fastvpn - Secure and Flexible Networking for Industry 4.0
Real-time is an enabler for many advanced and novel applications. The goal of fastvpn is the enhancement of existing industrial IT infrastructures with respect to IT security aspects addressing industrial SMEs, and taking into account the minimisation of the additional delay due to the IT security measures used. The project fastvpn addresses the core problems of Industry 4.0 systems: the reliable fulfilment of real-time requirements while at the same time considering increased security requirements and high data rates with optimal use of already existing infrastructure.
We are looking for a solution that provides a comprehensive security concept for the entire heterogeneous network infrastructure of industrial plants. Our concept is intended to enable fine-grained access control with respect to individual devices and functions. Therefore, we cryptographically secure all data streams independently of the application layer protocols providing confidentiality and integrity. Our approach can be applied to local area networks (LANs) as well as more widely distributed networks (WANs).
The described usage of cryptography allows a logical separation of different traffic flows, even if a shared physical medium is used. As legacy machines will not support this, we introduce so-called fastvpn-nodes, which are controlled by a so-called fastvpn-gateway (see Figure 1 and Figure 2). A fastvpn-node is responsible for applying the necessary cryptographic operations.
An important point here is that this security concept is based on a system that itself adds only a minimal additional potential attack surface. To ensure this, we implement an architecture that combines state-of-the-art cryptography with separation based on virtualisation and microkernels.
The described security functions typically increase the latency and decrease the goodput of the overall system. It is the core goal of fastvpn to optimise latency and goodput through appropriate architectural decisions by selecting existing algorithms and hardware as well as proprietary developments so that the real-time requirements are met despite the strong security guarantees.
Finally we assume, that providing a solution solely dedicated to network security might not be sufficient from a business / market point of view. Therefore, the software stack running on our fastvpn-nodes should allow the execution of third party applications. This applications run close to the machine and have access to the interfaces (field busses etc.) offered by a given machine. They could therefore execute many useful data processing tasks, like pre-processing of collected sensor data etc.
more information: https://de.fast-zwanzig20.de/industrie/fast-vpn/
Contact: Tim Lackorzynski (Tim.Lackorzynski@tu-dresden.de)