The emerging technology and innovations bring new opportunities as well as challenges. Distributed solution architectures for safety-critical cyber-physical systems (CPS) pose new challenges and open doors for significant threats to security and privacy. Consequently, CPS security has attracted the attention of both researchers and industries. Deploying distributed applications for safety-critical CPS is challenging due to their heterogeneous nature, reliance on private and sensitive data, and large-scale deployment. As such, intentional or accidental exposures to these systems can result in catastrophic effects, making it crucial to implement robust security measures. However, this could lead to unacceptable network overhead, especially in terms of latency. Also, zero-day vulnerabilities should be minimized with constant software, applications and operating system updates.
Challenges and threats to security and privacy in the TRANSACT use cases
Considering such critical infrastructure demands security and privacy concepts and solutions for secure communication and operations.
Fleets of remote-controlled (semi-)autonomous vehicles in urban areas (UC1) could help drastically reduce road fatalities and road accidents and contribute to more efficient urban mobility with less congestion. Therefore, the architecture should be able to automatically negotiate the confidence levels with the vehicles. The communication channel between the data exchange hub and end-user must be secure and safe and end-to-end protected.
The European car park (UC3) would be essential in the fight against air pollution but at the same time opens the door for security requirements such as data security and software updates over the air.
In the shipping industry, cloud-enabled shore-based bridges (UC2) will mean a breakthrough in reducing groundings and other incidents, as well as in increasing performance and reducing fuel costs and GHS emissions. The security requirements include encryption mechanisms on all messages, detection of a faulty sensor or data injection, and detection of spamming/jamming of signals.
In the healthcare sector, it will lead to better clinical outcomes at lower cost, increased medical staff experience and new business models based on 3rd party tool integration (UC4). The cloud-based architecture significantly increases the attack surface of the new solution by making it more vulnerable to security threats. Also, the data privacy concerns are growing significantly in such architecture as the healthcare data is highly sensitive and requires special care to not be exposed due to being transferred over a public network or due to security attacks and software vulnerabilities.
Ultimately, connected wastewater treatment plants (UC5) will be key to mitigating climate change-induced water scarcity while preventing ecological disasters due to potential wastewater spills. In contrast, authentication and authorization attacks are considerable security concerns.
Concepts to ensure security and privacy
So, which concepts are needed to ensure security and privacy for such use cases? The TRANSACT project has investigated necessary concepts in such distributed solutions to ensure security and privacy from an end-user perspective.
In the first year of the TRANSACT project, task T3.2 has performed a thorough selection and evaluation of end-to-end security and privacy concepts for distributed safety-critical CPS solutions. The selection of concepts has been made based on the TRANSACT use cases, their needs, and derived technical requirements. The relevant regulations and standards are discussed as an individual concept and remaining 15 selected concepts’ applicability as per device, edge, and cloud continuum are mapped into four main categories (as shown in below Figure 1 and Figure 2):
- Security & Privacy Concepts for Core Services & Functions
- Security & Privacy Concepts for Value-added Services & Functions
- Security & Privacy Concepts for Domain-Specific Functions
- Application-Specific Security and Privacy Concepts
Several concept classes have been identified for each of these categories. Within each concept class, the selected concepts and methods are described. The specific concepts in such a class can describe a further sub-division of the overall concept. Each concept is described using a homogenous structure. First, the concept overview is presented, followed by how the particular concepts fit in the TRANSACT reference architecture. The security risks and threats are discussed, focusing on generic security requirements with specific concepts. Then an example of application of the concept is given (in the context of a particular use case), and lastly, the challenges for the application of the concept in the TRANSACT device-edge-cloud continuum type of systems are listed. The phase considerations like design, development deployment, operation, and maintenance are also considered for each concept while focusing on participant components such as CPS and devices, edge servers, cloud facilities, services and solution providers. These form the basis of further investigation in the scope of the TRANSACT project. Concept classifications as per the classes are shown in Figure 2.
These identified security and privacy concepts now form the basis for further work in year 2 and 3 of the TRANSACT project: both to extend these concepts where necessary and turn them into (potentially domain-specific) solutions to be incorporated in selected TRANSACT use case demonstrators. These demonstrators will validate the selected concepts and solutions.
For more information
The result of this investigation is available in the public TRANSACT D3.2 deliverable: “D9 (D3.2) Selection of concepts for end-to-end security and privacy for distributed CPS solutions”. A companion deliverable D3.1, highlighting complementary safety and performance concepts, and further public deliverables are available on the TRANSACT project resources page.