Patent Application
20210136088
The present disclosure relates to the field of cyber-physical systems, and more particularly relates to managing IoT-based devices in an Internet-of-Things (IoT) environment.
An IoT environment such as an Industrial IoT environment comprises a plurality of devices such as industrial automation devices (e.g., controller, human-machine interface device, servers, Input/Output modules), sensors, actuators, and/or other assets (robots, CNC machines, motors, valves, boilers, furnaces, turbines and associated components, etc.) in a plant (e.g., manufacturing facility, power plant, and so on) communicatively connected to a IoT-cloud platform. The IoT-cloud platform may be implemented in a cloud computing environment (also known as distributed computing environment) for providing one or more services such as storing, analyzing and visualizing data received from the devices. An exemplary distributed computing environment can comprise a set of servers hosting the services. The IoT-cloud platform may be an infrastructure that allows shared computing resources in the distributed computing environment and one or more services hosted on the shared computing resources to be accessed and utilized by the IoT-based devices. Also, the IoT-cloud platform can be provided as a platform-as-a-service (PaaS), wherein the services can reside and execute on the IoT-cloud platform as a cloud-based service.
One or more devices may be directly connected to the IoT-cloud platform via a network (e.g., Internet). Alternatively, remaining devices may be connected to the IoT-cloud platform via IoT gateway. The devices or the IoT gateway are commonly referred herein as IoT-based devices. The IoT-based devices may be connected with each other in the IoT environment.
The IoT-cloud platform can be connected to the IoT-based devices located in different geographical locations. Also, each of the IoT-based devices may possess different security capabilities. It is possible that one or more IoT-based devices do not meet desired security standards in the IoT environment, which may possess cyber security risk to the remaining IoT-based devices connected to the vulnerable IoT-based devices or the IoT-cloud platform connected to the vulnerable IoT-based devices. For example, US 2017/346836 describes that in an IoT environment an IoT hub can monitor the amount of traffic received from IoT-based devices and ignores traffic from an IoT device if, based on flow control parameters and a flow control parameter class assigned to the IoT-based device, a higher amount of traffic than expected based on the set flow control class is received by the IoT hub.
In light of the above, there is a need for a method and system for further protecting IoT-based devices and IoT-cloud platform from vulnerable IoT-based device(s) in the IoT environment.
Therefore, it is the object of the present disclosure to provide a method, device, system and IT environment for managing IOT-based devices in an IoT environment such that vulnerability from the IoT-based device(s) is prevented and the IoT environment is safeguarded against security risk posed by the vulnerable IoT-based device. This object is solved by a method of claim 1, a device according to claim 10, a system according to claim 9 and an IT environment of claim 13. Further advantageous embodiments and improvements are listed in the dependent claims. Hereinafter, before coming to a detailed description of the disclosure with reference to the attached drawings, some aspects of the disclosure which contribute to the understanding of the entire disclosure are summarized.
An aspect of the present disclosure is achieved by a method of managing IoT-based devices in an IoT environment. The method comprises determining violation of at least one pre-defined security requirement by at least one IoT-based device. The method comprises terminating communication with the IoT-based device when violation of at least one pre-defined security requirement by the at least one IoT-based device is determined. Furthermore, the method comprises generating a unique signature of the IoT-based device based on information associated with the IoT-based device. For example, the unique signature of the IoT-based device is generated using at least one of security certificate and authentication token assigned to the IoT-based device. Alternatively, the unique signature of the IoT-based device is generated using a unique identifier associated with the IoT-based device such as Medium Access Control (MAC) address, and Internet Protocol address. The method may comprise sending a first notification indicating that the IoT-based device violates the at least one pre-defined security requirement to the IoT-based devices connected to the IoT-cloud platform. The first notification comprises the unique signature of the IoT-based device. Advantageously, the IoT-based devices can terminate ongoing communication with the vulnerable IoT-based device or reject a request from the vulnerable IoT-based device based on the first notification, thereby minimizing the security risk posed by the vulnerable IoT-based device. Advantageously, the IoT environment is safeguarded against security risk posed by the vulnerable IoT-based device.
The method may comprise storing the unique signature of the IoT-based device in a vulnerable-device repository. Advantageously, it can be determined whether vulnerable IoT device is trying to establish communication with the IoT-cloud platform based on the unique signature of the vulnerable IoT-based device stored in the vulnerable-device repository.
The method may comprise determining a corrective action for resolving violation of the at least one pre-defined security requirement by the IoT-based device. The method may comprise performing the corrective action on the IoT-based device so that the IoT-based device meets the at least one pre-defined security requirement. Advantageously, vulnerability associated with the IoT-based device is automatically fixed, thereby making the IoT-based device secure.
The method may comprise determining whether the IoT-based device complies with pre-defined security requirements. If the IoT-based device complies with the pre-defined security requirements, the method may comprise deleting the unique signature of the IoT-based device from the vulnerable-device database. The method may also comprise activating the suspended communication link between with the IoT-based device and the IoT-cloud platform. Advantageously, the IoT-based device can communicate with the IoT-cloud platform.
Moreover, the method may comprise sending a second notification indicating that the IoT-based device complies with the pre-defined security requirements to the IoT-based devices in the IoT environment. Advantageously, the IoT-based devices can establish communication with the IoT-based device based on the second communication.
The method may comprise determining whether the IoT-based device is a new device attempting to establish a communication link with the IoT-cloud platform. If the IoT-based device is the new device, the method may include blocking the IoT-based device from establishing the communication link with the IoT-cloud platform. If the IoT-based device is not the new device, the method may comprise temporarily suspending the communication link established between the IoT-based device and the IoT-cloud platform. The method may comprise storing the unique signature of the IoT-based device in a vulnerable-device database.
The object of the present disclosure is also achieved by a system comprising one or more processing units, and an accessible memory unit coupled to the one or more processing units. The memory unit comprises a security module stored in the form of machine-readable instructions, that when executed by the one or more processing units, cause the one or more processing units to perform method steps mentioned above.
The object of the present disclosure is also achieved by an IoT-based device comprising an IoT agent, and a communication module. The IoT agent is configured to detect likelihood of violation of at least one pre-defined security requirement. The communication module is configured to report the likelihood of violation of the at least one pre-defined security requirement to an IoT-cloud platform. Advantageously, vulnerabilities associated with the IoT-based device are automatically detected and reported to the IoT-cloud platform, thereby minimizing security risk posed by the vulnerable IoT-based device.
The communication module may be configured to receive a first notification indicating that an IoT-based device violates the at least one pre-defined security requirement. The first notification comprises a unique signature of the IoT-based device.
The IoT-based device may comprise a vulnerable-device database configured to store the unique signature of the IoT-based device which violates the at least one predefined security requirement.
The IoT agent may be configured to terminate active communication link with the IoT device or reject request to establish a communication link based on the unique signature of the IoT-based device.
The object of the present disclosure is also achieved by an IoT-cloud environment comprising an IoT-cloud platform configured to perform a method described above, and a plurality of IoT-based devices capable of connecting to the IoT-cloud platform and configured for performing steps described above.
The above-mentioned and other features of the present disclosure will now be addressed with reference to the accompanying drawings of the present disclosure. The illustrated embodiments are intended to illustrate, but not limit the invention.
The present disclosure is further described hereinafter with reference to illustrated embodiments shown in the accompanying drawings, in which:
Various embodiments are described with reference to the drawings, wherein like reference numerals are used to refer the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for the purpose of explanation, numerous specific details are set forth in order to provide thorough understanding of one or more embodiments. It may be evident that such embodiments may be practiced without these specific details.
Also, in the plant 107, the one or more IoT-based devices 104N may be connected to assets 106A-N in the plant 107 which cannot directly communicate with the IoT-cloud platform 102. As shown in
Each of the IoT-based devices 104A-N is configured for communicating with the IoT-cloud platform 102 via the communication interfaces 120A-N. The IoT-based devices 104A-N may have an operating system and at least one software program for performing desired operations in the plant 107. Also, the IoT-based devices 104A-N may run software applications for collecting, and pre-processing plant data (process data) and transmitting the pre-processed data to the IoT-cloud platform 102. The plant data is sensitive data and needs to be handled in a secured manner. For this, the IoT environment 100 needs to be secured and free from security attacks (such as hacker attacks, malware attacks, etc.). It is important that the IoT-based devices 104A-N comply with pre-defined security requirements (e.g., security policies, security rules, etc.) to keep the IoT environment 100 free from cyber attacks and other security risks. For example, the IoT-based devices 104A-N should have up-to-date security algorithms and certificates (e.g., anti-virus software, anti-malware software, security certificates, software patches, etc.).
The IoT-cloud platform 102 can be a cloud infrastructure capable of providing cloud-based services such data storage services, data analytics services, data visualization services, etc. based on the plant data. The IoT-cloud platform 102 can be part of public cloud or a private cloud. The IoT-cloud platform 102 may enable data scientists/software vendors to provide software applications/firmware as a service, thereby eliminating a need for software maintenance, upgrading, and backup by the users. The software application can be full application, or software patch. In some embodiments, the software application may be an analytical application for performing data analytics on the IoT-based devices 104A-N. For example, the software application may include an application for down-sampling of time series data, filtering time series data based on thresholds or moving averages, performing Fast-Fourier transform on vibration data and filtering frequencies which indicate anomaly, performing liner regression and trend prediction, local classification using support vector machine classifiers, neural network or deep learning classifiers, performing stream analytics, etc. For example, the firmware may include PLC firmware, HMI screens, firmware for motor drives, CNC machines, robots, etc.
The IoT-cloud platform 102 is further illustrated in greater detail in
The processor(s) 202 may be one or more processing units (e.g., servers) capable of processing requests from the IoT-based devices 104A-N and the user device 108. The processor(s) 202 is also capable of executing machine-readable instructions stored on a computer-readable storage medium such as the memory unit 204 for performing various functions such as processing plant data, analyzing plant data, providing visualization of the analyzed plant data, issuing control commands, managing the IoT-based devices 104A-N (authentication, communication, upgradation) and so on.
The storage unit 206 can be volatile or non-volatile storage. In the preferred embodiment, the storage unit 206 is configured to store a vulnerable-device database 112. The vulnerable-device database 110 may store a list of IoT-based devices which are vulnerable and can pose security risk to the IoT environment 100. The vulnerable-device database 110 may also store pre-defined security requirements to be fulfilled by the IoT-based devices 104A-N for establishing with communication with each other and the IoT-cloud platform 102. The storage unit 206 may also store an application repository for storing software and firmware, data store for storing asset models, and IoT data models, a visualization database for storing visualization templates and so on.
The communication module 114 is configured to establish and maintain communication links with the IoT devices 104A-N. Also, the communication module 114 is configured to maintain a communication channel between the IoT-cloud platform 102 and the user device 108. The interface 208 acts as interconnect means between different components of the IoT-cloud platform 102.
The IoT-cloud platform 102 is configured for managing IoT-based devices 104A-N. For example, IoT-cloud platform 102 may identify vulnerable IoT-based device(s) (e.g., the IoT-based device 104A) in the IoT-environment 100 and blacklist the IoT-based device(s) 104A. In an exemplary operation, the security module 110 is configured to determine whether any of the IoT-based devices 104A-N violates pre-defined security requirements needed to be satisfied for secured network communication in the IoT environment 100. For example, the security module 110 may comprise a network scanning module with network packet inspection and heuristic scanning algorithms to determine IoT-based devices 104A-N which may violate the pre-defined security requirements, i.e., which can pose security risks in the IoT environment 100. The IoT-based device which violates the pre-defined security requirements are also interchangeably referred to as ‘vulnerable IoT-based device’ throughout the description.
If one or more IoT-based devices 104A are found as violating the pre-defined security requirements, the security module 110 generates and stores unique signature of vulnerable IoT-based device 104A in the vulnerable-device database 112. In one embodiment, the unique signature may be generated using authentication token or security certificate assigned to the respective IoT-based device 104A. In another embodiment, the unique signature may be generated using Medium Access Control (MAC) address and/or Internet Protocol (IP) address of the respective IoT-based device 104A. The security module 110 blocks the vulnerable IoT-based device 104A from further communication with the IoT-cloud platform 102. That is, the vulnerable IoT-based devices are not allowed to exchange messages, data, requests, etc. with the IoT-cloud platform 102. Also, the existing network communication with the IoT-based device 104A is terminated and new requests from IoT-based device 104A for establishing communication link are rejected or temporarily suspended till a corrective action is taken to fix the violation.
The security module 110 determines one or more non-vulnerable IoT-based devices 104E-N which acts communication partners to the vulnerable IoT-based device 104A in the IoT environment 100. The non-vulnerable IoT-based devices acting as communication partner may be a part of same subnet or located within same plant 107 as the IoT-based device 104A. The communication module 114 sends a first notification informing about the vulnerable IoT-device 104A to the determined non-vulnerable IoT-based devices 104E-N. The non-vulnerable IoT-based devices 104E-N may store the unique signature of the vulnerable IoT-based device 104A in their respective vulnerable-device database 118. Additionally, the non-vulnerable IoT-based devices 104E-N blocks the vulnerable IoT-based device 104A from further inter-device communication. That is, the non-vulnerable IoT-based devices 104E-N terminates existing inter-device communication with the vulnerable IoT-based device 104A and rejects future communication requests from the IoT-based device 104A.
Additionally, the security module 110 determines a corrective action for resolving violation of the pre-defined security requirements by the vulnerable IoT-based device 104A. In one embodiment, the security module 110 performs the corrective action on the vulnerable IoT-based device 104A over a secure connection. The secure connection is a temporary secure connection established with the IoT-based device 104A by the IoT-cloud platform 102 for performing the corrective action. Upon performing the corrective action, it is possible that the vulnerable IoT-based device 104A may comply with the pre-defined security requirements. In another embodiment, the security module 110 may display the pre-defined security requirement violated by the vulnerable IoT-based device 104A and the corrective action proposed by the IoT-cloud platform 102 on the user device 108 of a field engineer. Also, the security module 110 may display augmented-reality view of performing the corrective action at the vulnerable IoT-based device 104A. Accordingly, the field engineer may perform the corrective action proposed by the IoT-cloud platform 102 and/or other actions to make the vulnerable IoT-based device 104A comply with the pre-defined security requirements. The field engineer may perform the actions by visiting the location of the vulnerable IoT-based device 104A or from a remote location over a secure connection between the user device 108 and the vulnerable IoT-based device 104A.
The security module 110 automatically removes the unique signature of the vulnerable IoT-based device 104A from the vulnerable-device database 112. Alternatively, a system administrator of the IoT-cloud platform 102 deletes the unique signature of the vulnerable IoT-based device 104A from the vulnerable-device database 112. Then, the communication module 114 activates the communication link with the IoT-based device 104A or establishes a new communication link with the IoT-based device 104A. Also, the security module 110 sends a second notification with the unique signature of the vulnerable IoT-based device 104A to the non-vulnerable IoT-based devices 104B-N. The second notification indicates that the IoT-based device 104A has become non-vulnerable as it complies with the pre-defined security requirements. Accordingly, the non-vulnerable IoT-based devices 104A-N delete the unique signature from the respective vulnerable-device database 118 and establishes communication link with the IoT-based device 104A.
At step 306, communication between the IoT-based device 104A and the IoT-cloud platform 102 is terminated. At step 308, a first notification indicating that the IoT-based device 104A violates the pre-defined security requirement is sent to the IoT devices 104E-N. In some embodiments, one or more IoT-based devices 104B-N which are possible communication partners with the IoT-based device 104A are determined. For example, the IoT-based devices which are in same subnet or located in same plant 107 are determined as possible communication partners to the IoT-based device 104A. In these embodiments, the first notification is sent to the determined IoT-based devices 104E-N. Accordingly, the IoT-based devices 104E-N terminates ongoing communication with the IoT-based device 104A or blocks any new request for establishing communication from the IoT-based device 104A based on the first notification. Advantageously, risk of security attack on the IoT-based devices 104E-N from the IoT-based device 104A is prevented or minimized.
At step 310, a corrective action for resolving violation of the at least one pre-defined security requirement by the IoT-based device 104A is determined. At step 312, the corrective action on the IoT-based device 104A is performed. The corrective action ensures that the IoT-based device 104A meets the pre-defined security requirements.
At step 314, the suspended communication link is activated or a new communication link is established with the IoT device 104A. At step 316, a second notification indicating that the IoT-based device 104A complies with pre-defined security requirements is sent to the IoT-based devices 104E-N in the IoT environment 100. Accordingly, the IoT devices 104E-N can continue to communicate with the IoT device 104A as the IoT-based device 104A is determined as not vulnerable.
If the IoT-based device 104A still does not comply with the pre-defined security requirements, then at step 506, the process 500 is terminated. Additionally, a notification is sent to a system administrator to address security breach by the IoT-based device 104A. If the IoT-based device 104A complies with the pre-defined security requirements, then at step 508, the unique signature of the IoT-based device 104A is deleted from the vulnerable-device database 112. At step 510, the suspended communication link between the IoT-based device 104A and the IoT-cloud platform 102 is activated. Similarly, if the IoT-based device 104A is a new device, then the IoT-cloud platform 102 establishes a communication link with the IoT-based device 104A. At step 512, a second notification indicating that the IoT-based device 104A complies with the pre-defined security requirements is sent to the associated IoT-based devices 104E-N in the IoT environment 100. The IoT-based devices 104E-N may then resume the communication with the IoT-based device 104A as it is no longer vulnerable. Accordingly, the IoT-based devices 104E-N removes the unique signature of the IoT-based device 104A from the respective vulnerable-device database 118.
Consider that, at step 602, the IoT-cloud platform 102 determines that the IoT-based device 104A violates one or more pre-defined security requirements. At step 604, the IoT-based device 104A terminates a communication link with the IoT-based device 104A. At step 606, the IoT-cloud platform 102 generates and store unique signature of the IoT-based device 104A in the vulnerable-device database 112. For example, the unique signature may be generated based on MAC address and/or an IP address of the IoT-based device 104A. At step 608, the IoT-cloud platform 102 sends a first notification with the unique signature to the IoT-based devices 104E-N. The first notification indicates that the IoT-based device 104A violates the pre-defined security requirements, thus is vulnerable.
At step 610, the IoT-based devices 104E-N stores the unique signature of the IoT-based device 104A in respective vulnerable-device database 118. In an exemplary implementation, the unique signature is added to a list of IoT-based devices which are considered as vulnerable. At step 612, the IoT-based devices 104E-N terminates existing communication link with the IoT-based device 104A based on the first notification.
Consider that the IoT-cloud platform 102 analyses reasons responsible for violation of the pre-defined security requirements and computes one or more corrective actions that needs to be performed. In some instances, at step 614, the IoT-cloud platform 102 automatically performs the one or more corrective actions (e.g., firmware upgrade, bug fixes, etc.) on the IoT-based device 104A to address the vulnerability issue. In other instances, the IoT-cloud platform 102 enables a field engineer to perform the corrective actions on the IoT-based device 104A such that the IoT-based device 104A complies with the pre-defined security requirements. This can be achieved through the user device 108 which may be augmented reality device, virtual reality device, tablet computer, and so on.
Once the above step is successful, at step 616, the IoT-cloud platform 102 removes the unique signature of the IoT-based device 104A from the vulnerable-device database 112. At step 618, the IoT-cloud platform 102 activates the communication link with the IoT-based device 104A. At step 620, the IoT-cloud platform 102 sends a second notification with the unique signature of the IoT-based device 104A to the IoT-based devices 104E-N. The second notification indicates that the IoT-based device 104A complies with the pre-defined security requirements. Accordingly, at step 622, the IoT-based devices 104E-N removes the unique signature of the IoT-based device 104A from the respective vulnerable-device database 118. At step 624, the IoT-based devices 104E-N may re-establish a communication link with the IoT-based device 104A as the IoT-based device 104A is no more vulnerable to the IoT environment 100.
In another embodiment, the IoT agents 702A-N determines whether connected IoT-based devices 104A-N violate at least one of pre-defined security requirement and reports such violation to the IoT-cloud platform 102. The method of managing security aspects in the IoT environment 700 using the IoT agents 702A-N is described in greater detail in
At step 810, the IoT-cloud platform 102 generates and store unique signature of the IoT-based device 104A in the vulnerable-device database 112. At step 812, the IoT-cloud platform 102 sends a first notification with the unique signature to the IoT-based devices 104E-N. The first notification indicates that the IoT-based device 104A violates the pre-defined security requirements, thus is vulnerable.
At step 814, the IoT-based devices 104E-N stores the unique signature of the IoT-based device 104A in respective vulnerable-device database 118. In an exemplary implementation, the unique signature is added to a list of IoT-based devices which are considered as vulnerable. At step 816, the IoT-based devices 104E-N terminates existing communication links with the IoT-based device 104A based on the first notification.
Consider that the IoT-cloud platform 102 analyses reasons responsible for violation of the pre-defined security requirements and computes one or more corrective actions that needs to be performed. In some instances, at step 818, the IoT-cloud platform 102 performs the corrective action on the IoT-based device 104A to fix the security breach. In other instances, the IoT-cloud platform 102 enables a field engineer to perform the corrective action on the IoT-based device 104A such that the IoT-based device 104A complies with the pre-defined security requirements. This can be achieved through the user device 108 which may be augmented reality device, virtual reality device, tablet computer, and so on.
Once the above step is successful, at step 820, the IoT-cloud platform 102 removes the unique signature of the IoT-based device 104A from the vulnerable-device database 112. At step 822, the IoT-cloud platform 102 activates the communication link with the IoT-based device 104A. At step 824, the IoT-cloud platform 102 sends a second notification with the unique signature of the IoT-based device 104A to the IoT-based devices 104E-N. The second notification indicates that the IoT-based device 104A complies with the pre-defined security requirements. Accordingly, at step 826, the IoT-based devices 104E-N removes the unique signature of the IoT-based device 104A from the respective vulnerable-device database 118. At step 828, the IoT-based devices 104E-N may re-establish a communication link with the IoT-based device 104A as the IoT-based device 104A is not vulnerable.
The present disclosure can take a form of a computer program product comprising program modules accessible from computer-usable or computer-readable medium storing program code for use by or in connection with one or more computers, processors, or instruction execution system. For the purpose of this description, a computer-usable or computer-readable medium can be any apparatus that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The medium can be electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system (or apparatus or device) or a propagation mediums in and of themselves as signal carriers are not included in the definition of physical computer-readable medium include a semiconductor or solid state memory, magnetic tape, a removable computer diskette, random access memory (RAM), a read only memory (ROM), a rigid magnetic disk and optical disk such as compact disk read-only memory (CD-ROM), compact disk read/write, and DVD. Both processors and program code for implementing each aspect of the technology can be centralized or distributed (or a combination thereof) as known to those skilled in the art.
While the present disclosure has been described in detail with reference to certain embodiments, it should be appreciated that the present disclosure is not limited to those embodiments. In view of the present disclosure, many modifications and variations would be present themselves, to those skilled in the art without departing from the scope of the various embodiments of the present disclosure, as described herein. The scope of the present disclosure is, therefore, indicated by the following claims rather than by the foregoing description. All changes, modifications, and variations coming within the meaning and range of equivalency of the claims are to be considered within their scope. All advantageous embodiments claimed in method claims may also be apply to system/apparatus claims.
| Number | Date | Country | Kind |
|---|---|---|---|
| 18153611.1 | Jan 2018 | EP | regional |
| Filing Document | Filing Date | Country | Kind |
|---|---|---|---|
| PCT/EP2019/051847 | 1/25/2019 | WO | 00 |
