Connectivity Framework
5: Connectivity Transport Layer
connectivity framework based on the connection-oriented transport may preclude it from providing a connectionless data exchange.
5.1.5 PRIORITIZATION
IIoT systems need to ensure that critical data is delivered ahead of non-critical data.
The connectivity transport function can provide the ability to prioritize some messages over others in the data exchange between endpoints.
5.1.6 TIMING & SYNCHRONIZATION
IIoT systems need a way to synchronize local endpoint clocks over a connectivity transport network. Many methods are in use today, including NTP- or PTP-based time synchronization and GPS clocks, and new approaches are in development.
The connectivity transport function may provide the ability to synchronize time across the network.
5.1.7 MESSAGE SECURITY
The security mechanisms provided by the connectivity transport layer should implement and enforce the connectivity-framework-layer data security function( see section 4.1.11).
Transport layer security involves both the messaging protocol and the network layer security. Both should provide mechanisms for endpoint authentication, message encryption and message authentication. Security implemented by each function may provide controls with different granularity and be separately administered.
At the network level, network endpoint security mechanisms can grant access based on policy and enforce security by means of encrypted virtual local area networks( VLANs) and firewalls.
At the messaging protocol level, message oriented security mechanisms based on policy can enforce permissions by fine-grained cryptographic means. For example, different data flows may be configured to use different cryptographic keys such that permissions granted to an application to access one flow does not allow it to observe a different flow.
There may be multiple transport and network hops between endpoints. End-to-end security is desired, and security should not be compromised when crossing gateways, proxies and bridges between the endpoints.
For more details, please refer to the Industrial Internet Security Framework( IISF) 1.
1
See [ IIC-IISF2016 ] IIC: PUB: G5: V1.0: PB: 20170228- 40-