| Summary: | The Industrial Internet of Things (IIoT) architecture is complex due to, among other things, the convergence of protocols, standards, and buses from such heterogeneous environments as Information Technology (IT) and Operational Technology (OT). IT – OT convergence not only makes interoperability difficult but also makes security one of the main challenges for IIoT environments. In this context, this thesis starts with a comprehensive survey of the protocols, standards, and buses commonly used in IIoT environments, analyzing the vulnerabilities in assets implementing them, as well as the impact and severity of exploiting such vulnerabilities in IT and OT environments. The Vulnerability Analysis Framework (VAF) methodology used for risk assessment in IIoT environments has been applied to 1,363 vulnerabilities collected from assets implementing the 33 protocols, standards and buses studied.
On the other hand, Access Control Systems emerges as an efficient solution to mitigate some of the vulnerabilities and threats in the context of IIoT scenarios. Motivated by the variety and heterogeneity of IIoT environments, the thesis explores different alternatives of Access Control Systems covering different architectures. These architectures include Access Control Systems based on traditional Authorization policies such as Role-based Access Control or Attribute-based Access Control, as well as Access Control Systems that integrate other capabilities besides Authorization such as Identification, Authentication, Auditing and Accountability. Blockchain technologies are incorporated into some of the proposals as they enable properties not achievable in centralized architectures, at different levels of complexity: they can be used just as a verifiable data registry, executing simple off-chain authorization policies, up to scenarios where the blockchain enables on-chain an Identity and Access Management System, based on Self-Sovereign Identity.
|
|---|