{"title":"工业网络环境中以生命周期为导向的证书管理调查","authors":"Julian Göppert, Andreas Walz, Axel Sikora","doi":"10.3390/jsan13020026","DOIUrl":null,"url":null,"abstract":"Driven by the Industry 4.0 paradigm and the resulting demand for connectivity in industrial networking, there is a convergence of formerly isolated operational technology and information technology networks. This convergence leads to attack surfaces on industrial networks. Therefore, a holistic approach of countermeasures is needed to protect against cyber attacks. One element of these countermeasures is the use of certificate-based authentication for industrial components communicating on the field level. This in turn requires the management of certificates, private keys, and trust anchors in the communication endpoints. The work at hand surveys the topic of certificate management in industrial networking environments throughout their life cycle, from manufacturing until their disposal. To the best of the authors’ knowledge, there is no work yet that surveys the topic of certificate management in industrial networking environments. The work at hand considers contributions from research papers, industrial communication standards, and contributions that originate from the IT domain. In total, 2042 results from IEEE Xplore, Science Direct, Scopus, and Springer Link were taken into account. After applying inclusion and exclusion criteria and title, abstract, and full-text analysis, 20 contributions from research papers were selected. In addition to the presentation of their key contributions, the work at hand provides a synopsis that compares the overarching aspects. This comprises different proposed entity architectures, certificate management functions, involvement of different stakeholders, and consideration of life cycle stages. Finally, research gaps that are to be filled by further work are identified. While the topic of certificate management has already been addressed by the IT domain, its incorporation into industrial communication standards began significantly later and is still the subject of research work.","PeriodicalId":37584,"journal":{"name":"Journal of Sensor and Actuator Networks","volume":null,"pages":null},"PeriodicalIF":3.3000,"publicationDate":"2024-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments\",\"authors\":\"Julian Göppert, Andreas Walz, Axel Sikora\",\"doi\":\"10.3390/jsan13020026\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Driven by the Industry 4.0 paradigm and the resulting demand for connectivity in industrial networking, there is a convergence of formerly isolated operational technology and information technology networks. This convergence leads to attack surfaces on industrial networks. Therefore, a holistic approach of countermeasures is needed to protect against cyber attacks. One element of these countermeasures is the use of certificate-based authentication for industrial components communicating on the field level. This in turn requires the management of certificates, private keys, and trust anchors in the communication endpoints. The work at hand surveys the topic of certificate management in industrial networking environments throughout their life cycle, from manufacturing until their disposal. To the best of the authors’ knowledge, there is no work yet that surveys the topic of certificate management in industrial networking environments. The work at hand considers contributions from research papers, industrial communication standards, and contributions that originate from the IT domain. In total, 2042 results from IEEE Xplore, Science Direct, Scopus, and Springer Link were taken into account. After applying inclusion and exclusion criteria and title, abstract, and full-text analysis, 20 contributions from research papers were selected. In addition to the presentation of their key contributions, the work at hand provides a synopsis that compares the overarching aspects. This comprises different proposed entity architectures, certificate management functions, involvement of different stakeholders, and consideration of life cycle stages. Finally, research gaps that are to be filled by further work are identified. While the topic of certificate management has already been addressed by the IT domain, its incorporation into industrial communication standards began significantly later and is still the subject of research work.\",\"PeriodicalId\":37584,\"journal\":{\"name\":\"Journal of Sensor and Actuator Networks\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":3.3000,\"publicationDate\":\"2024-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Sensor and Actuator Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3390/jsan13020026\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Sensor and Actuator Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3390/jsan13020026","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
在工业 4.0 范式和由此产生的工业网络连接需求的推动下,以前孤立的操作技术和信息技术网络出现了融合。这种融合导致工业网络出现攻击面。因此,需要采取全面的应对措施来防范网络攻击。这些应对措施的一个要素是对现场通信的工业组件使用基于证书的身份验证。这反过来又需要管理通信端点中的证书、私钥和信任锚。当前的工作调查了工业网络环境中从制造到报废的整个生命周期中的证书管理问题。据作者所知,目前还没有任何作品对工业网络环境中的证书管理进行过研究。目前的工作考虑了来自研究论文、工业通信标准和 IT 领域的贡献。总共考虑了来自 IEEE Xplore、Science Direct、Scopus 和 Springer Link 的 2042 项成果。在应用了纳入和排除标准以及标题、摘要和全文分析后,选出了 20 篇研究论文。除了介绍这些论文的主要贡献外,手头的工作还提供了一份概要,对主要方面进行了比较。这包括不同的拟议实体架构、证书管理功能、不同利益相关者的参与以及对生命周期阶段的考虑。最后,确定了有待进一步工作填补的研究空白。虽然信息技术领域已经涉及证书管理问题,但将其纳入工业通信标准的工作开始得要晚得多,目前仍是研究工作的主题。
A Survey on Life-Cycle-Oriented Certificate Management in Industrial Networking Environments
Driven by the Industry 4.0 paradigm and the resulting demand for connectivity in industrial networking, there is a convergence of formerly isolated operational technology and information technology networks. This convergence leads to attack surfaces on industrial networks. Therefore, a holistic approach of countermeasures is needed to protect against cyber attacks. One element of these countermeasures is the use of certificate-based authentication for industrial components communicating on the field level. This in turn requires the management of certificates, private keys, and trust anchors in the communication endpoints. The work at hand surveys the topic of certificate management in industrial networking environments throughout their life cycle, from manufacturing until their disposal. To the best of the authors’ knowledge, there is no work yet that surveys the topic of certificate management in industrial networking environments. The work at hand considers contributions from research papers, industrial communication standards, and contributions that originate from the IT domain. In total, 2042 results from IEEE Xplore, Science Direct, Scopus, and Springer Link were taken into account. After applying inclusion and exclusion criteria and title, abstract, and full-text analysis, 20 contributions from research papers were selected. In addition to the presentation of their key contributions, the work at hand provides a synopsis that compares the overarching aspects. This comprises different proposed entity architectures, certificate management functions, involvement of different stakeholders, and consideration of life cycle stages. Finally, research gaps that are to be filled by further work are identified. While the topic of certificate management has already been addressed by the IT domain, its incorporation into industrial communication standards began significantly later and is still the subject of research work.
期刊介绍:
Journal of Sensor and Actuator Networks (ISSN 2224-2708) is an international open access journal on the science and technology of sensor and actuator networks. It publishes regular research papers, reviews (including comprehensive reviews on complete sensor and actuator networks), and short communications. Our aim is to encourage scientists to publish their experimental and theoretical results in as much detail as possible. There is no restriction on the length of the papers. The full experimental details must be provided so that the results can be reproduced.