Song Son Ha, Henry Beuster, T. Doebbert, G. Scholl
{"title":"基于fpga的iot - it网络分离单向网关方案以保护工业自动化系统","authors":"Song Son Ha, Henry Beuster, T. Doebbert, G. Scholl","doi":"10.1109/INDIN51400.2023.10218126","DOIUrl":null,"url":null,"abstract":"A new FPGA-based approach for a data diode transmitting data unidirectionally from a high security zone to a lower security zone is evaluated and implemented. With the FPGA implementation, the need of additional hardware could be minimized compared to most state-of-the-art data diode realizations. The proposed data diode is designed to use the available backplane bus communication protocol between the programmable logic controller (PLC) and its connected peripherals. To demonstrate the universal approach an open-source platform based on the Revolution Pi (RevPi) and its backplane bus is used. Principally the data diode behaves as a mirror presenting the complete protected system behind the high security zone including the RevPi controller and its devices to the information technology (IT) network. Another controller within the lower security zone is used to imitate the operational technology (OT) process. Our approach is not limited to the above controller and can be applied to any type of PLC. The only requirement is that the communication protocol on the backplane bus is known and can be modified for this purpose.","PeriodicalId":174443,"journal":{"name":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An FPGA-based Unidirectional Gateway Proposal for OT-IT Network Separation to Secure Industrial Automation Systems\",\"authors\":\"Song Son Ha, Henry Beuster, T. Doebbert, G. Scholl\",\"doi\":\"10.1109/INDIN51400.2023.10218126\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A new FPGA-based approach for a data diode transmitting data unidirectionally from a high security zone to a lower security zone is evaluated and implemented. With the FPGA implementation, the need of additional hardware could be minimized compared to most state-of-the-art data diode realizations. The proposed data diode is designed to use the available backplane bus communication protocol between the programmable logic controller (PLC) and its connected peripherals. To demonstrate the universal approach an open-source platform based on the Revolution Pi (RevPi) and its backplane bus is used. Principally the data diode behaves as a mirror presenting the complete protected system behind the high security zone including the RevPi controller and its devices to the information technology (IT) network. Another controller within the lower security zone is used to imitate the operational technology (OT) process. Our approach is not limited to the above controller and can be applied to any type of PLC. The only requirement is that the communication protocol on the backplane bus is known and can be modified for this purpose.\",\"PeriodicalId\":174443,\"journal\":{\"name\":\"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDIN51400.2023.10218126\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 IEEE 21st International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN51400.2023.10218126","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
提出并实现了一种基于fpga的数据二极管从高安全区域向低安全区域单向传输数据的新方法。与大多数最先进的数据二极管实现相比,FPGA实现可以最大限度地减少对额外硬件的需求。所提出的数据二极管被设计为在可编程逻辑控制器(PLC)与其连接的外设之间使用可用的背板总线通信协议。为了演示通用方法,使用了基于Revolution Pi (RevPi)及其背板总线的开源平台。数据二极管主要作为一面镜子,将包括RevPi控制器及其设备在内的高安全区后面的完整受保护系统呈现给信息技术(IT)网络。低安全区域内的另一个控制器用于模拟操作技术(OT)过程。我们的方法不局限于上述控制器,可以应用于任何类型的PLC。唯一的要求是背板总线上的通信协议是已知的,并且可以为此目的进行修改。
An FPGA-based Unidirectional Gateway Proposal for OT-IT Network Separation to Secure Industrial Automation Systems
A new FPGA-based approach for a data diode transmitting data unidirectionally from a high security zone to a lower security zone is evaluated and implemented. With the FPGA implementation, the need of additional hardware could be minimized compared to most state-of-the-art data diode realizations. The proposed data diode is designed to use the available backplane bus communication protocol between the programmable logic controller (PLC) and its connected peripherals. To demonstrate the universal approach an open-source platform based on the Revolution Pi (RevPi) and its backplane bus is used. Principally the data diode behaves as a mirror presenting the complete protected system behind the high security zone including the RevPi controller and its devices to the information technology (IT) network. Another controller within the lower security zone is used to imitate the operational technology (OT) process. Our approach is not limited to the above controller and can be applied to any type of PLC. The only requirement is that the communication protocol on the backplane bus is known and can be modified for this purpose.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
