. In a threat analysis we focus on the MQTT routing information asset and identify two elementary security goals in regard to client authentication. Consequently we propose a system architecture incorporating a hardware security controller that processes the Transport Layer Security (TLS) client authentication step. We validate the feasibility of the concept by means of a prototype implementation. Experimental results indicate that no significant performance impact is imposed by the hardware security element. The security evaluation confirms the advanced security of our system, which we believe lays the foundation for security and privacy in future smart service infrastructures.
ISSN:1935-4576
2378-363X
DOI:10.1109/INDIN.2015.7281913