Security of Wireless IoT in Smart Manufacturing: Vulnerabilities and Countermeasures

Zahra, Fatima Tu; Bostanci, Yavuz Selim; Soyturk, Mujdat

doi:10.1007/978-3-031-54049-3_21

Fatima Tu Zahra⁷,
Yavuz Selim Bostanci⁷ &
Mujdat Soyturk^7,8

Part of the book series: Studies in Computational Intelligence ((SCI,volume 1147))

266 Accesses

Abstract

This chapter discusses modern smart manufacturing systems, the challenges in building such systems, and their vulnerabilities due to the lack of security features. The manufacturing industry has been revolutionized by the rapid growth of Wireless Sensor Networks (WSN) and the Internet of Things (IoT). Today, smart manufacturing systems are essential for the progress of Industry 4.0. The emerging smart Industry 4.0 benefits from the software and hardware components of the IoT ecosystem and creates a bridge between digital and physical environments which increases productivity, reduces costs, and provides better customer experience and satisfaction. IoT systems facilitate edge-computing, fog, and cloud systems and enable data-driven decisions with data analytics and artificial intelligence. However, integrating these promising technologies into the industry has led to new challenges by increasing the opportunities for adversaries to attack and sabotage industrial systems. Possible outcomes of such attacks can be extended from economic damage, loss of critical information, loss of production, serious injuries, and even loss of life. In this chapter, the security of manufacturing systems, their vulnerabilities, and potential types of cyber-attacks are elaborated on to provide insights into the liability of the existing approaches. Additionally, countermeasures to attacks and their limitations regarding existing and future security challenges are detailed to raise awareness regarding available technologies.

You have full access to this open access chapter, Download chapter PDF

1 Smart Manufacturing Systems

Smart manufacturing (SM) is an information and technology-driven approach that employs efficient internet-connected machinery with integrated digital and physical processes in industries to continuously monitor, evaluate and assist the production process in real-time. It is an advanced application of the Industrial Internet of Things (IIoT) [1]. Specifically, it involves deploying interconnected sensors, machinery, and other instruments, which develop industrial applications to build a services network regarding energy management and production capacity in the manufacturing plant. The goal of SM is to find opportunities to automate manufacturing operations and analyze data to make data-driven decisions to improve overall manufacturing performance [2].

Smart manufacturing eases monitoring the performance at each step in the production chain. The data collected from the devices can be stored locally or managed in the cloud through APIs and services. The real-time and historical data from the machines and sensors can be streamed with the application of IIoT. Data analysts work on the data obtained from the environment to expose hidden features that can help identify potential improvements in different stages of the manufacturing process or apply predictive maintenance to prevent loss of profit [3]. Furthermore, the digital twins of industrial processes are used to identify problems and demonstrate the consequences of different scenarios and efficiently start/configure the processes in a safely manner. A simplified diagram of the building blocks of IoT-enabled SM [4] is shown in Fig. 1.

A two-way communication flow chart of the I o T manufacturing system. It consists of sensing devices, processing devices, applications or actions, and insights or big data. — **Fig. 1**

IoT systems are enabling manufacturing systems to innovate and automate their production and development process using programmable logic controllers (PLCs) and automatons that communicate with each other in real-time and enable data-driven decisions. For example, a smart factory can order new supplies of raw material automatically when the material is running out, find out failing equipment before an incident occurs with predictive maintenance, or shutdown/reboot a process/robot itself if there is a fault in the system. The main components of a smart manufacturing system [4] are shown in Fig. 2.

A cycle-phased diagram represents the smart factory. It consists of cyber-physical systems, flexible manufacturing, artificial intelligence, big data and analysis, cloud computing, virtual and augmented reality, simulations, and additive manufacturing. — **Fig. 2**

2 Current Smart Manufacturing Systems and Practices

Smart Manufacturing Systems (SMS) collect and analyze real-time data to improve decision-making accuracy and boost the productivity and performance of a plant. The research and development by academia and industry have improved network-controlled systems, robotics, and IoT systems tremendously over time [5]. This has contributed significantly to the current smart factories for efficient, sustainable, and cost-effective operation. Figure 3 shows the Computer Integrated Manufacturing (CIM) model which displays the hierarchical architecture of the communication connections of computer systems and controls of an SMS from the sensor-actuator to the enterprise level [6].

A pyramid illustration of the five hierarchical manufacturing model. It consists of sensor-actuator level, cell control level, supervisory level, plant, management level, and enterprise level. — **Fig. 3**

Figure 3 illustrates the five layered hierarchical model of the current manufacturing systems in industries. The top level is the Enterprise Level where the operational management decisions are made to define the production workflow of the end product (for example, launching a new model of a car). At the second level, The plant management controls the production flow locally inside the production plant(Every plant controls the production flow of the new model on its own keeping the launch date in view). The Supervisory Level in the production facility manages several manufacturing cells of end-product each of which performs a different function (Such as in the case of a car, its communication system, engine, body, and other parts). The Cell Control Level controls and manages individual process functions (production of each individual part of the car). The Sensor & Actuator level consists of physical hardware and controllers to carry out the industrial processes. In higher layers of this model generally, TCP/IP protocol stack is used while in the lower layers, special protocols are utilized to ensure lower latencies and industry-specialized requirements. These communication protocols lack sufficient security mechanisms to strengthen authentication, integrity, confidentiality, data freshness, and methods to detect faults and anomalies [7, 8].

The master-slave structure can be extensively found in the lower layers of CIM. Here, the master usually is used to start the communication. Industry 4.0 has a more decentralized system where process components are smart and autonomous. These CIM components are smart as they are informed of their environment and can share data with each other. Here machines are autonomous objects in the production line that can perform various tasks according to the pre-coded instructions and are making real-time decisions at each step during the manufacturing process.

The disadvantage of such an open and self-aware and self-governed system is that it is more susceptible to both active and passive security attacks. The consequences of the attacks can be catastrophic compared to conventional systems with such features as the reconfiguration flexibility of the devices, open architecture, and usage of data analytics that can lead to complex dynamic behaviors. These can result in faults to the production line, the product, the physical environment, and as well as to the people.

3 Challenges of Smart Manufacturing

A huge part of economic growth is dependent on manufacturing industries. In the current era of the modern fourth industrial revolution, investments in smart manufacturing have been rapidly growing as they have assisted factories to achieve 17–20% productivity gains whilst simultaneously reaching an increase of 15–20% in quality gains [9, 10]. As a result, all big manufacturing companies in the world are digitizing their factories and manufacturing processes to maintain their credibility and growth in an extremely competitive global market. The automation achieved in manufacturing industries has resulted in better quality products, flexibility, and enhanced productivity. One major problem of this whole scenario is that security is treated as a minor concern rather than a vital component of the development and deployment process. This significantly increases vulnerability and cyber security attacks on existing manufacturing systems. The vulnerabilities and loopholes in the current systems are not investigated thoroughly resulting in unprepared and defenseless organizations in the face of security threats [11].

IoT in SM has led to a major improvement in product quality and efficiency of the manufacturing process, but still, there are enormous uncertainty issues that can arise during its implementation [12]. Some of the main challenges include the uncertainty of machine designers and builders and even the end users to contrive this technology, as each enterprise has its own design requirements and process. This also creates the need for a customized design which is usually expensive and requires experts in the related domain. The security-related issues are also a huge challenge, especially where information from the industry must be collected and shared as big data with the co-partners to make it an IoT-cultured organization or for the stakeholders and monitor every part of the process advancements. Another pressing issue is affiliation and collaboration with other establishments and bringing all the supporting organizations into one coherent package [13]. The development of a connected manufacturing policy to the standards for transparent and sustainable IoT communication systems is another obstacle in SM.

4 Smart Manufacturing Vulnerabilities and Attacks

Smart manufacturing systems are also mentioned as the Industrial Internet of Things (IIoT). IoT systems benefit from both wired and wireless connectivity to collect, monitor, and process the data coming from the working environment and communicate with each other to operate tasks. Integrating IoT devices into the manufacturing site enables us to control the production process in real-time without the need of being on the site, and it provides the ability to control the cyber-physical systems remotely.

The idea of smart manufacturing suggests that the whole manufacturing process can be automated with the use of connected things and artificial intelligence to monitor and take action for critical decisions. It increases the efficiency of production and generates data to be evaluated whether by algorithms or data experts. However, the vulnerability of these systems may provide an intruder to perform malicious operations when they are not addressed and eliminated gracefully (e.g. malware injected into the code of the robot arm system to change its course of action). Figure 4 shows the layered structure of IIoT systems [14, 15].

A table lists the following. The application layer consists of smart health, manufacturing, and grid. The network layer includes Wi-Fi, Bluetooth, and transmission. The perception layer consists of the robot, G P S, and camera. — **Fig. 4**

According to the TCS Global Trend Study report in July 2015, security and reliability are the most important factors which make it difficult to integrate IoT systems into workspaces [16]. At this point, considering the possible attacks that can be made because of having vulnerabilities in any of these layers, industries need to consider the criticality of the applications and take precautions to prevent harmful outcomes. In this section, the most popular and well-known cyber-attacks are described.

4.1 Perception/Physical Layer Attacks

The perception layer can be defined as the lowest layer in the conventional IoT structure and it contains the physical devices [17]. IoT devices are connected to each other and to the network in this layer. The data gathered from the environment is processed with the deployed smart devices and the final processed data is transmitted to others [18]. In IoT systems, the data wireless networks are the preferred transmission method in many applications. The nature of wireless networks allows a person to easily monitor, intervene, and take actions to disrupt the system although there are security mechanisms that try to prevent that [19]. Some of the most common perception layer attacks are described below:

4.1.1 Denial of Service (DoS) Attacks

The Denial of Service (DoS) attacks are one of the major security attacks among others in terms of application in different layers. The target of DoS attacks in the perception layer are the IoT components such as the sensors, actuators, IoT devices, etc. The attacker uses the vulnerabilities of the IoT nodes and blocks communication. One of the consequences of the DoS attack is that the attack puts the node under too many computation tasks and may cause the node to be forced to stay awake due to high network traffic than preferred and result in “barrage” and “sleep deprivation” [20, 21]. The barrage attack differs from the sleep deprivation attack in terms of the rate of the sent requests, with the former being characterized by a high package rate that quickly depletes the resources of the victim. Given this nature, the barrage attack can be readily detected [22].

4.1.2 False Data Injection Attacks

The attacker may inject false information into the network by capturing data transmitted by an IoT device and replacing it with a false message. Then the false information is transmitted to other entities in the network [6, 20].

4.1.3 Replay Attacks

Some attacks aim to gain the trust of IoT system components first. The attacker captures the data package that was sent previously by an IoT node by “eavesdropping” and retransmits it to a target node to misdirect its work cycle. The attacker can interrupt the ongoing process in the target node by transmitting valid data, hence causing the target to believe the data is coming from another legitimate node [14]. Since the information gathered from the network is resent to a target node without needing modification or decryption, the attacker does not need to have complex skills which is another danger of the replay attack.

4.1.4 Eavesdropping and Interference

Eavesdropping is a type of passive attack where the intruder senses the network to gain critical information and it can reveal the communication patterns of private entities, by mapping out the general behavior of the network. Wireless communications by nature are vulnerable to this type of attack since the transmission medium is exposed to third-party listeners [6, 20].

4.1.5 Side-Channel Attacks

Side-channel attackers target the device’s hardware or software by either intercepting the continuous transmission of electromagnetic waves or wireless communication among nodes. In doing so the attacker can access private information such as power consumption, electromagnetic and thermal emissions from hardware components, the topology of the wireless network, and such. These attacks can also be used to analyze the timing of certain operations. In some cases, this is used as an assistance factor to a cryptanalysis attack where the side-channel attack analyzes the time it takes for the encryption process to perform. Using the gathered inference, the attacker can predict the encryption key and increase the effectiveness of a cryptanalysis attack [23].

4.2 Network Layer Attacks

The network layer in the IIoT architecture creates connectivity between things and enables communication among components. It serves as a bridge between the lower (Perception) and the upper (Application) layers. Individual components such as the nodes of the IoT are aware of other changes in the environment over the network layer since all components in the system provide their data in this layer. Therefore, it serves as the center of the network architecture to provide key information to the intended clients. Any cyber-attack on this layer might cause every process to be halted in the system. In this part, the most important and effective attacks against the network layer are explained [24].

4.2.1 Spoofing Attacks

The attacker impersonates an existing device in the IoT system to disguise it as a legitimate network user. The attacker can pose as a legitimate user and gains access to critical information from the network and/or provide false data through the system using the identity of a trusted system entity.

4.2.2 Man-in-the-Middle Attack

The attacker places itself in between the communication of two entities and relays communication between them. This allows the attacker to access and control private traffic and possibly alter the exchanged information, thereby compromising the privacy and integrity of the data transferred.

4.2.3 DoS Attack at Network Layer

Denial-of-Service (DoS) attacks are cyber-attacks that attempt to make a website or network resource unavailable to its intended users. DoS attacks are carried out by flooding the targeted system with traffic or sending specially crafted packets that can cause the system to crash, become unresponsive, or slow down [25]. Here are some common types of DoS attacks:

1.
SYN Flood Attack: This type of DoS attack exploits a vulnerability in the TCP protocol, causing a server to allocate resources for incoming connection requests without ever completing the three-way handshake process. This leads to a denial of service by overwhelming the server’s ability to respond to legitimate requests.
2.
Ping of Death: This type of DoS attack involves sending an IP packet that exceeds the maximum size allowed by the protocol. This can cause the system to crash or become unstable.
3.
UDP Flood Attack: This type of DoS attack involves sending a large number of UDP packets to a targeted system, overwhelming its ability to handle the traffic.

DoS attack causes a loss of network connection and in the end makes the services in the system unavailable to other legitimate nodes/users by pushing the limits of the target network with a single computer. The core idea here is to use up the available network resources in a short amount of time by sending an inappropriate number of requests, thus preventing the intended users from getting a response from the network. Attackers can increase the number of requests in a given time or increase the processing time per packet in order to condense network traffic. The type of attack where multiple computers are used to attack a single target is called “Distributed Denial of Service (DDoS)”.

4.2.4 Wormhole Attack

The wormhole attack in IoT uses two new nodes which are superior to the other nodes in the target system so that the information transmission path can be routed. The key point in this attack is to place these wormhole nodes in a perfect position so that their distance from the other nodes is minimized. During the attack, the first attacker node receives data at one location of the network and transmits this to the other attacker node, which in the end carries this information to the final destination as shown in Fig. 5. While the malicious nodes transmit the data in the network, they inform the other nodes about their route so that other nodes think this is the shortest way of sending a message. Because of this, the wormhole attack can be used for compromising the routing algorithms in systems. The attacker can control the data flow traffic and stop the transmission at its will [26].

A looped illustration of the connections between solid and hollow dots. It depicts the malicious node and the normal node. The source is connected to the wormhole tunnel and the destination. The source and the destination are connected to the malicious and normal node. — **Fig. 5**

4.2.5 Sinkhole Attack

In a sinkhole attack, attackers either hack a node or create a fake fabricated node in the target network. The malicious node convinces other nodes in the network that it is the closest node to the base station. The objective here is to direct all the network traffic to the malicious node which creates a sinkhole around itself. The sinkhole attack not only enables monitoring of the network but also creates a setup for eavesdropping and selective forwarding attacks by leaving new messages in the network. Similar to the wormhole attack, the sinkhole attack also compromises the routing algorithms [27, 28].

4.3 Application Layer Attacks

The Application layer is the uppermost layer of the IoT infrastructure. It is responsible for the interaction with the end user and enables access to data in the network. The vulnerabilities in this layer are in the software and the attackers have the purpose of capturing the credentials of the users.

4.3.1 Phishing Attack

The goal is to mislead the users to enter sensitive information into mock-up interfaces or lead them to install applications that contain malware that infects the system upon installation. These types of attacks rely on the lack of active security measures in the system or the user’s lack of knowledge or attention. Web interface forgery, link manipulation, filter evasion, zero-day malware, etc. are the most common methods.

A process flow diagram of the phishing attack. It consists of the Victim, phishing website, attacker, use of victim credentials, and real website. The attacker sends the malicious e-mail to the victim. — **Fig. 6**

A typical phishing attack scheme is shown in Fig. 6 [20]. At first, the victim sends some malicious mail containing a phishing website that looks like the original one. The phishing website is made to look like a legit website such that the user does not suspect its legitimacy. Users then enter their credentials into the fake website and let the attacker capture sensitive information and credentials, which can be used by the attacker to access the original website later on.

4.3.2 HTTP Floods

An HTTP Flood is a DDoS attack where the attacker sends large quantities of HTTP GET or POST requests to a target server in order to consume its available resources and thereby prevent it from serving legitimate users. HTTP flood attacks require less bandwidth than other attacks and they are often carried out via several inter-connected devices that are infected by malware. POST attacks typically use more resources from the target server compared to GET attacks. However, GET attacks are simpler to create and they can scale more efficiently [29].

4.3.3 SQL Injections

SQL injection attack is a type of code-injection attack where malicious SQL commands are injected into the user input and submitted to the target system by leveraging the target system’s vulnerabilities that are mainly caused by “insufficient validation” of user input. SQL injection attacks can have a range of side effects, depending on the nature and severity of the attack. Here are some of the common side effects:

1.
Unauthorized data access: SQL injection attacks can allow attackers to gain unauthorized access to sensitive data, such as user credentials, financial information, and personal information.
2.
Data manipulation: Attackers can modify, delete or insert data into the database, which can result in data loss, corruption, or inaccurate records.
3.
Server compromise: If the attacker gains complete access to the database server, they may be able to execute commands on the server or even gain access to other systems on the network.
4.
Reputation damage: SQL injection attacks can damage the reputation of an organization, especially if sensitive data is compromised or customer data is lost.
5.
Legal and regulatory repercussions: Depending on the nature of the data lost or compromised, organizations may face legal and regulatory repercussions for failing to protect sensitive information.
6.
Financial loss: Organizations may face financial loss due to lost revenue, legal fees, and costs associated with repairing the damage caused by the attack.

SQL is often carried out using a combination of different injection types depending on the goal of the attacker. Injection mechanisms can be through user input, cookies, and server variables. The objective of the injection can also be indirect where the attacker seeds malicious input into the system for later use. This allows the attacker to separate the injection from the attack, meaning that the injection and attack time and place can be different thus making it more difficult to detect [30].

4.3.4 Slowloris Attack

Slowloris is a DoS attack that attempts to overwhelm web servers by sending slow and incomplete HTTP requests. The attacker sends a piece of an HTTP request to be responded by the server, but the final line of the request is not sent which causes the server to remain in waiting mode. When there is no response from the user side to send the final part, the server will timeout. In order to avoid this, the attacker sends these requests slowly enough to keep the server alive. It is difficult to detect the Slowloris attack since the sent HTTP request is legit [31, 32].

5 Security Solutions for Smart Manufacturing

Ensuring the security of smart manufacturing (SM) is a continuous process, not only a feature on a single device. Right from the very beginning of conceptualizing an idea, all the way to the final product, security must be considered one of the top priorities in SM systems. Some of the solutions specific to all IIoT layers are provided in this section.

5.1 Perception/Physical Layer Security

Defending a smart manufacturing system from cyber-attacks is challenging since such systems tend to be consisting of complex components and infrastructure. The classic “keeping attackers out” principle is still a good approach but it’s not sufficient to prevent such attacks. Perception layer attacks often include accessing the hardware devices physically, therefore several measures are taken. Physical hardening is one measure that helps achieve security by making the hardware tamper resistant. It includes restricting physical access to only a few authorized people, especially for unsupervised devices. Perception security can also include physical port locks; or the camera, USB and Ethernet covers, etc. [33]. Meanwhile, n vulnerabilities may be discovered after devices are deployed. In such cases, all the devices must be designed in a way that they must be able to receive updates and patches post-deployment. Upgradability is another measure against such attacks. A common approach is to use a proper digital signature to prevent unauthorized modification of the firmware upgrades. Eventually, old IoT devices will become obsolete, with the fast-evolving technology and constantly changing requirements. These devices with expired lifespans must be destroyed properly so that no private data could be accessible by the attackers.

5.2 Network Layer Security

Multipath routing is an efficient way of defending the network system against cyberattacks. Unlike single-path routing techniques, multipath routing techniques eliminate the overhead that comes from constructing a new path when the path of the network fails [34]. This technique constructs a network with multiple paths between the source and destination. Therefore, in the case of any collapse in one of the paths, another path within the network can take over the transmission. Spoofing, wormhole, and sinkhole attacks can be tackled with the multipath routing technique. Some techniques for network layer security are shown in Fig. 7.

A five-phased cycle diagram depicts the network layer security. It consists of directional antennas, packet leash, game theory, multipath routing, and authentication. — **Fig. 7**

Another common method for network layer security is authentication. There are several ways of authentication, such as physical and virtual multipath authentication also hop-by-hop and end-to-end authentication [35]. End-to-end authentication is the most efficient way of building a secure network, but it comes at a high cost. In [36], authors designed a network model that consists of a couple of base stations and numerous nodes with limited resources. The study claims that the nodes are trustable enough to not allow internal attacks. The message authentication is used in order to prevent external attacks and a hierarchical 3-way handshake routing tree from the nodes to avoid wormhole attacks. Directional antennas and package leash mechanisms are also used for the defense of wormhole attacks. The authors in [37] adopted an antenna model and came up with three protocols in order to detect and prevent attacks. However, this defense mechanism is not as efficient when the attacker has multiple endpoints. Another disadvantage of this method is that it causes performance degradation as a consequence of preventing legitimate nodes from being established.

In [38], the authors proposed an approach called packet leashes. Here, every packet has its own leash and it keeps any kind of information in order to prevent violation of the allowed transmission distance. This mechanism consists of geographical leashes and temporal leashes. In geographical leashes, the distance between the sender and receiver is limited. The packet leash includes the locations of the nodes and the times the packet was sent and received. The speed of light is accepted as the maximum speed of the packet. Based on this information, an attack is detected if it exceeds the upper bound of the distance as shown in Fig. 8 [38]. Temporal leashes require synchronization between the clocks of all nodes in the network. It sets an expiration time for the packet. The receiver checks the time when it receives the packet and compares it with the time it was sent. An attack is detected if this time exceeds the upper bound transmission time. Another way of detecting the attack is to set the sent time as an offset in the packet and not accept it on the receiver side if it exceeds the limit. This method is used against wormhole attacks.

A flow chart of the defense mechanism. It consists of the sender, and receiver, and checks the attack time exceeds the upper limit and the distance exceeds the upper limit. — **Fig. 8**

Game theory is also an important research area to develop methods for preventing DDoS attacks. In [39], the authors use the UDSR protocol to maintain network security. It detects the nodes’ misbehavior, identifies them as malicious nodes, and does not receive their messages. Therefore, any attacks that might be able to come from these malicious nodes are avoided and network security is established.

5.3 Application Layer Security

As the application layer is the closest layer in the whole system to the end user, it enables many waypoints for attackers with different purposes to target. Unauthorized access, data theft, data loss, and stability issues are potential consequences of weak application layer security. Web Application Firewalls (WAF) shown in Fig. 9 are often used by organizations in order to secure the system against most malicious attacks. WAF protects web applications by monitoring and filtering the network traffic between the application and the internet and stops bad traffic and malicious requests.

A flow diagram of the web application firewall. From left to right, it consists of the internet, web application firewall, and destination server. — **Fig. 9**

Human factor is also very important when considering application layer security. System users must have strong and secure passwords, and devices should not be left unlocked. Used apps can also have some vulnerabilities which can be hacked by using Cross-Site Scripting(XSS) and SQL Injection(SQLi). Hence, these web applications should be tested against vulnerabilities.

Not only the applications developed by organizations make the system vulnerable. Third-party software and firmware used on the system can also create a vulnerable waypoint therefore receiving the updates and security patches for such software in a timely manner is important. Moreover, unlicensed/pirated software should never be used. Inappropriate role access, lack of multifactor authentication, insecure password recovery mechanism, and insufficient authentication, and authorization are some other application layer security issues.

In [40], a defense mechanism against DDoS attacks namely Defense System Against Tilt (DAT) is proposed. In this method, the behavior of the sender node is observed and analyzed during the connection. It detects the malicious node when the sender misbehaves. It is designed such that the packet transmission by the legitimate user is not interrupted even if the system is hacked.

DAAD (DNS Amplification Attacks Detector) is a tool developed by the authors in [41] against DDoS attacks. It is designed to build a secure system for DNS local servers, but it also works for local network hosts. DNS packets are monitored using tools such as IPtraf which are helpful in monitoring network traffic and providing network statistics as well. In each DNS message transmission, DAAD checks the message and decides whether it is a response or request. For the responses, DAAD searches for the corresponding request in the database and if there is no corresponding request, the transmission is identified as suspicious. When the suspicious transmissions reach the threshold value, an alert is generated and message transmission from the suspicious node is blocked.

6 Approaches from Recent Studies for Cyber-Security in Manufacturing

In the InSecTT project, partners are collaborating on various industrial areas to develop AI-enhanced IoT solutions to address different cybersecurity concerns in a well-organized structure. One use case provided by Arçelik within the project directly focuses on wireless reliability and cybersecurity in manufacturing. Wireless IoT systems are exposed to several malicious attacks not only because they use shared transmission mediums but also because most IoT devices have minimal security features [42]. To cope with wireless communication issues, multiple QoS parameters should be considered. Within the project, various applications are developed to perform deep packet inspection and provide the hardware parameters, link quality, network performance, protocol-specific features, and delay measurements along with active and passive network monitoring data. The infrastructure is realized in the lab environment to investigate the OPC-UA protocol and communication aspects. For this purpose, OPC UA server and client applications are developed and deployed on IoT devices in the lab.

Monitoring and analyzing tools and services developed for the use case are allowing real-time and historical data to be inspected. They provide interfaces for people and for the machines to interact with the data sources under reliable network protocols. Additionally, alerts and warnings based on QoS and performance metrics provide visualization and statistics. When the “data collection”, and “data visualization” aspects are achieved, more insights about the network data can be explored. The aim is to benefit from machine learning algorithms, statistical methods, and time-series analysis approaches to detect anomalies, and identify possible security attacks, more specifically “jamming”. Considering connectivity problems which is a by-nature effect of these types of attacks, the lack of data should also be taken into account while designing an appropriate model and algorithm. This way the data can be further analyzed to detect anomalies in terms of quality, reliability, and availability of the services. Within the use case, AI-enhanced approaches are explored to detect connectivity problems, performance degradation, and jamming whether it is an intentional attack or unintentional interference. Radio jamming and de-authentication attacks are inspected to address two common types of attacks.

6.1 Radio Jamming Attack

Radio Jamming is a subset of Denial of service (DoS) attacks where an attacker can obstruct legitimate packets by transmitting interference signals in the wireless channel in which the wireless devices are operating. Jammers interrupt wireless communication by producing high-power noise near the transmitting and receiving nodes across the entire bandwidth. Jamming attacks can interrupt communication, cause connectivity problems, avoid the availability of services, and eventually, degrade the performance of IoT devices significantly both regarding energy consumption, as well as network throughput. An intentional jamming attack is when someone would deliberately tries to obstruct the wireless operation. On the other hand, when IoT devices are exposed to undesirable wireless transmissions by nearby devices (mobile phones, satellites, other IoT devices), they may unintentionally be obstructed by these devices. There are different types of jamming attacks applied in the wireless medium namely, constant jammers, deceptive jammers, reactive jammers, intelligent jammers, and random jammers [43]. All these types of attacks have varying detection probabilities and can fully or partially block communication [44]. Because of that, it is of utmost priority to design effective mechanisms to detect jamming attacks and to apply countermeasures.

6.1.1 Jamming Attack Scenario Setup

To detect jamming attacks and network anomalies in the manufacturing industry with robots working in the production line an effective jamming/anomaly detection system is developed. OPC-UA is an industrial standard protocol used in such systems. Keeping this in mind, an infrastructure is realized in the lab environment to investigate the OPC-UA protocol and its communication aspects. For this purpose, OPC-UA server and client applications are developed and deployed on IoT devices in the lab. A data collection application that collects certain QoS parameters from an industrial robot and an edge device is designed. The robot parameters on the client side are controlled with this application. An SDR is configured in a way that it can be used to send high-power jamming signals across 2.4 GHz WiFi channels. These signals cause severe noise in the communication channel and make it difficult for the client to communicate with the server. The experimental setup is displayed in Fig. 10.

A flow diagram between the instruments. It consists of a jammer, jamming attack, I o T device of the client, edge service server, Wi-Fi access point, and robot. — **Fig. 10**

A flow diagram of the de-authentication attack. It includes the client, attacker, and access point. The authentication request, association, authentication response, association response, data, de-authentication attack, data, and blocked. — **Fig. 11**

6.1.2 Insights and Results from the Experiments

The effects of jamming were studied on the communication network on the application layer. A significant increase in application delay (approximately ten times the normal delays) was observed during the jamming attack. Also, the network throughput gets adversely affected by the attacks. Statistical models were developed to detect jamming using these parameters regarding network delays and throughput. Later, by utilizing deep learning, a state-of-the-art stacked LSTM model is trained using the data generated to identify jamming attacks and anomalies from the normal network data. The trained deep learning model for jamming detection has a False-Positive rate of 0.28% and a False-Negative rate of 0.21% according to the dataset generated from experiments on the test setup. It provides an accuracy of 99.5% with 99.44% precision. The use of machine learning and AI models to construct a comprehensive analysis and model design for real-time jamming detection mechanisms are ongoing studies.

6.2 Deauthentication Attack

Another type of Wi-Fi jamming attack utilizes a Wi-Fi Deauther to generate de-authentication and dissociation packets to block communication. The 802.11 WiFi protocol includes a de-authentication feature to detach users from the network. This type of attack exploits the vulnerability of this feature as it does not require any encryption for this frame even if the session is established. These packets can be leveraged as anyone can transmit them while pretending that these packets are coming from the WiFi router. Upon receiving these packets, the connected device immediately disconnects from the network. By repeatedly sending these packets connected devices encounter denial of service which is considered jamming. The de-authentication attack is illustrated in Fig. 11.

The Wi-Fi de-authentication application developed by SpacehuhnTech [45] was used to create the jamming scenario. Due to internal timers and reliability mechanisms implemented in the transport layers of the network, an increased rate of retransmission of packets as well as lower packet density as compared to the normal operation is observed on both sides of the connection. Using the network interface card in the monitoring mode, it was observed that the density of de-authentication and dissociation packets significantly increases. Based on these observations, a statistical method to detect de-authentication attacks on-device to increase local awareness of the IoT device. In this method, the packet drop rate (PDR) and connectivity continuously are monitored along with the density of de-authentication packets in a certain period of time. If the PDR and de-authentication packets increase by a certain threshold, a de-authentication attack alert is generated. The de-authentication attack causes connectivity loss as well so connectivity is constantly monitored and reported as well.

7 Conclusion

Smart Manufacturing is the future of the industry due to massive opportunities and benefits it offers. At the same time, the security of systems and the subversive outcomes of security attacks cannot be ignored: harm to physical infrastructure, damage to important equipment, leak of critical information, injuries, and even death can occur merely because of the lack of sufficient security measures. Manufacturing enterprises and industrial organizations pay attention to these concerns and commit to making security a fundamental feature while keeping in mind the fact that the security of manufacturing systems is not a product or a single feature, it is an application of series of countermeasures on the whole process in general. Although the improvement in manufacturing systems is proceeding slowly, the IT security is advancing towards two-factor authentication, trained detection, and prevention models.

As Smart Manufacturing is moving towards autonomy and system complexity, it is becoming extremely important to invest in security experts and develop effective security solutions specially customized for the specific industry needs and demands. The scientific community and industries should work together to build robust, reliable, and efficient security solutions which are able to cope with the increasing deployments and run-time requirements of Smart Manufacturing Systems. Cyber security in manufacturing is paramount for the future of durable systems, and more investments and research is required to keep advancing the right track to secure them.

References

Phuyal, S., Bista, D., Bista, R.: Challenges, opportunities and future directions of smart manufacturing: a state of art review. Sustain. Futur. 2, 100023 (2020)
Article Google Scholar
Zheng, P., Wang, H., Sang, Z. et al.: Smart manufacturing systems for Industry 4.0: conceptual framework, scenarios, and future perspectives. Front Mech. Eng. 13, 137–150 (2018)
Google Scholar
Wang, B., Tao, F., Fang, X., et al.: Smart manufacturing and intelligent manufacturing: a comparative review. Engineering 7, 738–757 (2021)
Article Google Scholar
Xu, J., Kovatsch, M., Mattern, D., Mazza, F., Harasic, M., Paschke, A., Lucia, S.: A review on AI for smart manufacturing: deep learning challenges and solutions. Appl. Sci. 12, 8239 (2022). https://doi.org/10.3390/app12168239
Parliment, E.: Smart manufacturing (2016). https://ec.europa.eu/digital-singlemarket/smart-manufacturing
Tuptuk, N., Hailes, S.: Security of smart manufacturing systems. J. Manuf. Syst. 47, 93–106 (2018)
Article Google Scholar
Gerodimos, A., Maglaras, L., Ferrag, M.A., Ayres, N., Kantzavelou, I.: IoT: communication protocols and security threats. Internet Things Cyber-Phys. Syst. 3, 1–13 (2023)
Article Google Scholar
Yang, X., Shu, L., Liu, Y., Hancke, G.P., Ferrag, M.A., Huang, K.: Physical security and safety of IoT equipment: a survey of recent advances and opportunities. IEEE Trans. Ind. Inform. 18(7), 4319–4330 (2022)
Article Google Scholar
Rossmann, M. et al.: Smart factories: how can manufacturers realize the potential of digital industrial revolution? Capgemini.com. (2017)
Google Scholar
Yee, T., Yen, N., Onathan, S.: Internet of things real-time monitoring of energy efficiency on manufacturing shop floors. Procedia CIRP 61, 376–381 (2017)
Article Google Scholar
Juarez, F.A.B.: Cybersecurity in an industrial internet of things environment (IIoT) challenges for standards systems and evaluation models. In: Proceedings of the 2019 8th International Conference On Software Process Improvement (CIMPS), Leon, Guanajuato, Mexico, 23–25 October 2019, pp. 1–6
Google Scholar
Wang, L., Shih, A.: Challenges in smart manufacturing. J. Manuf. Syst. 40, 1 (2016)
Article Google Scholar
Santhosh, N., et al.: Internet of Things (IoT) and industry 4.0 applications in manufacturing: a review. IOP Conf. Ser.: Mater. Sci. Eng. 764, 012025 (2020)
Google Scholar
Abosata, N., Al-Rubaye, S., Inalhan, G., Emmanouilidis, C.: Internet of things for system integrity: a comprehensive survey on security, attacks and countermeasures for Industrial Applications. Sensors 21(11), 3654 (2021)
Article Google Scholar
Yildirim, M., Demiroglu, U., Şenol, B.: An in-depth exam of IOT, IOT core components, IOT layers, and attack types. Eur. J. Sci. Technol. 21, 1–10 (2021)
Google Scholar
TATA Consultancy Services: Internet of Things: the complete reimaginative force. TCS Global Trend Study (2015). https://www.tcs.com/content/dam/tcs/pdf/Industries/global-trend-studies/iot/Internet-of-Things-The-Complete-Reimaginative-Force.pdf . Accessed Aug 2022
Atzori, L., Iera, A., Morabito, G., Nitti, M.: The Social Internet of Things (SIOT)–when social networks meet the internet of things: concept, architecture and network characterization. Comput. Netw. 56(16), 3594–3608 (2012)
Article Google Scholar
Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., Zhao, W.: A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet Things J. 4(5), 1125–1142 (2017)
Article Google Scholar
Zhao, K., Ge, L.: A survey on the internet of things security. In: 2013 Ninth International Conference on Computational Intelligence and Security, vol. 14, pp. 663–667 (2013). https://doi.org/10.1109/CIS.2013.175.
Obaidat, M.A., Obeidat, S., Holst, J., Al Hayajneh, A., Brown, J.: A comprehensive and systematic survey on the internet of things: security and privacy challenges, security frameworks, enabling technologies, threats, vulnerabilities and countermeasures. Computers 9, 44 (2020). https://doi.org/10.3390/computers9020044
Gebende, E., Campegiani, P., Czachórski, T., Katsikas, S.K., Komnios, I., Romano, L., Tzovaras, D. (eds.): Security in computer and information sciences. Commun. Comput. Inf, Sci (2018)
Google Scholar
Gelenbe, E., Kadioglu, Y.M.: Energy life-time of wireless nodes with network attacks and mitigation. In: 2018 IEEE International Conference on Communications Workshops (ICC Workshops) (2018)
Google Scholar
Lomné, V., Prouff, E., Roche, T.: Behind the scene of side channel attacks. In: Sako, K., Sarkar, P. (eds.) Advances in Cryptology—ASIACRYPT 2013. ASIACRYPT 2013. Lecture Notes in Computer Science, vol. 8269, pp. 542–559. Springer (2013)
Google Scholar
Gokhale, P., Bhat, O., Bhat, S.: Introduction to IOT. Int. Adv. Res. J. Sci. 5(1) (2018)
Google Scholar
Syed, N.F., Baig, Z., Ibrahim, A., Valli, C.: Denial of service attack detection through machine learning for the IoT. J. Inf. Telecommun. 4(4), 482–503 (2020)
Google Scholar
Fazeldehkordi, E., Amiri, I.S.: Wormhole attack. In: Akanbi, O.A. (ed.) A Study of Black Hole Attack Solutions, 1st edn., pp. 51–52. Syngress, Waltham, Massachusetts (2016)
Google Scholar
Abdullahi, M., Baashar, Y., Alhussian, H., Alwadain, A., Aziz, N., Capretz, L.F., Abdulkadir, S.J.: Detecting cybersecurity attacks in internet of things using artificial intelligence methods: a systematic literature review. Electronics 11, 198 (2022). https://doi.org/10.3390/electronics11020198
Baronti, P., Pillai, P., Chook, V.W.C., Chessa, S., Gotta, A., Hu, Y.F.: Wireless sensor networks: a survey on the state of the art and the 802.15.4 and zigbee standards. Comput. Commun. 30(7), 1655–1695 (2007)
Google Scholar
Sreeram, I., Vuppala, V.: HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl. Comput. Inf. 15, 59–66 (2019)
Google Scholar
Halfond, W.G., Viegas, J., Orso, A.: A classification of SQL-injection attacks and countermeasures. In: Proceedings of the IEEE International Symposium on Secure Software Engineering, p. 1 (2006)
Google Scholar
Shorey, T., Subbaiah, D., Goyal, A., Sakxena, A., Mishra, A.K.: Performance comparison and analysis of Slowloris, goldeneye and Xerxes DDoS Attack tools. In: 2018 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (2018)
Google Scholar
Cambiaso, E., Papaleo, G., Chiola, G., Aiello, M.: Slow dos attacks: definition and categorisation. Int. J. Trust. Manag. Comput. Commun. 1(3/4), 300 (2013)
Article Google Scholar
Maggi, F., Pogliani, M.: Attacks on smart manufacturing systems. Trend Micro Research (2020)
Google Scholar
Zin, S.M., Anuar, N.B., Kiah, M.L.M., Ahmedy, I.: Survey of secure multipath routing protocols for WSNs. J. Netw. Comput. Appl. 55, 123–53 (2015)
Article Google Scholar
Vogt, H.: Exploring message authentication in sensor networks. In: 1st European Workshop on Security in Ad Hoc and Sensor Networks (ESAS 2004) (2004)
Google Scholar
El Kaissi, R.Z., Kayssi, A., Chehab, A., Dawy, Z.: Dawwsen: a defense mechanism against wormhole attacks in wireless sensor networks [Ph.D. dissertation]. American University of Beirut, Department of Electrical and Computer Engineering (2005)
Google Scholar
Hu, L., Evans, D.: Using directional antennas to prevent wormhole attacks. NDSS 241–245 (2004)
Google Scholar
Hu, Y.-C., Perrig, A., Johnson, D.B., Packet leashes: a defense against wormhole attacks in wireless networks. In: INFOCOM: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. IEEE Societies, vol. 3, pp. 1976–1986. IEEE (2003)
Google Scholar
Patil, S., Chaudhari, S.: DoS attack prevention technique in wireless sensor networks. Procedia Comput. Sci. 79, 715–721 (2016). https://doi.org/10.1016/j.procs.2016.03.091
Article Google Scholar
Liu, H.I., Chang, K.C.: Defending systems against tilt DDoS attacks. Telecommun. Syst. Serv. Appl. (TSSA) Oct 20–21, 22–27 (2011)
Google Scholar
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Samarati, P., De Capitani di Vimercati, S. (eds.) Critical Information Infrastructures Security. Lecture Notes in Computer Science, vol. 5141, pp. 185–196. Springer, Berlin (2008)
Google Scholar
Mukherjee, A.: Physical-layer security in the internet of things: sensing and communication confidentiality under resource constraints. Proc. IEEE 103(10), 1747–1761 (2015). https://doi.org/10.1109/JPROC.2015.2466548
Article Google Scholar
Xu, W., Ma, K., Trappe, W., Zhang, Y.: Jamming sensor networks: attack and defense strategies. IEEE Netw. 20(3), 41–47 (2006). https://doi.org/10.1109/MNET.2006.1637931
Article Google Scholar
Babar, S.D., Prasad, N.R., Prasad, R.: Jamming attack: behavioral modeling and analysis. Wirel. VITAE 1–5 (2013). https://doi.org/10.1109/VITAE.2013.6617054
Spacehuhn Technologies: \(esp8266_deauther\). (2020). https://github.com/SpacehuhnTech/esp8266_deauther
Google Scholar

Download references

Acknowledgements

The authors would like to express their sincere gratitude and appreciation to the individuals who have contributed to the completion of this book chapter. First and foremost, we would like to thank all the VeNIT Lab members for providing an exceptional work environment. Their dedication and hard work have been instrumental in ensuring the success of this project. In particular, we would like to extend our heartfelt thanks to Fatmanur Ozdemir, Anilcan Bulut, Mert Ilik and Omer Faruk Caki for their invaluable assistance and support throughout the writing process. We are also grateful to Stefan Marksteiner and Leander Hoermann for providing their unique perspectives, insightful feedback, and expertise in their respective fields which have been invaluable in shaping the content of this chapter.

Author information

Authors and Affiliations

Vehicular Networking and Intelligent Transportation Systems Research Lab, Marmara University, Istanbul, Turkey
Fatima Tu Zahra, Yavuz Selim Bostanci & Mujdat Soyturk
Department of Computer Engineering, Marmara University, Istanbul, Turkey
Mujdat Soyturk

Authors

Fatima Tu Zahra
View author publications
You can also search for this author in PubMed Google Scholar
Yavuz Selim Bostanci
View author publications
You can also search for this author in PubMed Google Scholar
Mujdat Soyturk
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mujdat Soyturk .

Editor information

Editors and Affiliations

Virtual Vehicle Research GmbH, Graz, Austria
Michael Karner
VTT Technical Research Centre of Finland Ltd, Oulu, Finland
Johannes Peltola
NXP Semiconductors Austria GmbH & Co. KG, Gratkorn, Austria
Michael Jerne
Politechnika Gdańska, Gdansk, Poland
Lukas Kulas
AVL List GmbH, Graz, Austria
Peter Priller

Rights and permissions

Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Zahra, F.T., Bostanci, Y.S., Soyturk, M. (2024). Security of Wireless IoT in Smart Manufacturing: Vulnerabilities and Countermeasures. In: Karner, M., Peltola, J., Jerne, M., Kulas, L., Priller, P. (eds) Intelligent Secure Trustable Things. Studies in Computational Intelligence, vol 1147. Springer, Cham. https://doi.org/10.1007/978-3-031-54049-3_21

Download citation

DOI: https://doi.org/10.1007/978-3-031-54049-3_21
Published: 20 June 2024
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54048-6
Online ISBN: 978-3-031-54049-3
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)

Publish with us

Policies and ethics

Security of Wireless IoT in Smart Manufacturing: Vulnerabilities and Countermeasures