Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety
Authors: 
Sebastian N. Peters, 
Nikolai Puch, Michael P. Heinl, Philipp Zieris, Mykolai Protsenko, Thorsten Larsen-Vefring, Marcel Ely Gomes, Aliza Maftun, Thomas ZeschgAuthors Info & Claims
Sebastian N. Peters, Nikolai Puch, Michael P. Heinl, Philipp Zieris, Mykolai Protsenko, Thorsten Larsen-Vefring, Marcel Ely Gomes, Aliza Maftun, Thomas ZeschgAuthors Info & ClaimsARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
Article No.: 150, Pages 1 - 9
Abstract
The increasing digitization of modern flexible manufacturing systems has opened up new possibilities for higher levels of automation, paving the way for innovative concepts such as Equipment-as-a-Service. Concurrently, remote access has gained traction, notably accelerated by the COVID-19 pandemic. While some areas of manufacturing have embraced these advancements, safety applications remain localized. This work aims to enable the remote reset of local safety events. To identify necessary requirements, we conducted expert-workshops and analyzed relevant standards and regulations. These requirements serve as the foundation for a comprehensive security and safety concept, built around a secure gateway. It uses secure elements, crypto agility, PQC, and certificates for secure and authentic communication. To show its applicability, we implemented a prototype, which utilizes a gateway, cameras, and light barriers to monitor the danger zone of a robot and thus enable remote reset via public Internet. The real-world limitations we faced, were used to refine our requirements and concept iteratively. Ultimately, we present a secure and safe solution that enables the remote acknowledgment of safety-critical applications.
References
[1]
Gorjan Alagic, David Cooper, Quynh Dang, Thinh Dang, John M. Kelsey, Jacob Lichtinger, Yi-Kai Liu, Carl A. Miller, Dustin Moody, Rene Peralta, Ray Perlner, Angela Robinson, Daniel Smith-Tone, and Daniel Apon. 2022. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process. https://doi.org/10.6028/NIST.IR.8413
[2]
Mahyar Azarmipour, Ramy Hana, Zeeshan Ansar, and Tobias Kleinert. 2021. Secure Communication between Information Technology and Operational Technology. In IECON 2021 – 47th Annual Conference of the IEEE Industrial Electronics Society. IEEE, Toronto, ON, Canada, 1–6. https://doi.org/10.1109/IECON48115.2021.9589485
[3]
Mahyar Azarmipour, Christian Von Trotha, Caspar Gries, Tobias Kleinert, and Ulrich Epple. 2020. A Secure Gateway for the Cooperation of Information Technologies and Industrial Automation Systems. In IECON 2020 The 46th Annual Conference of the IEEE Industrial Electronics Society. IEEE, Singapore, Singapore, 53–58. https://doi.org/10.1109/IECON43393.2020.9254634
[4]
Daniel J. Bernstein. 2023. KyberSlash: Introduction. https://kyberslash.cr.yp.to/
[5]
Ward Beullens. 2022. Breaking Rainbow Takes a Weekend on a Laptop. In Advances in Cryptology – CRYPTO 2022(Lecture Notes in Computer Science), Yevgeniy Dodis and Thomas Shrimpton (Eds.). Springer Nature Switzerland, Cham, 464–479. https://doi.org/10.1007/978-3-031-15979-4_16
[6]
Scott O. Bradner. 1997. Key Words for Use in RFCs to Indicate Requirement Levels. https://doi.org/10.17487/RFC2119
[7]
Wouter Castryck and Thomas Decru. 2023. An Efficient Key Recovery Attack on SIDH. In Advances in Cryptology – EUROCRYPT 2023(Lecture Notes in Computer Science), Carmit Hazay and Martijn Stam (Eds.). Springer Nature Switzerland, Cham, 423–447. https://doi.org/10.1007/978-3-031-30589-4_15
[8]
Danny Dolev and Andrew Yao. 1983. On the security of public key protocols. IEEE Transactions on Information Theory 29, 2 (1983), 198–208. https://doi.org/10.1109/TIT.1983.1056650
[9]
Daniel Erdsiek. 2020. Press Release: Companies Plan to Keep Remote Work Arrangements After Crisis. https://www.zew.de/PM7293.
[10]
European Parliament, Council of the European Union. 2006. Directive 2006/42/EC of the European Parliament and of the Council of 17 May 2006 on machinery, and amending Directive 95/16/EC (recast) (Text with EEA relevance). https://eur-lex.europa.eu/eli/dir/2006/42/oj
[11]
Ben Feher, Lior Sidi, Asaf Shabtai, and Rami Puzis. 2016. The Security of WebRTC. https://doi.org/10.48550/arXiv.1601.00184
[12]
Antônio Augusto Fröhlich, Leonardo Passig Horstmann, and José Luis Conradi Hoffmann. 2023. A Secure IIoT Gateway Architecture Based on Trusted Execution Environments. Journal of Network and Systems Management 31, 2 (April 2023), 32. https://doi.org/10.1007/s10922-023-09723-6
[13]
Rosario Gennaro and Pankaj Rohatgi. 1997. How to Sign Digital Streams. In Advances in Cryptology, Burton S. Kaliski (Ed.). Springer Berlin Heidelberg, Berlin, Heidelberg, 180–197. https://doi.org/10.1007/BFb0052235
[14]
Michael Hauke 2019. Functional safety of machine controls: Application of EN ISO 13849. DGUV, Berlin. https://www.dguv.de/medien/ifa/en/pub/rep/pdf/reports-2019/report0217e/rep0217e.pdf
[15]
Mohamed Hefeeda and Kianoosh Mokhtarian. 2010. Authentication Schemes for Multimedia Streams: Quantitative Analysis and Comparison. ACM Transactions on Multimedia Computing, Communications, and Applications 6, 1, Article 6 (Feb. 2010), 24 pages. https://doi.org/10.1145/1671954.1671960
[16]
Michael P. Heinl, Alexander Giehl, Norbert Wiedermann, Sven Plaga, and Frank Kargl. 2019. MERCAT: A Metric for the Evaluation and Reconsideration of Certificate Authority Trustworthiness. In Proceedings of the 2019 ACM SIGSAC Conference on Cloud Computing Security Workshop(CCSW’19). Association for Computing Machinery, New York, NY, USA, 1–15. https://doi.org/10.1145/3338466.3358917
[17]
Michael P. Heinl, Maximilian Pursche, Nikolai Puch, Sebastian N. Peters, and Alexander Giehl. 2023. From Standard to Practice: Towards ISA/IEC 62443-Conform Public Key Infrastructures. In Computer Safety, Reliability, and Security, Jérémie Guiochet, Stefano Tonetta, and Friedemann Bitsch (Eds.). Vol. 14181. Springer Nature Switzerland, Berlin, Heidelberg, 196–210. https://doi.org/10.1007/978-3-031-40923-3_15
[18]
International Organization for Standardization. 2023. ISO 13849-1 Safety of Machinery - Safety-related Parts of Control Systems - Part 1: General Principles for Design.
[19]
ISO. 2010. IEC 61508-1 Functional safety of electrical/electronic/programmable electronic safety-related systems - Part 1: General requirements.
[20]
ISO. 2021. IEC 62061 Safety of machinery - Functional safety of safety-related control systems.
[21]
ISO/IEC JTC 1/SC 41. 2024. ISO/IEC TS 30168 ED1 Internet of Things (IoT) - Generic trust anchor application programming interface for industrial IoT devices.
[22]
Nadia Kanwal, Mamoona Naveed Asghar, Mohammad Samar Ansari, Martin Fleury, Brian Lee, Marco Herbst, and Yuansong Qiao. 2020. Preserving Chain-of-Evidence in Surveillance Videos for Authentication and Trust-Enabled Sharing. IEEE Access 8 (2020), 153413–153424. https://doi.org/10.1109/ACCESS.2020.3016211
[23]
Byoung-Koo Kim, Young-Jun Heo, and Jung-Chan Na. 2017. Design of Unidirectional Security Gateway System for Secure Monitoring of OPC-UA Data. In 2017 International Conference on Information and Communication Technology Convergence (ICTC). IEEE, Jeju, Korea (South), 1287–1288. https://doi.org/10.1109/ICTC.2017.8190923
[24]
Jaeheon Kim, Jooyoung Lee, Choonsoo Kim, Jungkeun Lee, and Daesung Kwon. 2010. A Description of the ARIA Encryption Algorithm. RFC 5794. https://doi.org/10.17487/RFC5794
[25]
Don Kuzhiyelil, Philipp Zieris, Marine Kadar, Sergey Tverdyshev, and Gerhard Fohler. 2020. Towards Transparent Control-Flow Integrity in Safety-Critical Systems. In Information Security(Lecture Notes in Computer Science), Willy Susilo, Robert H. Deng, Fuchun Guo, Yannan Li, and Rolly Intan (Eds.). Springer International Publishing, Cham, 290–311. https://doi.org/10.1007/978-3-030-62974-8_17
[26]
Sebastian Paul, Yulia Kuzovkova, Norman Lahr, and Ruben Niederhagen. 2022. Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3. In Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security (Nagasaki, Japan) (ASIA CCS ’22, 2021/1447). Association for Computing Machinery, New York, NY, USA, 727–740. https://doi.org/10.1145/3488932.3497755
[27]
Sebastian Paul and Melanie Niethammer. 2019. On the Importance of Cryptographic Agility for Industrial Automation: Preparing Industrial Systems for the Quantum Computing Era. De Gruyter AUTO 67, 5 (2019), 402–416. https://doi.org/10.1515/auto-2019-0019
[28]
Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. Request for Comments RFC 8446. Internet Engineering Task Force. https://doi.org/10.17487/RFC8446
[29]
Tobias Stelzer, Felix Oberhansl, Jonas Schupp, and Patrick Karl. 2023. Enabling Lattice-Based Post-Quantum Cryptography on the OpenTitan Platform. In Proceedings of the 2023 Workshop on Attacks and Solutions in Hardware Security(ASHES ’23). Association for Computing Machinery, New York, NY, USA, 51–60. https://doi.org/10.1145/3605769.3623993
[30]
Soo Fun Tan and Azman Samsudin. 2021. Recent Technologies, Security Countermeasure and Ongoing Challenges of Industrial Internet of Things (IIoT): A Survey. Sensors 21, 19 (Jan. 2021), 6647. https://doi.org/10.3390/s21196647
[31]
TRUMPF Werkzeugmaschinen SE + Co. KG. 2024. Pay per Part - Mit einem neuen Geschäftsmodell bezahlen Kunden nur die reine Maschinennutzung.https://www.trumpf.com/filestorage/TRUMPF_Master/Corporate/Newsroom/Press_releases/2022_23/Euroblech/20220921-PM-TRUMPF-Pay-per-Part.pdf
[32]
Algimantas Venčkauskas, Nerijus Morkevicius, Kazimieras Bagdonas, Robertas Damaševičius, and Rytis Maskeliūnas. 2018. A Lightweight Protocol for Secure Video Streaming. Sensors 18, 5 (May 2018), 1554. https://doi.org/10.3390/s18051554
[33]
Felix Wruck, Vasil Sarafov, Florian Jakobsmeier, and Michael Weiß. 2022. GyroidOS: Packaging Linux with a Minimal Surface. In Proceedings of the 2022 ACM Workshop on Secure and Trustworthy Cyber-Physical Systems. ACM, Baltimore MD USA, 87–96. https://doi.org/10.1145/3510547.3517917
Index Terms
- Gateway to the Danger Zone: Secure and Authentic Remote Reset in Machine Safety
Recommendations
Secure Safety: Secure Remote Access to Critical Safety Systems in Offshore Installations
ATC '08: Proceedings of the 5th international conference on Autonomic and Trusted ComputingSafety Instrumented Systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil & natural gas installations. SIS typically include the Emergency Shutdown System (ESD) that ensures that process systems return to ...
Secure remote access to autonomous safety systems: A good practice approach
Safety instrumented systems (SIS) as defined in IEC 61508 and IEC 61511 are very important for the safety of offshore oil and natural gas installations. Partly as a consequence of the evolving 'integrated operations' concept, a need is emerging for ...
Software-Based Remote Attestation for Safety-Critical Systems
ICSTW '13: Proceedings of the 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation WorkshopsAssuring system integrity to a remote communication partner through attestation is a security concept which also is very important for safety-critical systems facing security threats. Most remote attestation methods are based on integrity measurement ...
Comments
Information & Contributors
Information
Published In
July 2024
2032 pages
ISBN:9798400717185
DOI:10.1145/3664476
Copyright © 2024 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 30 July 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
- German Federal Ministry for Economic Affairs and Climate Action (BMWK)
Conference
ARES 2024
ARES 2024: The 19th International Conference on Availability, Reliability and Security
July 30 - August 2, 2024
Vienna, Austria
Acceptance Rates
Overall Acceptance Rate 228 of 451 submissions, 51%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 156Total Downloads
- Downloads (Last 12 months)156
- Downloads (Last 6 weeks)28
Reflects downloads up to 05 Jan 2025
Other Metrics
Citations
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in