Show simple item record

dc.contributor.authorTsuchiya, Akihiro
dc.contributor.authorFraile, Francisco
dc.contributor.authorKoshijima, Ichiro
dc.contributor.authorOrtiz, Angel
dc.contributor.authorPoler Escoto, Raúl
dc.date.accessioned2018-06-07T16:50:29Z
dc.date.available2018-06-07T16:50:29Z
dc.date.issued2018-04
dc.identifier.citationTsuchiya, A. [et al.]. Software Defined Networking Firewall for Industry 4.0 Manufacturing Systems. "Journal of Industrial Engineering and Management", Abril 2018, vol. 11, núm. 2, p. 318-332.
dc.identifier.issn2013-0953
dc.identifier.urihttp://hdl.handle.net/2117/117894
dc.description.abstractPurpose: In order to leverage automation control data, Industry 4.0 manufacturing systems require industrial devices to be connected to the network. Potentially, this can increase the risk of cyberattacks, which can compromise connected industrial devices to acquire production data or gain control over the production process. Search engines such as Sentient Hyper-Optimized Data Access Network (SHODAN) can be perverted by attackers to acquire network information that can be later used for intrusion. To prevent this, cybersecurity standards propose network architectures divided into several networks segments based on system functionalities. In this architecture, Firewalls limit the exposure of industrial control devices in order to minimize security risks. This paper presents a novel Software Defined Networking (SDN) Firewall that automatically applies this standard architecture without compromising network flexibility. Design/methodology/approach: The proposed SDN Firewall changes filtering rules in order to implement the different network segments according to application level access control policies. The Firewall applies two filtering techniques described in this paper: temporal filtering and spatial filtering, so that only applications in a white list can connect to industrial control devices. Network administrators need only to configure this application-oriented white lists to comply with security standards for ICS. This simplifies to a great extent network management tasks. Authors have developed a prototype implementation based on the OPC UA Standard and conducted security tests in order to test the viability of the proposal. Findings: Network segmentation and segregation are effective counter-measures against network scanning attacks. The proposed SDN Firewall effectively configures a flat network into virtual LAN segments according to security standard guidelines. Research limitations/implications: The prototype implementation still needs to implement several features to exploit the full potential of the proposal. Next steps for development are discussed in a separate section. Practical implications: The proposed SDN Firewall has similar security features to commercially available application Firewalls, but SDN Firewalls offer additional security features. First, SDN technology provides improved performance, since SDN low-level processing functions are much more efficient. Second, with SDN, security functions are rooted in the network instead of being centralized in particular network elements. Finally, SDN provides a more flexible and dynamic, zero configuration framework for secure manufacturing systems by automating the rollout of security standard-based network architectures. Social implications: SDN Firewalls can facilitate the deployment of secure Industry 4.0 manufacturing systems, since they provide ICS networks with many of the needed security capabilities without compromising flexibility. Originality/value: The paper proposes a novel SDN Firewall specifically designed to secure ICS networks. A prototype implementation of the proposed SDN Firewall has been tested in laboratory conditions. The prototype implementation complements the security features of the OPC UA communication standard to provide a holistic security framework for ICS networks.
dc.format.extent15 p.
dc.language.isoeng
dc.publisherOmniaScience
dc.rightsAttribution-NonCommercial 3.0 Spain
dc.rights.urihttp://creativecommons.org/licenses/by-nc/3.0/es/
dc.subjectÀrees temàtiques de la UPC::Informàtica
dc.subject.lcshFirewalls (Computer security)
dc.subject.lcshComputer security
dc.subject.lcshComputer networks--Security measures
dc.subject.otherCyber security
dc.subject.otherCPS
dc.subject.otherMES
dc.subject.otherSDN
dc.subject.otherOPC UA
dc.titleSoftware Defined Networking Firewall for Industry 4.0 Manufacturing Systems
dc.typeArticle
dc.subject.lemacTallafocs (Seguretat informàtica)
dc.subject.lemacSeguretat informàtica
dc.subject.lemacOrdinadors, Xarxes d' -- Mesures de seguretat
dc.identifier.doi10.3926/jiem.2534
dc.identifier.dlB-28744-2008
dc.description.peerreviewedPeer Reviewed
dc.rights.accessOpen Access
upcommons.citation.publishedtrue
upcommons.citation.publicationNameJournal of Industrial Engineering and Management
upcommons.citation.volume11
upcommons.citation.number2
upcommons.citation.startingPage318
upcommons.citation.endingPage332


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Except where otherwise noted, content on this work is licensed under a Creative Commons license: Attribution-NonCommercial 3.0 Spain