In modern networking industrial environments, characterized by the integration of Operation Technology and Information Technology, there is a strong need to ensure both safety and security of operations and communications. In this regard, IEC 62443 zones and conduits represent powerful high-level abstractions stressing the importance of clearly separating machines in relation to safety requirements and of clearly defining inter-machine communication security requirements. However, their actual implementation is still demanded to human-centric error-prone procedures performed by technicians directly on network elements, without any integrated plant-wide point of view. To overcome these issues, first of all we originally state the need of applying the Digital Twin approach to zones and conduits, making easier the definition and management of inter-machine security requirements. For instance, industrial technicians can specify that communication among two zones should always flows through a ciphered conduit with a given algorithm and key length, at the cost of increased latency. Secondly, we state the need of exploiting an intelligent reasoner to monitor the current state of the environment (represented by asset and network Digital Twins), actively reconfiguring them in case desired requirements are not satisfied. Then, the reasoner allows to enforce requirements while also considering the fulfillment of a proper trade-off between security and performance, e.g., by reducing the ciphering complexity to ensure prompt packet dispatching whenever required. Performance results based on our working prototype demonstrate the feasibility and efficiency of the proposed solution under stringent requirements typical of industrial environments. In particular, in terms of better flexibility we proved that our orchestrator is able to create a new Digital Twin in less than 2.5 s in a typical edge node with a medium load. In addition, proposed routing policies based on our machine learning reasoner led to the satisfaction of well-defined low latency requirements (250 ms) while avoiding packet dropping.

Digital twin oriented architecture for secure and QoS aware intelligent communications in industrial environments / Bellavista, P.; Giannelli, C.; Mamei, M.; Mendula, M.; Picone, M.. - In: PERVASIVE AND MOBILE COMPUTING. - ISSN 1574-1192. - 85:(2022), pp. 101646-N/A. [10.1016/j.pmcj.2022.101646]

Digital twin oriented architecture for secure and QoS aware intelligent communications in industrial environments

Mamei M.;Picone M.
2022

Abstract

In modern networking industrial environments, characterized by the integration of Operation Technology and Information Technology, there is a strong need to ensure both safety and security of operations and communications. In this regard, IEC 62443 zones and conduits represent powerful high-level abstractions stressing the importance of clearly separating machines in relation to safety requirements and of clearly defining inter-machine communication security requirements. However, their actual implementation is still demanded to human-centric error-prone procedures performed by technicians directly on network elements, without any integrated plant-wide point of view. To overcome these issues, first of all we originally state the need of applying the Digital Twin approach to zones and conduits, making easier the definition and management of inter-machine security requirements. For instance, industrial technicians can specify that communication among two zones should always flows through a ciphered conduit with a given algorithm and key length, at the cost of increased latency. Secondly, we state the need of exploiting an intelligent reasoner to monitor the current state of the environment (represented by asset and network Digital Twins), actively reconfiguring them in case desired requirements are not satisfied. Then, the reasoner allows to enforce requirements while also considering the fulfillment of a proper trade-off between security and performance, e.g., by reducing the ciphering complexity to ensure prompt packet dispatching whenever required. Performance results based on our working prototype demonstrate the feasibility and efficiency of the proposed solution under stringent requirements typical of industrial environments. In particular, in terms of better flexibility we proved that our orchestrator is able to create a new Digital Twin in less than 2.5 s in a typical edge node with a medium load. In addition, proposed routing policies based on our machine learning reasoner led to the satisfaction of well-defined low latency requirements (250 ms) while avoiding packet dropping.
2022
85
101646
N/A
Digital twin oriented architecture for secure and QoS aware intelligent communications in industrial environments / Bellavista, P.; Giannelli, C.; Mamei, M.; Mendula, M.; Picone, M.. - In: PERVASIVE AND MOBILE COMPUTING. - ISSN 1574-1192. - 85:(2022), pp. 101646-N/A. [10.1016/j.pmcj.2022.101646]
Bellavista, P.; Giannelli, C.; Mamei, M.; Mendula, M.; Picone, M.
File in questo prodotto:
File Dimensione Formato  
1-s2.0-S1574119222000736-main.pdf

Accesso riservato

Tipologia: Versione pubblicata dall'editore
Dimensione 1.51 MB
Formato Adobe PDF
1.51 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1286076
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 6
  • ???jsp.display-item.citation.isi??? 2
social impact