Design and Implementation of Security Services for the Industrial Internet of Things

First Own Plan of Investigation and Transfer of the University of Malaga (UMA)
Duration: 10/09/2017 to 10/10/2019

Project Overview: 

We are witnessing, increasingly, the interests of the industry to modernize its control and automation systems, motivated in part by the exploitation of the market and the globalization of the sector. Its infrastructures and components will certainly open to the technical and competitive advantages of the today’s Internet for a better operational performance, productivity and provision of services. Concretely, the Indusrial Internet is an area where multiple paradigms, such as the Internet of Things ("Internet of Things", IoT), are evolving and converging to offer a new industrial concept known as Industrial Internet of Things or simply: IIoT.

IIoT involves the grouping of a set of processes and distributed and heterogeneous systems interacting through different communication modes (Modbus-TCP, OPC-UA, etc.), resulting in a complex system based on multiple layers of functionality, diversity in access (wireless and wired) and concurrency. A level of complexity that, obviously, will bring about numerous problems related to security, reliability and availability of critical systems and services, further encouring adversaries to address persistent and advanced attacks (APTs). For this reason, the protection of these types of contexts through advanced security services (both at network level  and systems) hence becomes prioritary in the field of critical infrastructure protection.

Therefore, DISS-IIoT has as goal to explore the inclusion of new security services to discover in real time [1][2] potential security gaps and attacks [3][1] - mainly those related with the monitoring and control of these critical systems . For the integration and testing of these services in realistic environments, DISS-IIoT provides a modular and integral test environment (I4Testbed) with support for both present and future challenges in this area.


  1. J. E. Rubio, R. Roman, C. Alcaraz, and Y. Zhang, "Tracking APTs in Industrial Ecosystems: A Proof of Concept",
    Journal of Computer Security, vol. 27, issue 5, Elsevier, pp. 521-546, 09/2019. (I.F.: 3.579)More..
    Impact Factor: 3.579
    Journal Citation Reports® Science Edition (Thomson Reuters, 2019)

  2. J. E. Rubio, R. Roman, C. Alcaraz, and Y. Zhang, "Tracking Advanced Persistent Threats in Critical Infrastructures through Opinion Dynamics",
    European Symposium on Research in Computer Security (ESORICS 2018), vol. 11098, Springer, pp. 555-574, 08/2018. DOI More..


    Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and correspondingly deploy accurate response procedures.

  3. C. Alcaraz, G. Bernieri, F. Pascucci, J. Lopez, and R. Setola, "Covert Channels-based Stealth Attacks in Industry 4.0",
    IEEE Systems Journal., vol. 13, issue 4, IEEE, pp. 3980-3988, 12/2019. DOI (I.F.: 3.987)More..


    Industry 4.0 advent opens several cyber-threats scenarios originally designed for classic information technology, drawing the attention to the serious risks for the modern industrial control networks. To cope with this problem, in this paper we address the security issues related to covert channels applied to industrial networks, identifying the new vulnerability points when information technologies converge with operational technologies such as edge computing infrastructures. Specifically, we define two signaling strategies where we exploit the Modbus/TCP protocol as target to set up a covert channel. Once the threat channel is established, passive and active offensive attacks (i.e. data exfiltration and command an control, respectively) are further exploited by implementing and testing them on a real Industrial Internet of Things testbed. The experimental results highlight the potential damage of such specific threats, and the easy extrapolation of the attacks to other types of channels in order to show the new risks for Industry 4.0. Related to this, we discuss some countermeasures to offer an overview of possible mitigation and defense measures.

    Impact Factor: 3.987
    Journal Citation Reports® Science Edition (Thomson Reuters, 2019)