The SPIRS platform will be validated considering the following industrial
scenarios:
Industry 4.0:
SPIRS platform will be used to secure the network connectivity and smart devices within the warehouse and production area of the NEXT company that participates in SPIRS as end-user. The company makes use of two interconnected execution systems: (1) Logistic Execution System (LES) and (2) Manufacturing Execution System (MES) (see Figure below). The LES is designed to help storekeepers to manage the warehouse (loading and pick-up), and in particular to help them locate the components within the shelfs of the warehouse to reduce time to feed the production lines. When the storekeeper selects a component on his tablet, the smart box on the shelf, containing the component, makes a sound and lights up. Once the storekeeper picks-up the component, its bar code is scanned to update the registry of the warehouse. When new components arrive to the warehouse the storekeeper updates the
registry with the same tablet and bar code scanner. In this case the LES also suggests the storekeeper about the right position of the new components within the warehouse to minimize the proximity with the production line where they will be probably used; this optimization further reduces the time to feed the production line.
The MES is designed to monitor and control the machines to surface-mount technology (SMD, Surface-Mount Devices) in the production lines. The device manager acts as the middleware for the communication between the MES server and the production machines, taking care of the physical communications (e.g. Ethernet, RS-232, RS-485, etc.) and of the application layer protocol, making this complexity transparent to the MES server. Each production line is equipped a MES HMI (Human-Machine Interface), in the form of a stand-alone PC with a
large touch screen. The workers make use of this HMI to tap-in before starting their work shift and to tap-out at the end. The workers also use the HMI to select the type of production and sometimes, if needed, to ask the storekeepers for the required components. This request triggers a communication between the MES Server and LES Server: the storekeepers receive a request to feed the production line through their LES tablets.
SPIRS will provide a secure and privacy friendly communication of both execution systems (LES and MES) into network infrastructures, enabling the connection to remote servers in a safe way and performing event recording for audit and accountability on the grounds of the RoT. This will foster trustworthiness, ease the maintenance and update of smart devices through the implementation of techniques for predictive maintenance of machinery, and exchange of information with other external plants, which will eventually increase the overall production of the NEXT company in a short/medium term.
5G Infrastructure Management:
The SPIRS platform will be used to develop, test and validate security models to protect the multifarious assets in a complex 5G infrastructure, an abstraction of which is depicted in Figure 1.6. The figure abstracts a multi-tenant, multi-vendor, multi-site, multi-domain 5G eco-
system consisting of multiple network slices deployed across multiple NFV Infrastructure (NFVI) providing compute, network and storage resources. The tenants are connected to the end-users over one or more of the network slice(s), where each slice instance delivers a 5G service (i.e., eMBB, URLLC, mMTC) that is most suitable to the tenant business/service requirements. Network slices are composed of Virtualized Network Functions (VNFs) interconnected over Virtual Links (VL) to enable the service profile of a respective slice. Each slice can support multiple tenants, and each tenant can be a customer of multiple slices. The tenant, via these network slices, delivers their services to end-user domain, which comprises a diverse set of devices ranging from aerial and terrestrial drones/robots, connected autonomous vehicles, used communication devices, etc.
It is the very agility and flexibility that, besides offering a sophisticated service/resource/policy management framework, poses unprecedented security challenges owing to the dynamic paradigms towards service, policy and resource management. The key characteristics of this virtualized eco-system are the flexibility and agility it provides towards the customers (tenants and end-users) in terms of dynamic service provisioning, and its resource management via a complex Management and Orchestration (MANO) system, which poses unprecedented security challenges.
First and foremost, end-device authentication and authorization are an issue, as they keep changing to ensure service continuity. For example in the case of communication and surveillance drones and industrial robots that may need to be frequently changed, either because of power reasons or relocation prompting new network slice connectivity.
With regards to the MANO system, it has to manage diverse repositories with multi-vendor software images and service templates, based on which network slices are instantiated across multiple administrative NFVI domains. Therefore, it becomes crucial to ensure the authenticity and security of not only the software images and the VNFs, but also the sites over which they are to be deployed and the communication links.
It is with respect to the above diverse 5G infrastructure that SPIRS will develop robust security, authentication and authorization mechanism to ensure secure provisioning and management of 5G assets for service delivery to authenticated users. Namely, SPIRS will research new blockchain paradigms that will tackle the aforementioned problems of 5G networks infrastructure. The blockchain will not only secure the communication between 5G devices, but also ensure the integrity of their lifecycle by acting as an auditing platform.
Finally, recent state of the art will be extended investigating the performance of BFT protocols
coupled with TEE, as well as researching novel consensus algorithms that reduce the computational overhead of Proof-of-Work (PoW) without neglecting scalability.