EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Automated and Secure Onboarding for System of Systems
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab. Cloud and Cyber-Physical Systems Security, University of Applied Sciences Burgenland, Eisenstadt, Austria.
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Embedded Internet Systems Lab. Cloud and Cyber-Physical Systems Security, University of Applied Sciences Burgenland, Eisenstadt, Austria.ORCID iD: 0000-0003-2477-3692
Cloud and Cyber-Physical Systems Security, University of Applied Sciences Burgenland, Eisenstadt, Austria.
Cloud and Cyber-Physical Systems Security, University of Applied Sciences Burgenland, Eisenstadt, Austria; Lancaster University, Lancaster, U.K..
Show others and affiliations
2021 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 9, p. 111095-111113Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) is rapidly changing the number of connected devices and the way they interact with each other. This increases the need for an automated and secure onboarding procedure for IoT devices, systems and services. Device manufacturers are entering the market with internet connected devices, ranging from small sensors to production devices, which are subject of security threats specific to IoT. The onboarding procedure is required to introduce a new device in a System of Systems (SoS) without compromising the already onboarded devices and the underlying infrastructure. Onboarding is the process of providing access to the network and registering the components for the first time in an IoT/SoS framework, thus creating a chain of trust from the hardware device to its hosted software systems and their provided services. The large number and diversity of device hardware, software systems and running services raises the challenge to establish a generic onboarding procedure. In this paper, we present an automated and secure onboarding procedure for SoS. We have implemented the onboarding procedure in the Eclipse Arrowhead framework. However, it can be easily adapted for other IoT/SoS frameworks that are based on Service-oriented Architecture (SoA) principles. The automated onboarding procedure ensures a secure and trusted communication between the new IoT devices and the Eclipse Arrowhead framework. We show its application in a smart charging use case and perform a security assessment.
Place, publisher, year, edition, pages
IEEE, 2021. Vol. 9, p. 111095-111113
Keywords [en]
Internet of Things, System of Systems, Service-oriented Architecture, secure onboarding
National Category
Embedded Systems
Research subject
Cyber-Physical Systems
Identifiers
URN: urn:nbn:se:ltu:diva-86699DOI: 10.1109/ACCESS.2021.3102280ISI: 000684686200001Scopus ID: 2-s2.0-85112604142OAI: oai:DiVA.org:ltu-86699DiVA, id: diva2:1585621
Note

Validerad;2021;Nivå 2;2021-08-17 (johcin)

Available from: 2021-08-17 Created: 2021-08-17 Last updated: 2021-10-02Bibliographically approved
In thesis
1. Autonomic Management of System of Systems Security
Open this publication in new window or tab >>Autonomic Management of System of Systems Security
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The digitalization of manufacturing industry and the profound reliance on interconnected System of Systems (SoS) is demanding for innovative solutions that can handle production processes, while making use of the new data that is being generated by various connected devices. Innovations based on collecting, evaluating, and using this data can improve existing processes and create new business models. Although this is beneficial to the user, at the same time, it opens the way for adversaries to exploit new vulnerabilities. Since the factories are exposing their internal production processes to the internet, security is one of the challenges that should be addressed in this new digitalization era, referred to as the fourth industrial revolution or Industry 4.0. Furthermore, security cannot be seen as independent from other non-functional requirements of SoS, e.g. performance or safety aspects. Addressing security without risking to negatively affect other aspects and vice versa is a main concern for such interconnected systems.

This thesis outlines the progress made towards security management and mitigation in SoS. It proposes an automated and secure onboarding procedure, which is required to introduce a new device in a SoS environment without compromising the already on-boarded devices and the underlying infrastructure. The proposed procedure establishes a chain of trust from the hardware device to its hosted application systems and their provided services by creating a chain of digital certificates. Thus, it allows to rely on the information on which “smart” decisions are being based, while ensuring a secure and trusted communication between the interacting systems.

Even with security controls in place, e.g. the automated onboarding procedure, maintaining a required security level for the SoS as a whole is difficult due to uncertainties that may occur at runtime. Uncertainties may occur due to internal factors, e.g. malfunction of a system, or external factors, e.g. malicious attacks. One approach that can tackle these uncertainties at run time and manage trade-offs between security and other non-functional requirements is self-adaptation. Self-adaptation enables a system to adapt in the face of such uncertainties without human intervention.

This thesis proposes a generic autonomic management system aimed to support the engineers in building self-adaptive systems that should cope with dynamic changes of the environment and system itself, while considering the expected rapid advances of system attacks. Given its generic property, the system can be reused and extended for a variety of use cases without requiring major modifications. This will reduce the software engineering effort needed to implement the generic control mechanisms. A prototype of the system has been implemented and tested.
Place, publisher, year, edition, pages
Luleå University of Technology, 2021
Series
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Keywords
System of Systems, Security, Self-Adaptation, Autonomic Management, Eclipse Arrowhead
National Category
Computer Sciences
Research subject
Cyber-Physical Systems
Identifiers
urn:nbn:se:ltu:diva-87316 (URN)978-91-7790-942-2 (ISBN)978-91-7790-943-9 (ISBN)
Public defence
2021-11-17, E632, Luleå, 10:00 (English)
Opponent
Supervisors
Available from: 2021-10-04 Created: 2021-10-02 Last updated: 2022-01-03Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Maksuti, SiliaBicaku, AniDelsing, Jerker

Search in DiVA

By author/editor
Maksuti, SiliaBicaku, AniDelsing, Jerker
By organisation
Embedded Internet Systems Lab
In the same journal
IEEE Access
Embedded Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 172 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
Researcher: Register
|
Student: Register
|
Contact
|
WCAG