logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-06172023-091037


Tipo di tesi
Tesi di laurea magistrale
Autore
BOSCHI, GIANLUCA
URN
etd-06172023-091037
Titolo
Vulnerability analysis of Industrial IoT protocols: developing a secure multi-protocol application for industrial PLCs
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof. Garroppo, Rosario Giuseppe
relatore Prof. Pagano, Michele
Parole chiave
  • authentication
  • cloud
  • communication protocols
  • crypto-element
  • cyber-physical system
  • cybersecurity
  • encryption
  • iiot
  • iot
  • key management
  • keys
  • modbus
  • opcua
  • security
  • security policies
  • tls
  • vpn
Data inizio appello
21/07/2023
Consultabilità
Completa
Riassunto
This thesis aims to explore the Industrial-IoT world, focusing on its vulnerabilities and security aspect, trying to assess the most common problems and trying to address some of them with the creation of a specific application. With the rapid growth of IIoT technologies, securing the vast network of interconnected devices and systems becomes paramount to ensure the integrity, confidentiality, and availability of critical industrial operations. The thesis begins by providing an in-depth analysis of the communication protocols commonly used in IIoT, such as OPC UA, Modbus, and Siemens S7, exploring the performance characteristics of these protocols and highlights their security features: understanding the strengths and limitations of each protocol, organizations can make informed decisions about their implementation in secure IIoT architectures. After anlyising the most common protocols in IIoT world, the thesis focuses on address the problem of secure multi-protocol data exchanging: in an environment with lot of different devices, that use different protocols, choosing the right client and gather data from PLC or machines is no more so easy. Furthermore, in an industrial scenario the need of a secure and robust architecture to exchange data is stringent. Those needs and requirements are meet with the application I develop in this work.
In the next part of the thesis, more related to the developing and practical work, various tools have been analysed to present how the application and data could be secured.
The thesis investigates various security measures and technologies that play a crucial role in safeguarding IIoT communications. It examines the role of Virtual Private Networks (VPNs) in establishing secure and private connections over public networks, the encryption, authentication, and key management mechanisms employed by VPNs to ensure data confidentiality and integrity.
Another key focus of the thesis is Transport Layer Security (TLS) and Secure Shell (SSH). It analyzes the security aspects of these protocols, including encryption algorithms, certificate-based authentication, and vulnerabilities associated with their implementation. By understanding the security considerations and best practices for TLS and SSH, organizations can fortify their IIoT systems against potential threats. The thesis also highlights the importance of identifying and addressing vulnerabilities and potential attacks in IIoT environments, making a brief survey on the state of art of attacks and vulnerabilities of the most important IIoT protocols. It covers common attack vectors such as man-in-the-middle attacks, remote timing attacks, and known vulnerabilities in specific protocols. By recognizing these threats, organizations can develop robust defense strategies and implement appropriate security controls.
Finally the thesis show how the application developed during the work can be used to facilitate the job of retrieve data from machines, assessing what are the important information, or what is inside of the machine; the application have been also interfaced with a Cloud, using TLS and a IoT device, to ensure secure data storing and exchange.
In conclusion, "Vulnerability analysis of Industrial IoT protocols: developing a secure multi-protocol application for industrial PLC" provides a comprehensive overview of the security in IIoT systems, showing vulnerabilities, attacks, opportunities and solutions, and offering a secure-application that address lot of security issues in industrial world. By implementing the recommended security measures, and using the application organizations can mitigate potential risks, protect critical infrastructure, and ensure the resilience and integrity of their industrial operations in the evolving landscape of the Industrial Internet of Things.
File