Article Preview
TopIntroduction
Traditional embedded systems consist of a microcontroller, sensors, and actuators. These are tightly coupled in a chip and the communication between those modules is usually done using a field bus. Cyber-Physical Systems (CPS) is an extension of embedded systems, wherein these components are connected together in an environment and automatically exchange the information through high speed networks to achieve a task in an application (Ahmed, Kim, & Kim, 2013). The authors considered Smart Industries i.e. Industrial Control Systems (ICS) is an application of CPS in the context of discussing the network layer aspects for CPS application security throughout this paper. Industry 4.0 defines the growing trend towards automation and data exchange in technology and processes within the manufacturing industry, including Internet of Things (IoT), CPS, smart manufacture, cloud computing, and artificial intelligence (Lee, Bagheri, & Kao, 2015). The future smart industries handle maintenance, production itself and predict the benefit/loss, and optimize resource, energy etc. To meet the requirements of Industry 4.0, a fast, reliable, and secured network is also mandatory for achieving the automation and data exchange.
Software Defined Networking (SDN) came into limelight first for managing the data centers with centralized view of the network infrastructure (Molina & Jacob, 2018). Owing to the advantages that SDN offers such as security, programmability, the researchers also explored the usage of SDN in other technical areas like Internet of Things(IoT), CPS, and Enterprise network management in cloud (Grigoryan, Liu, Njilla, Kamhoua, & Kwiat, 2018) (SD-WAN - Software-Defined WAN - Cisco, 2021.) in recent years. In particular, the network security solutions can be implemented to handle the Denial of Service (DoS), route hijacking, topology poisoning attacks using SDN (Zhu, Tang, Shen, Du, & Guizani, 2018) (Hong, Xu, Wang, & Gu, 2015) (Dhawan, Poddar, Mahajan, & Mann, 2015). However, an adversary can also leverage the centralized nature of the architecture to saturate the controller and dataplane communication channel or OpenFlow switch flow table flooding or controller resource consumption and perform successful DoS attacks. Some of the solutions proposed to detect and mitigate the denial of service attempts in SDN (Boppana, Chaganti, & Vedula, 2020)(Chaganti & Boppana, 2016). The network data plane in SDN uses OpenFlow switches for processing the network packets and forward it to the controller when needed. These OpenFlow switches do not have the capability of parsing and processing CPS applications network protocols like MQTT, CoAP, AMQP, 6LowPAN packets and security monitoring of these protocol network activity is a challenge. So, the authors motivated to explore the programmable data planes for addressing the security issues in Cyber physical systems, wherein complex network environment (Gao et al., 2014) with multi-network protocol traffic is quite common. To the best of our knowledge, There is no prior art work describe or considered the usage of programmable data planes for security monitoring and attack detection in cyber physical systems. Hence, we propose a Programmable data plane-based network layer in cyber physical system and performed Hello Flooding attack detection and mitigation leveraging P4 programming. By doing so, we envision the research community considering this paper as a starting point to utilize programmable data planes for emerging threats mitigation in Cyber physical systems. The main contributions of this paper is as follows:
- •
Present an Intelligent network layer architecture using programmable data planes to configure, manage and improve the overall Cyber Physical Systems security posture by considering ICS application.
- •
Discuss Hello flooding network attacks detection workflow using P4 programming language as a case study with minimal effort in network layer.
- •
Highlight the importance of advancements in network layer and potential to adopt the programmable data planes for Cyber Physical System applications in future.