Change search
Link to record
Permanent link

Direct link
BETA
Maksuti, Silia
Publications (9 of 9) Show all publications
Esfahani, A., Mantas, G., Matischek, R., Saghezchi, F. B., Rodriguez, J., Bicaku, A., . . . Joaquim, B. (2019). A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment. IEEE Internet of Things Journal, 6(1), 288-296
Open this publication in new window or tab >>A Lightweight Authentication Mechanism for M2M Communications in Industrial IoT Environment
Show others...
2019 (English)In: IEEE Internet of Things Journal, ISSN 2327-4662, Vol. 6, no 1, p. 288-296Article in journal (Refereed) Published
Abstract [en]

In the emerging Industrial IoT era, Machine-to-Machine (M2M) communication technology is considered as a key underlying technology for building Industrial IoT environments where devices (e.g., sensors, actuators, gateways) are enabled to exchange information with each other in an autonomous way without human intervention. However, most of the existing M2M protocols that can be also used in the Industrial IoT domain provide security mechanisms based on asymmetric cryptography resulting in high computational cost. As a consequence, the resource-constrained IoT devices are not able to support them appropriately and thus, many security issues arise for the Industrial IoT environment. Therefore, lightweight security mechanisms are required for M2M communications in Industrial IoT in order to reach its full potential. As a step towards this direction, in this paper, we propose a lightweight authentication mechanism, based only on hash and XOR operations, for M2M communications in Industrial IoT environment. The proposed mechanism is characterized by low computational cost, communication and storage overhead, while achieving mutual authentication, session key agreement, device’s identity confidentiality, and resistance against the following attacks: replay attack, man-in-the-middle attack, impersonation attack, and modification attack.

Place, publisher, year, edition, pages
IEEE, 2019
Keywords
Device to Device Communication, IoT, Security, Privacy
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65912 (URN)10.1109/JIOT.2017.2737630 (DOI)000459709500026 ()2-s2.0-85029177309 (Scopus ID)
Projects
SemI4.0
Funder
EU, Horizon 2020, 692466
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2019-04-24Bibliographically approved
Strobl, S., Hofbauer, D., Schmittner, C., Maksuti, S., Tauber, M. G. & Delsing, J. (2018). Connected cars: Threats, vulnerabilities and their impact. In: : . Paper presented at 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018, ITMO University Saint Petersburg, Russian Federation, 15-18 May 2018 (pp. 375-380). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Connected cars: Threats, vulnerabilities and their impact
Show others...
2018 (English)Conference paper, Published paper (Refereed)
Abstract [en]

The growing demand for interoperability between system components within a connected car has led to new security challenges in automotive development. The existing components, based on established technology, are often being combined to form such a connected car. For such established technologies, individual, often sector specific threat and vulnerability catalogs exist. The aim of this paper is to identify blocks of established technologies in a connected car and to consolidate the corresponding threat and vulnerability catalogs relevant for the individual constituent components. These findings are used to estimate the impact on specific system components and subsystems to identify the most crucial components and threats.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2018
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-70251 (URN)10.1109/ICPHYS.2018.8387687 (DOI)2-s2.0-85050105333 (Scopus ID)9781538665312 (ISBN)
Conference
1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018, ITMO University Saint Petersburg, Russian Federation, 15-18 May 2018
Available from: 2018-08-07 Created: 2018-08-07 Last updated: 2018-08-07Bibliographically approved
Bicaku, A., Maksuti, S., Hegedűs, C., Tauber, M. G., Delsing, J. & Eliasson, J. (2018). Interacting with the arrowhead local cloud: On-boarding procedure. In: : . Paper presented at 1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018, ITMO University Saint Petersburg, Russian Federation, 15-18 May 2018 (pp. 743-748). Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Interacting with the arrowhead local cloud: On-boarding procedure
Show others...
2018 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Industrial automation systems are advancing rapidly and a wide range of standards, communication protocols and platforms supporting the integration of devices are introduced. It is therefore necessary to design and build appropriate tools and frameworks that allow the integration of devices with multiple systems and services. In this work we present the Arrow-head Framework, used to enable collaborative IoT automation and introduce two support core systems, SystemRegistry and DeviceRegistry, which are needed to create a chain of trust from a hardware device to a software system and its associated services. Furthermore, we propose an on-boarding procedure of a new device interacting with the Arrowhead local cloud. This ensures that only valid and authorized devices can host software systems within an Arrowhead local cloud.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2018
National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-70253 (URN)10.1109/ICPHYS.2018.8390800 (DOI)2-s2.0-85050137809 (Scopus ID)9781538665312 (ISBN)
Conference
1st IEEE International Conference on Industrial Cyber-Physical Systems, ICPS 2018, ITMO University Saint Petersburg, Russian Federation, 15-18 May 2018
Available from: 2018-08-07 Created: 2018-08-07 Last updated: 2018-08-07Bibliographically approved
Schluga, O., Bauer, E., Bicaku, A., Maksuti, S., Tauber, M. G. & Wöhler, A. (2018). Operations security evaluation of IaaS-cloud backend for industry 4.0. In: Ferguson D.,Helfert M.,Pahl C.,Munoz V.M. (Ed.), CLOSER 2018: Proceedings of the 8th International Conference on Cloud Computing and Services Science. Paper presented at 8th International Conference on Cloud Computing and Services Science, CLOSER 2018, Funchal, Madeira, Portugal, 19-21 March 2018 (pp. 392-399).
Open this publication in new window or tab >>Operations security evaluation of IaaS-cloud backend for industry 4.0
Show others...
2018 (English)In: CLOSER 2018: Proceedings of the 8th International Conference on Cloud Computing and Services Science / [ed] Ferguson D.,Helfert M.,Pahl C.,Munoz V.M., 2018, p. 392-399Conference paper, Published paper (Refereed)
Abstract [en]

The fast growing number of cloud based Infrastructure-as-a-Service instances raises the question, how the operations security depending on the underlying cloud computing infrastructure can be sustained and guaranteed. Security standards provide guidelines for information security controls applicable to the provision and use of the cloud services. The objectives of operations security are to support planning and sustaining of day-to-day processes that are critical with respect to security of information environments. In this work we provide a detailed analysis of ISO 27017 standard regarding security controls and investigate how well popular cloud platforms can cater for them. The resulting gap of support for individual security controls is furthermore compared with outcomes of recent cloud security research projects. Hence the contribution is twofold, first we identify a set of topics that still require research and development and secondly, as a practical output, we provide a comparison of popular industrial and open-source platforms focusing on private cloud environments, which are important for Industry 4.0 use cases.

National Category
Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-70237 (URN)2-s2.0-85048945725 (Scopus ID)9789897582950 (ISBN)
Conference
8th International Conference on Cloud Computing and Services Science, CLOSER 2018, Funchal, Madeira, Portugal, 19-21 March 2018
Available from: 2018-08-07 Created: 2018-08-07 Last updated: 2018-08-07Bibliographically approved
Maksuti, S., Bicaku, A., Tauber, M., Palkovits-Rauter, S., Haas, S. & Delsing, J. (2017). Towards Flexible and Secure End-to-End Communication in Industry 4.0. In: Proceedings: 2017 IEEE 15th International Conference on Industrial Informatics, INDIN 2017. Paper presented at 15th IEEE International Conference on Industrial Informatics, INDIN 2017, University of Applied Science Emden/LeerEmden, Germany, 24-26 July 2017 (pp. 883-888). Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), Article ID 8104888.
Open this publication in new window or tab >>Towards Flexible and Secure End-to-End Communication in Industry 4.0
Show others...
2017 (English)In: Proceedings: 2017 IEEE 15th International Conference on Industrial Informatics, INDIN 2017, Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 883-888, article id 8104888Conference paper, Published paper (Refereed)
Abstract [en]

The digital transformation of industrial production is driven by the advance of Cyber-Physical Production Systems (CPPS) within which raw materials, machines and operations are interconnected to form a sophisticated network. Making such systems self-adaptable is a priority concern for the future implementation of Industry 4.0 application scenarios. In this position paper, we design a meta-model and use it as a tool to describe an end-to-end communication use case from an ongoing research project. Based on this use case we develop a business process performance and security trade-off model, which shows that maximazing both parameters at the same time is not possible, thus an efficient balance between them has to be achieved. Motivated by the result, we propose self adaptation as a solution towards a flexible and secure end-to-end communicationin Industry 4.0. To identify and document the self-adaptation points in a structured methodological and lightweight way we use the bespoken meta-model.

Place, publisher, year, edition, pages
Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2017
Series
IEEE International Conference on Industrial Informatics INDIN, ISSN 1935-4576
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65911 (URN)10.1109/INDIN.2017.8104888 (DOI)000427453200132 ()2-s2.0-85041192899 (Scopus ID)9781538608371 (ISBN)
Conference
15th IEEE International Conference on Industrial Informatics, INDIN 2017, University of Applied Science Emden/LeerEmden, Germany, 24-26 July 2017
Projects
SemI4.0
Funder
EU, Horizon 2020, 692466
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2019-08-14Bibliographically approved
Bicaku, A., Maksuti, S., Palkovits-Rauter, S., Tauber, M., Matischek, R., Schmittner, C., . . . Delsing, J. (2017). Towards Trustworthy End-to-End Communication in Industry 4.0. In: Proceedings: 2017 IEEE 15th International Conference on Industrial Informatics, INDIN 2017. Paper presented at 15th IEEE International Conference on Industrial Informatics, INDIN 2017, University of Applied Science Emden/LeerEmden, Germany, 24-26 July 2017 (pp. 889-896). Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), Article ID 8104889.
Open this publication in new window or tab >>Towards Trustworthy End-to-End Communication in Industry 4.0
Show others...
2017 (English)In: Proceedings: 2017 IEEE 15th International Conference on Industrial Informatics, INDIN 2017, Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 889-896, article id 8104889Conference paper, Published paper (Refereed)
Abstract [en]

Industry 4.0 considers integration of IT and control systems with physical objects, software, sensors and connectivity in order to optimize manufacturing processes. It provides advanced functionalities in control and communication for an infrastructure that handles multiple tasks in various locations automatically. Automatic actions require information from trustworthy sources. Thus, this work is focused on how to ensure trustworthy communication from the edge devices to the backend infrastructure. We derive a meta-model based on RAMI 4.0, which is used to describe an end-to-end communication use case for an Industry 4.0 application scenario and to identify dependabilities in case of security challenges. Furthermore, we evaluate secure messaging protocols and the integration of Trusted Platform Module (TPM) as a root of trust for dataexchange. We define a set of representative measurable indicator points based on existing standards and use them for automated dependability detection within the whole system.

Place, publisher, year, edition, pages
Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2017
Series
IEEE International Conference on Industrial Informatics INDIN, ISSN 1935-4576
Keywords
Trustworthy, communication, Industry4.0, CPS, Security
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65909 (URN)10.1109/INDIN.2017.8104889 (DOI)000427453200133 ()2-s2.0-85041171299 (Scopus ID)978-1-5386-0837-1 (ISBN)
Conference
15th IEEE International Conference on Industrial Informatics, INDIN 2017, University of Applied Science Emden/LeerEmden, Germany, 24-26 July 2017
Funder
EU, Horizon 2020, 692466
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2019-08-14Bibliographically approved
Butterfield, R., Maksuti, S., Tauber, M., Wagner, C. & Bicaku, A. (2016). Towards Modelling a Cloud Application's Life Cycle. In: : . Paper presented at 6th International Conference on Cloud Computing and Services, Rome, Italy, April 23 - 25 2016. SCITEPRESS
Open this publication in new window or tab >>Towards Modelling a Cloud Application's Life Cycle
Show others...
2016 (English)Conference paper, Poster (with or without abstract) (Refereed)
Abstract [en]

The success of any cloud-based application depends on appropriate decisions being taken at each phase of the life cycle of that application coupled with the stage of the organisation’s business strategy at any given time. Throughout the life cycle of a cloud-based project, various stakeholders are involved. This requires a consistent definition of organizational, legal and governance issues regardless of the role of the stakeholder. We proffer that currently the models and frameworks that offer to support these stakeholders are predominantly IT focused and as such lack a sufficient focus on the business and its operating environment for the decision-makers to make strategic cloud related decisions that benefit their individual business model. We propose an emerging framework that provides a stronger platform on which to base cloud business decisions. We also illustrate the importance of this approach through extrapolating the subject of security from the initial Business Case definition phase, through the Decision Making phase and into the Application Development phase to strengthen the case for a comprehensive Business-based framework for cloud-based application decision-making. We envisage that this emerging framework will then be further developed around all phases of the Application Life Cycle as a means of ensuring consistency.

Place, publisher, year, edition, pages
SCITEPRESS, 2016
Keywords
Cloud Application Life Cycle, Security Software Development Life Cycle, Business Requirements, Risk, Governance
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65906 (URN)978-989-758-182-3 (ISBN)
Conference
6th International Conference on Cloud Computing and Services, Rome, Italy, April 23 - 25 2016
Projects
SECCRIT
Funder
EU, FP7, Seventh Framework Programme, 312758
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2018-06-28Bibliographically approved
Novak, M., Shirazi, S. N., Hudic, A., Hecht, T., Tauber, M., Hutchison, D., . . . Bicaku, A. (2016). Towards Resilience Metrics for Future Cloud Applications. In: CLOSER 2016: proceedings of the 6th International Conference on Cloud Computing and Services Science, April 23-25, 2016, Rome, Italy. Paper presented at 6th International Conference on Cloud Computing and Services Science, Rome, Italy, April 23-25, 2016 (pp. 295-301). SCITEPRESS
Open this publication in new window or tab >>Towards Resilience Metrics for Future Cloud Applications
Show others...
2016 (English)In: CLOSER 2016: proceedings of the 6th International Conference on Cloud Computing and Services Science, April 23-25, 2016, Rome, Italy, SCITEPRESS , 2016, p. 295-301Conference paper, Published paper (Refereed)
Abstract [en]

An analysis of new technologies can yield insight into the way these technologies will be used. Inevitably,new technologies and their uses are likely to result in new security issues regarding threats, vulnerabilities andattack vectors. In this paper, we investigate and analyse technological and security trends and their potentialto become future threats by systematically examining industry reports on existing technologies. Using a cloudcomputing use case we identify potential resilience metrics that can shed light on the security properties of thesystem.

Place, publisher, year, edition, pages
SCITEPRESS, 2016
Keywords
Security Metrics, Technology Trend Analysis, Threat Trend Analysis, Cloud Applications, Resilience
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65908 (URN)978-989-758-182-3 (ISBN)
Conference
6th International Conference on Cloud Computing and Services Science, Rome, Italy, April 23-25, 2016
Projects
SECCRIT - Secure Cloud Computing for Critical Infrastructure IT
Funder
EU, FP7, Seventh Framework Programme, 312758
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2018-06-28Bibliographically approved
Wagner, C., Hudic, A., Maksuti, S., Tauber, M. & Pallas, F. (2015). Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud. In: 2015 3rd International Conference on Future Internet of Things and Cloud (FiCloud): . Paper presented at 3rd International Conference on Future Internet of Things and Cloud (FiCloud), Rome, Italy, 24-26 Aug. 2015. Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Impact of Critical Infrastructure Requirements on Service Migration Guidelines to the Cloud
Show others...
2015 (English)In: 2015 3rd International Conference on Future Internet of Things and Cloud (FiCloud), Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2015Conference paper, Published paper (Refereed)
Abstract [en]

A high level of information security in critical infrastructure IT systems and services has to be preserved when migrating their IT services to the cloud. Often various legislative and security constraints have to be met in line with best practice guidelines and international standards to perform the migration. To support the critical infrastructure providers in migrating their services to the cloud we are developing a process based migration guideline for critical infrastructure providers focusing on information security. First of all we investigate, via questionnaires, how the importance of individual security topics covered in such guidelines differentiates between industry stakeholders and critical infrastructure providers. This supports the selection of relevant security topics and the considered guidelines and standards, which we survey in search for common relevant security topics. Subsequently we present the analysis of the above-mentioned security requirements and how they affect a here developed taxonomy for a process-based security guideline. Furthermore we present potential service migration use cases and how our methodology would affect the migration of secure critical infrastructure services.

Place, publisher, year, edition, pages
Piscataway, NJ: Institute of Electrical and Electronics Engineers (IEEE), 2015
National Category
Engineering and Technology Other Electrical Engineering, Electronic Engineering, Information Engineering
Research subject
Industrial Electronics
Identifiers
urn:nbn:se:ltu:diva-65915 (URN)10.1109/FiCloud.2015.79 (DOI)978-1-4673-8103-1 (ISBN)
Conference
3rd International Conference on Future Internet of Things and Cloud (FiCloud), Rome, Italy, 24-26 Aug. 2015
Projects
SECCRIT
Funder
EU, FP7, Seventh Framework Programme, 312758
Available from: 2017-10-02 Created: 2017-10-02 Last updated: 2017-11-24Bibliographically approved
Organisations

Search in DiVA

Show all publications