Revistas
Revista:
IEEE INTERNET OF THINGS JOURNAL
ISSN:
2327-4662
Año:
2021
Vol.:
8
N°:
17
Págs.:
13306 - 13315
The European Union is moving toward the "smart" era having as one of the key topics the smart mobility. What is more, the European union (EU) is moving toward Mobility as a Service (MaaS). The key concept behind MaaS is the capability to offer both the traveler's mobility and goods' transport solutions based on travel needs. For example, unique payment methods, intermodal tickets, passenger services, freight transport services, etc. The introduction of new services implies the integration of many Internet-of-Things (IoT) sensors. At this point, security gains a key role in the railway sector. Considering an environment where sensor data are monitored from sensor events, and alarms are detected and emitted when events contain an anomaly, this document proposes the development of an alarms collection system, which ensures both traceability and privacy of these alarms. This system is based on Ethereum blockchain events-log, as an efficient storage mechanism, which guarantees that any railway entity can participate in the network, ensuring both entity security and information privacy.
Revista:
SENSORS
ISSN:
1424-8220
Año:
2021
Vol.:
21
N°:
16
Págs.:
5438
Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.
Revista:
ACM COMPUTING SURVEYS
ISSN:
0360-0300
Año:
2020
Vol.:
53
N°:
2
Págs.:
44
Industrial Internet of Things (IIoT) is present in many participants from the energy, health, manufacturing, transport, and public sectors. Many factors catalyze IIoT, such as robotics, artificial intelligence, and intelligent decentralized manufacturing. However, the convergence between IT, OT, and to I' environments involves the integration of heterogeneous technologies through protocols, standards, and buses. However, this integration brings with it security risks. To avoid the security risks, especially when systems in different environments interact, it is important and urgent to create an early consensus among the stakeholders on the IIoT security. The default Common Vulnerability Scoring System (CVSS) offers a mechanism to measure the severity of an asset's vulnerability and therefore a way to characterize the risk. However, CVSS by default has two drawbacks. On the one hand, to carry out a risk analysis, it is necessary to have additional metrics to the one established by CVSSv3.1. On the other hand, this index has been used mostly in IT environments and although there are numerous efforts to develop a model that suits industrial environments, there is no established proposal. Therefore, we first propose a survey of the main 33 protocols, standards, and buses used in an IIoT environment. This survey will focus on the security of each one. The second part of our study consists of the creation of a framework to characterize risk in industrial environments, i.e., to solve both problems of the CVSS index. To this end, we created the Vulnerability Analysis Framework (VAF), which is a methodology that allows the analysis of 1,363 vulnerabilities to establish a measure to describe the risk in IIoT environments.
Revista:
IEEE ACCESS
ISSN:
2169-3536
Año:
2020
Vol.:
8
Págs.:
109266 - 109274
Communication technologies are in continuous evolution and as well, the different applications making use of them. In order to succeed with the roll-out of the communication-based applications, it is required that the communications technologies are intensively tested and validated before deployment. Current strategies for testing and validation cover field tests and laboratory tests. Railways is also taking advantage of the communication technologies evolution, and therefore, there is a need for having testing and validation strategies adapted to the railway environment, especially for safety-critical applications. Field tests and laboratory tests also apply in Railways. In the frame of laboratory tests, this paper includes an overview of different network emulators existing currently in the market. Furthermore, an analysis of the gaps of the network emulators with regards to the needs of the railways environment is also included. The goal of this paper is to show that network emulators are a flexible cost-effective solution for communication technologies testing purposes. Additionally, this paper also shows that there is a need to adapt current emulators to the railway environment in order to test and validate the future railway applications based on communication technologies.
Revista:
INTERNATIONAL JOURNAL OF INTERDISCIPLINARY TELECOMMUNICATIONS AND NETWORKING
ISSN:
1941-8663
Año:
2020
Vol.:
12
N°:
4
Págs.:
118 - 131
With the expansion and development of the internet protocol, the number of cybersecurity vulnerabilities has also increased. However, it is difficult to find a reliable way to detect the vulnerability in the internet-exposed asset. This paper proposes a new design of analysis platform that integrates the cybersecurity data and an internet-exposed asset search engine. Based on this design, it provides a convenient and up-to-date solution for the users to detect the devices' vulnerability crossing internet. Meanwhile, this platform offers suggestions in terms of resolving the cybersecurity problem.
Revista:
SENSORS
ISSN:
1424-8220
Año:
2019
Vol.:
19
N°:
20
Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.
Revista:
COMPUTERS
ISSN:
2073-431X
The growing adoption of Radio-frequency Identification (RFID) systems, particularly in the healthcare field, demonstrates that RFID is a positive asset for healthcare institutions. RFID offers the ability to save organizations time and costs by enabling data of traceability, identification, communication, temperature and location in real time for both people and resources. However, the RFID systems challenges are financial, technical, organizational and above all privacy and security. For this reason, recent works focus on attribute-based access control (ABAC) schemes. Currently, ABAC are based on mostly centralized models, which in environments such as the supply chain can present problems of scalability, synchronization and trust between the parties. In this manuscript, we implement an ABAC model in RFID systems based on a decentralized model such as blockchain. Common criteria for the selection of the appropriate blockchain are detailed. Our access control policies are executed through the decentralized application (DApp), which interfaces with the blockchain through the smart contract. Smart contracts and blockchain technology, on the one hand, solve current centralized systems issues as well as being flexible infrastructures that represent the relationship of trust and support essential in the ABAC model in order to provide the security of RFID systems. Our system has been designed for a supply chain environment with an use case suitable for healthcare systems, so that assets such as surgical instruments containing an associated RFID tag can only access to specific areas. Our system is deployed in both a local and Testnet environment in order to stablish a deep comparison and determining the technical feasibility.
Revista:
QUALITY AND RELIABILITY ENGINEERING INTERNATIONAL
ISSN:
0748-8017
Año:
2019
Vol.:
35
N°:
2
Págs.:
561 - 571
A malicious attack on a safety-critical system can derive in an undesired behavior of the system that may result in a failure. In this case, the reliability of the device is decreased, and it might affect directly to safety. Therefore, the security is also an essential issue to consider in the design of safety-critical systems. The main problem when safety and security are considered is to make them work together without interfering each other. A safety-critical device needs to be certified following standards like IEC-61508, and any security mechanisms must not affect this certification. This paper describes a system that integrates safety and security mechanisms to improve reliability without affecting safety certification. With the aim of reaching the required safety level, a redundant system is considered. This system is an n out of m distributed and synchronized voter. The synchronization method is based on the precision time protocol (IEEE-1588) allowing that all devices on a local network have the same time.
Revista:
MULTIMEDIA TOOLS AND APPLICATIONS
ISSN:
1380-7501
Año:
2018
Vol.:
77
N°:
7
Págs.:
7977 - 8000
The popular Internet service, YouTube, has adopted by default the HyperText Markup Language version 5 (HTML5). With this adoption, YouTube has moved to Dynamic Adaptive Streaming over HTTP (DASH) as Adaptive BitRate (ABR) video streaming technology. Furthermore, rate adaptation in DASH is solely receiver-driven. This issue motivates this work to make a deep analysis of YouTube's particular DASH implementation. Firstly, this article provides a state of the art about DASH and adaptive streaming technology, and also YouTube traffic characterization related work. Secondly, this paper describes a new methodology and test-bed for YouTube's DASH implementation traffic characterization and performance measurement. This methodology and test-bed do not make use of proxies and, moreover, they are able to cope with YouTube traffic redirections. Finally, a set of experimental results are provided, involving a dataset of 310 YouTube's videos. The depicted results show a YouTube's traffic pattern characterization and a discussion about allowed download bandwidth, YouTube's consumed bitrate and quality of the video. Moreover, the obtained results are cross-validated with the analysis of HTTP requests performed by YouTube's video player. The outcomes of this article are applicable in the field of Quality of Service (QoS) and Quality of Experience (QoE) management. This is valuable information for Internet Service Providers (ISPs), because QoS management based on assured download bandwidth can be used in order to provide a target end-user's QoE when YouTube service is being consumed.
Revista:
IEEE VEHICULAR TECHNOLOGY MAGAZINE
ISSN:
1556-6072
Año:
2018
Vol.:
13
N°:
1
Págs.:
48 - 55
Most critical applications today depend on computers, so a computer failure can cause financial disaster, serious injury, or even death. In this context, railways are considered a critical application, so they must meet the highest standards of availability and safety. Availability ensures continuous operation of the system, while a safe system must behave correctly in all operating and environmental conditions.
Revista:
PROMET-TRAFFIC AND TRANSPORTATION
ISSN:
0353-5320
Año:
2017
Vol.:
29
N°:
2
Págs.:
213 - 223
It is necessary to verify the faults tolerance of the European Train Control System (ETCS) on-board unit even if these faults are uncommon. Traditional test methods defined and used in ETCS do not allow to check this, so it is necessary to develop a new mechanism of tests. This paper presents the design and implementation of a saboteur applied to the railway sector. The main purpose of the saboteur is the fault injection in the communication interfaces. By means of a virtual laboratory it is possible to simulate actual train journeys to test the ETCS on-board unit. Making use of the saboteurs andthe virtual laboratory it is possible to analyse the behaviour of the train in the presence of unexpected faults, and to verify that the decisions taken are correct to ensure the required safety level. Therefore, this work shows a testing strategy based on different kinds of train journeys when faults are injected, and the analysis of the results.
Revista:
LECTURE NOTES IN COMPUTER SCIENCE
ISSN:
0302-9743
A SDK (Software Development Kit) to test, develop or improve safety-critical systems is presented. The SDK has three main modules: voter, saboteur and sniffer. The voter can be configured as ¿m out of n¿ where m and n can be any number but always n > m, each redundant channel uses a microcontroller as a main system. The saboteur examines the information that goes through the information interchange path, altering it and generating faulty data, modification of the evaluation hardware is minimized by using saboteurs in the communication between elements. The sniffer can display the data that passes over a network, it can be configured to handle three different protocols UART, CAN or TCP/IP.
Revista:
INTERNATIONAL JOURNAL OF ENGINEERING AND INNOVATIVE TECHNOLOGY
ISSN:
2277-3754
Año:
2014
Vol.:
4
N°:
5
Págs.:
67 - 73
User QoE can be used to provide context-awareness to multimedia networks as it is the most valuable parameter to identify the needed network resources and provide an adaptation which offers an optimum service for each user. This article provides a brief survey of techniques that can be used to deal with QoE adaptation, and an end-to-end context-aware architecture proposed in R2D2 multimedia network (developed within European CELTIC program). The QoE support and the role of the Home Gateway (HG) within this network will also be highlighted
Revista:
STUDIES IN HEALTH TECHNOLOGY AND INFORMATICS
ISSN:
0926-9630
Año:
2013
Vol.:
189
Págs.:
38-43
Portable systems and global communications open a broad spectrum for new health applications. In the framework of electrophysiological applications, several challenges are faced when developing portable systems embedded in Cloud computing services. In order to facilitate new developers in this area based on our experience, five areas of interest are presented in this paper where strategies can be applied for improving the performance of portable systems: transducer and conditioning, processing, wireless communications, battery and power management. Likewise, for Cloud services, scalability, portability, privacy and security guidelines have been highlighted.