Lukas Jäger, Dominik Lorych und Michael Eckel vom Fraunhofer SIT haben ein Paper mit dem Titel “A Resilient Network Node for the Industrial Internet of Things” auf der International Conference on Availability, Reliability and Security ARES ‘22 veröffentlicht.
The Industrial Internet of Things (IIoT) is a ubiquitous part of modern production processes. This introduces new challenges to classical security architectures for industrial networks like the perimeter approach. These are made obsolete by the increasing horizontal and vertical integration of industrial systems and IT systems. A promising concept to face these challenges is resilience. This term describes systems or networks that can isolate compromised parts of themselves and reset them to a trustworthy state with minimal impact to the functionality of the overall system. In order to bring this concept to IIoT networks, we present a novel embedded network node that uses Trusted Computing technology such as a Trusted Platform Module (TPM) and Remote Attestation for attack detection and reporting, virtualization for the separation of processes with different criticalities and an authenticated watchdog for guaranteed platform resets as a form of return to an uncompromised state. This combination provides secure mechanisms for resilience on a platform level and can serve as a foundation for network resilience based on Software-Defined Networking (SDN) solutions. The architecture and implementation of the proposed network node are described in detail before evaluating its resource consumption and performance in order to demonstrate its suitability for embedded and IIoT contexts.