Scroll Top


Design and Implementation of Security Services for the Industrial Internet of Things

Project Overview: 

We are witnessing, increasingly, the interests of the industry to modernize its control and automation systems, motivated in part by the exploitation of the market and the globalization of the sector. Its infrastructures and components will certainly open to the technical and competitive advantages of the today’s Internet for a better operational performance, productivity and provision of services. Concretely, the Indusrial Internet is an area where multiple paradigms, such as the Internet of Things (“Internet of Things”, IoT), are evolving and converging to offer a new industrial concept known as Industrial Internet of Things or simply: IIoT.

IIoT involves the grouping of a set of processes and distributed and heterogeneous systems interacting through different communication modes (Modbus-TCP, OPC-UA, etc.), resulting in a complex system based on multiple layers of functionality, diversity in access (wireless and wired) and concurrency. A level of complexity that, obviously, will bring about numerous problems related to security, reliability and availability of critical systems and services, further encouring adversaries to address persistent and advanced attacks (APTs). For this reason, the protection of these types of contexts through advanced security services (both at network level  and systems) hence becomes prioritary in the field of critical infrastructure protection.

Therefore, DISS-IIoT has as main objective to explore the inclusion of new security services to discover in real time[1][2] potential security gaps and attacks[3][1] – mainly those related with the monitoring and control of these critical systems . For the integration and testing of these services in realistic environments, DISS-IIoT provides a modular and integral test environment (I4Testbed) with support for both present and future challenges in this area.

The results of the DISS-IIoT project have been very varied, in terms of defense[4][5], attack detection[3] and tracking[1][2], as also indicated below in the references section.


  1. Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang (2019): Tracking APTs in Industrial Ecosystems: A Proof of Concept. In: Journal of Computer Security, vol. 27, pp. 521-546, 2019, ISSN: 0167-4048.
  2. Juan E. Rubio and Rodrigo Roman and Cristina Alcaraz and Yan Zhang (2018): Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics. In: European Symposium on Research in Computer Security (ESORICS 2018), pp. 555-574, Springer Springer, Barcelona, Spain, 2018.
  3. Cristina Alcaraz and Giuseppe Bernieri and Federica Pascucci and Javier Lopez and Roberto Setola (2019): Covert Channels-based Stealth Attacks in Industry 4.0. In: IEEE Systems Journal., vol. 13, pp. 3980-3988, 2019, ISSN: 1932-8184.
  4. Juan E. Rubio and Mark Manulis and Cristina Alcaraz and Javier Lopez (2019): Enhancing Security and Dependability of Industrial Networks with Opinion Dynamics. In: European Symposium on Research in Computer Security (ESORICS2019), pp. 263-280, 2019.
  5. Cristina Alcaraz (2019): Secure Interconnection of IT-OT Networks in Industry 4.0. In: Critical Infrastructure Security and Resilience: Theories, Methods, Tools and Technologies, pp. 201-217, Springer International Publishing, 2019, ISBN: 978-3-030-00024-0.