Abstract
Securing company networks has become a critical aspect of modern industrial environments. With the recent rise of Industry 4.0 concepts, it became essential to extend IT security across increasingly connected factories. However, in the highly specialised field of operations technology and embedded systems, not every device can run additional security measures, as they are old or designed with sparse resources. We introduce here the concept of a “universal” encryption device that enables the securing of communication links in a direct peer-to-peer industrial setting by using the AES-128 encryption standard. We propose a design of such an encryption device by developing a modular system architecture with decoupled communication and cryptography. The resulting architecture is implemented as a proof of concept for Ethernet communication and tested through simulation as well as on an FPGA device. The impact of the encryption device is briefly investigated in a lab setup, followed by conclusions on system stability and performance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Supervisory Control And Data Acquisition.
- 2.
References
IEEE Standard for Ethernet. Technical report. IEEE. https://doi.org/10.1109/IEEESTD.2022.9844436, iSBN 9781504487252
OSI model, January 2023. https://en.wikipedia.org/w/index.php?title=OSI_model& oldid=1134681638, page Version ID: 1134681638
Anusha Naidu, A.P., Joshi, P.K.: FPGA implementation of fully pipelined advanced encryption standard. In: 2015 international Conference on Communications and Signal Processing (ICCSP), pp. 0649–0653 (2015). https://doi.org/10.1109/ICCSP.2015.7322568
Caldas-Calle, L., Jara, J., Huerta, M., Gallegos, P.: QoS evaluation of VPN in a Raspberry Pi devices over wireless network. In: 2017 International Caribbean Conference on Devices, Circuits and Systems (ICCDCS), pp. 125–128, June 2017. https://doi.org/10.1109/ICCDCS.2017.7959718, iSSN 2165-3550
Choudhary, A., Porwal, D., Parmar, A.: FPGA based solution for ethernet controller as alternative for TCP/UDP software stack. In: 2018 6th Edition of International Conference on Wireless Networks and Embedded Systems (WECON), pp. 63–66, November 2018. https://doi.org/10.1109/WECON.2018.8782050
Fattahi, A.: IoT Product Design and Development: Best Practices for Industrial, Consumer, and Business Applications. Wiley, Hoboken (2022)
Harb, S., Ahmad, M.O., Swamy, M.N.S.: A high-speed FPGA implementation of AES for large scale embedded systems and its applications. In: 2022 13th International Conference on Information and Communication Systems (ICICS), pp. 59–64, June 2022. https://doi.org/10.1109/ICICS55353.2022.9811140, iSSN 2573-3346
Herrmann, F.L., Perin, G., de Freitas, J.P.J., Bertagnolli, R., dos Santos Martins, J.B.: A gigabit UDP/IP network stack in FPGA. In: 2009 16th IEEE International Conference on Electronics, Circuits and Systems - (ICECS 2009), pp. 836–839, December 2009. https://doi.org/10.1109/ICECS.2009.5410757
Hoang, T., Nguyen, V.L.: An efficient FPGA implementation of the advanced encryption standard algorithm. In: 2012 IEEE RIVF International Conference on Computing and Communication Technologies, Research, Innovation, and Vision for the Future, pp. 1–4 (2012). https://doi.org/10.1109/rivf.2012.6169845
IEEE: IEEE 802.3 ETHERNET. https://www.ieee802.org/3/
Luber, S.: Was IST MACsec?, June 2022. https://www.security-insider.de/was-ist-macsec-a-e945e21bc26faeed7999ee600aa61d78/
National Cyber Security Centre: Obsolete products. https://www.ncsc.gov.uk/collection/device-security-guidance/managing-deployed-devices/obsolete-products
National Technical Information Service (NTIS): FIPS 197, Advanced Encryption Standard (AES). FIPS 197, November 2001
Park, S., Matthews, B., D’Amours, D., McIver Jr., W.J.: Characterizing the impacts of VPN security models on streaming video. In: 2010 8th Annual Communication Networks and Services Research Conference, pp. 152–159, May 2010. https://doi.org/10.1109/CNSR.2010.60
Lefmann, H.: AES - Advanced Encryption Standard (Rijndael) (2005). https://www.tu-chemnitz.de/informatik/ThIS/vlzits/aes.html
Shi, Y., Jin, C., Gao, F.: The solution of ethernet based on hardware protocol stack W5300 and FPGA. In: Proceedings of 2011 International Conference on Electronic and Mechanical Engineering and Information Technology, vol. 3, pp. 1328–1331, August 2011). https://doi.org/10.1109/EMEIT.2011.6023339
Stouffer, K., Pease, M., Tang, C., Zimmerman, T., Pillitteri, V., Lightman, S.: Guide to operational technology (OT) security: initial public draft. preprint, April 2022. https://doi.org/10.6028/NIST.SP.800-82r3.ipd, https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r3.ipd.pdf
Xue, T., Pan, W., Gong, G., Zeng, M., Gong, H., Li, J.: Design of giga bit ethernet readout module based on ZYNQ for HPGe. In: 2014 19th IEEE-NPSS Real Time Conference, pp. 1–4, May 2014. https://doi.org/10.1109/RTC.2014.7097556
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sprang, F., Seceleanu, T. (2024). FPGA-Based Encryption for Peer-to-Peer Industrial Network Links. In: Kofroň, J., Margaria, T., Seceleanu, C. (eds) Engineering of Computer-Based Systems. ECBS 2023. Lecture Notes in Computer Science, vol 14390. Springer, Cham. https://doi.org/10.1007/978-3-031-49252-5_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-49252-5_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-49251-8
Online ISBN: 978-3-031-49252-5
eBook Packages: Computer ScienceComputer Science (R0)