Security Framework
9 : Protecting Communications and Connectivity
The figure below shows prominent communication and connectivity standards at different OSI layers . An in-depth discussion of connectivity assessment is provided in the ‘ Industrial Internet Connectivity Reference Architecture ’.
Figure 9-3 : Example of IIoT core Communication & Connectivity Standards
9.1.4 CRYPTOGRAPHIC PROTECTION FOR DIFFERENT COMMUNICATIONS AND CONNECTIVITY PARADIGMS
Different information exchange patterns have different security requirements . Widely used patterns in IIoT systems include request-response pattern and publish-subscribe pattern .
The request-response pattern can be used at any layer of the stack . Protocols using this pattern include Java Remote Method Invocation ( Java RMI ), Web Services / SOAP , Remote Procedure Call over Data Distribution Service ( RPC-over-DDS ), Open Platform Communication ( OPC ), Global Platform Secure Channel Protocol and Modbus . They vary in their support for security ; For example , Modbus can ’ t suppress broadcast messages , doesn ’ t provide message checksums and lacks support of authentication and encryption .
The primary types of threats for publish-subscribe communication pattern are unauthorized subscription , unauthorized publication , tampering and replay and unauthorized access to exchanged data . Some implementations of this pattern ( e . g ., classic MQTT and AMQP ) rely on intermediary message brokers store-and-forward messages , but the message broker could be a single point of failure . An alternative approach is broker-free , peer-to-peer implementations such as the DDS standard .
IIC : PUB : G4 : V1.0 : PB : 20160926 - 85 -