Securing IIoT using Defence-in-Depth: Towards an End-to-End Secure Industry 4.0
Aintzane Mosteiro Sanchez, Marc Barcelo, Jasone Astorga, Aitor Urbieta
Journal of Manufacturing Systems
Industry 4.0 uses a subset of the IoT, called Industrial IoT (IIoT) to achieve connectivity, interoperability and decentralisation. The deployment of industrial networks rarely considers security by design, but this becomes imperative in smart manufacturing as connectivity increases. The combination of OT and IT infrastructures in Industry 4.0 adds new security threats beyond those of traditional industrial networks. Defence-in-Depth (DiD) strategies tackle the complexity of this problem by providing multiple defence layers, each of these focusing on a particular set of threats. Additionally, the severe requirements of IIoT networks demand lightweight encryption algorithms. Nevertheless, these ciphers must provide E2E (End-to-End) security, as data pass through intermediate entities, or middleboxes, before reaching its destination. If compromised, middleboxes could expose vulnerable information to potential attackers if it is not encrypted throughout this path. This paper presents an analysis of the most relevant security strategies in Industry 4.0, focusing primarily on DiD. With these in mind, it proposes a combination of DiD, a lightweight E2E encryption algorithm called Attribute-Based-Encryption (ABE) and object security (i.e., OSCORE) to get a full E2E security approach. This analysis is a critical first step to develop more complex and lightweight security frameworks suitable for Industry 4.0.