The public defense of Apala Ray's doctoral thesis in Computer Science and Engineering

Doctoral thesis and Licentiate seminars

Datum: 2017-06-19
Tid: 13.15
Plats: Mälardalen University, room Filen (Verktyget), Eskilstuna.

The public defense of Apala Ray's doctoral thesis in Computer Science and Engineering will take place at Mälardalen university, room Kappa (Västerås Campus) at 13.15 on June 19, 2017.

The title of the thesis is “On Trust Establishment and Assessment for Industrial Communication Networks”.

The faculty examiner is Docent Leonardo Martucci, Karlstad University, and the examining committee consists of Professor Christian Rohner, Uppsala University; Docent Andreas Jacobsson, Malmö University; Docent Tomas Olovsson, Chalmers University of Technology. Reserve; Professor Thomas Nolte, MDH

The doctoral thesis has serial number 207. 

Abstract

The severity of cyber threats towards existing and future industrial systems has
resulted in an increase of security awareness in the industrial automation domain.
Compared to traditional information systems, industrial communication
systems have different performance and reliability requirements. The safety
and availability requirements can also sometimes conflict with the system security
design of plants. For instance, it is not acceptable to create a secure system
that may take up additional time to establish security and as a consequence disrupt
the production in plants. Similarly, a system that requires authentication
and authorization procedures before an emergency action may not be suitable
in industrial plants. On the other hand, the lack of security can hamper safety of
the plant. Therefore, there is a need for improvement of the security workflow
in industrial plants, so that the practical realization of security can be achieved.
This includes secure device deployment and secure data communication inside
the industrial plants. Furthermore, the industrial plant networks are heterogeneous
in terms of hardware, software, and protocols. This complicates security
assessment of industrial networks.
In this thesis, the focus is on achieving a secured communication infrastructure
for heterogeneous industrial networks. The initial trust establishment is the
starting point for enabling a secure communication infrastructure. A framework
for the initial trust establishment for industrial devices that can support
key management using the existing trust of employees in a plant is proposed.
With the help of a proof-of-concept implementation and security analysis, it
has been shown that the proposed framework is feasible to implement and satisfies
the security objectives. After establishing initial trust within industrial
devices, assessing heterogeneous security properties based on the network architecture is another focus of this thesis. A model to estimate the security
assurance of nodes in a heterogeneous network, where all devices are not having
the same level of security mechanisms, is given. Along with cyber security 
requirements of industrial plants, it is also necessary to consider other important
requirements of plants in terms of network performance. In this thesis,
identification of an optimized path between two systems in a heterogeneous
network in terms of the network performance and the network security is explored.
The applicability of this balancing approach has been demonstrated in
a specific case of smart grid application where security, network capacity and
reachability need to be optimal for successful network operation.