Sabah Suhail, Raja Jurdak, Rasheed Hussain
Digital twins, being the virtual replicas of their physical counterparts, share valuable knowledge of the underlying system. Therefore, they might become a potential source of data breaches and a playground for attackers to launch covert attacks. It is imperative to investigate necessary countermeasures to mitigate such attacks.
Sabah Suhail, Saif Ur Rehman Malik, Raja Jurdak et al.
The complexity of cyberattacks in Cyber-Physical Systems (CPSs) calls for a mechanism that can evaluate critical infrastructures' operational behaviour and security without affecting the operation of live systems. In this regard, Digital Twins (DTs) provide actionable insights through monitoring, simulating, predicting, and optimizing the state of CPSs. Through the use cases, including system testing and training, detecting system misconfigurations, and security testing, DTs strengthen the security of CPSs throughout the product lifecycle. However, such benefits of DTs depend on an assumption about data integrity and security. Data trustworthiness becomes more critical while integrating multiple components among different DTs owned by various stakeholders to provide an aggregated view of the complex physical system. This article envisions a blockchain-based DT framework as Trusted Twins for Securing Cyber-Physical Systems (TTS-CPS). With the automotive industry as a CPS use case, we demonstrate the viability of the TTS-CPS framework in a proof of concept. To utilize reliable system specification data for building the process knowledge of DTs, we ensure the trustworthiness of data-generating sources through integrity checking mechanisms. Additionally, the safety and security rules evaluated during simulation are stored and retrieved from the blockchain, thereby establishing more understanding and confidence in the decisions made by the underlying systems. Finally, we perform formal verification of the TTS-CPS.
Sabah Suhail, Raja Jurdak
The complexity of cyberattacks in Cyber-Physical Systems (CPSs) calls for a mechanism that can evaluate the operational behaviour and security without negatively affecting the operation of live systems. In this regard, Digital Twins (DTs) are revolutionizing the CPSs. DTs strengthen the security of CPSs throughout the product lifecycle, while assuming that the DT data is trusted, providing agility to predict and respond to real-time changes. However, existing DTs solutions in CPS are constrained with untrustworthy data dissemination among multiple stakeholders and timely course correction. Such limitations reinforce the significance of designing trustworthy distributed solutions with the ability to create actionable insights in real-time. To do so, we propose a framework that focuses on trusted and intelligent DT by integrating blockchain and Artificial Intelligence (AI). Following a hybrid approach, the proposed framework not only acquires process knowledge from the specifications of the CPS, but also relies on AI to learn security threats based on sensor data. Furthermore, we integrate blockchain to safeguard product lifecycle data. We discuss the applicability of the proposed framework for the automotive industry as a CPS use case. Finally, we identify the open challenges that impede the implementation of intelligence-driven architectures in CPSs.
Sabah Suhail, Rasheed Hussain, Raja Jurdak et al.
Industrial processes rely on sensory data for decision-making processes, risk assessment, and performance evaluation. Extracting actionable insights from the collected data calls for an infrastructure that can ensure the dissemination of trustworthy data. For the physical data to be trustworthy, it needs to be cross-validated through multiple sensor sources with overlapping fields of view. Cross-validated data can then be stored on the blockchain, to maintain its integrity and trustworthiness. Once trustworthy data is recorded on the blockchain, product lifecycle events can be fed into data-driven systems for process monitoring, diagnostics, and optimized control. In this regard, Digital Twins (DTs) can be leveraged to draw intelligent conclusions from data by identifying the faults and recommending precautionary measures ahead of critical events. Empowering DTs with blockchain in industrial use-cases targets key challenges of disparate data repositories, untrustworthy data dissemination, and the need for predictive maintenance. In this survey, while highlighting the key benefits of using blockchain-based DTs, we present a comprehensive review of the state-of-the-art research results for blockchain-based DTs. Based on the current research trends, we discuss a trustworthy blockchain-based DTs framework. We highlight the role of Artificial Intelligence (AI) in blockchain-based DTs. Furthermore, we discuss current and future research and deployment challenges of blockchain-supported DTs that require further investigation.
Sabah Suhail, Rasheed Hussain, Raja Jurdak et al.
Industrial processes rely on sensory data for critical decision-making processes. Extracting actionable insights from the collected data calls for an infrastructure that can ensure the trustworthiness of data. To this end, we envision a blockchain-based framework for the Industrial Internet of Things (IIoT) to address the issues of data management and security. Once the data collected from trustworthy sources are recorded in the blockchain, product lifecycle events can be fed into data-driven systems for process monitoring, diagnostics, and optimized control. In this regard, we leverage Digital Twins (DTs) that can draw intelligent conclusions from data by identifying the faults and recommending precautionary measures ahead of critical events. Furthermore, we discuss the integration of DTs and blockchain to target key challenges of disparate data repositories, untrustworthy data dissemination, and fault diagnosis. Finally, we identify outstanding challenges faced by the IIoT and future research directions while leveraging blockchain and DTs.
Sabah Suhail, Rasheed Hussain, Abid Khan et al.
The Internet of Things (IoT) is gaining ground as a pervasive presence around us by enabling miniaturized things with computation and communication capabilities to collect, process, analyze, and interpret information. Consequently, trustworthy data act as fuel for applications that rely on the data generated by these things, for critical decision-making processes, data debugging, risk assessment, forensic analysis, and performance tuning. Currently, secure and reliable data communication in IoT is based on public-key cryptosystems such as Elliptic Curve Cryptosystem (ECC). Nevertheless, reliance on the security of de-facto cryptographic primitives is at risk of being broken by the impending quantum computers. Therefore, the transition from classical primitives to quantum-safe primitives is indispensable to ensure the overall security of data en route. In this paper, we investigate applications of one of the post-quantum signatures called Hash-Based Signature (HBS) schemes for the security of IoT devices in the quantum era. We give a succinct overview of the evolution of HBS schemes with emphasis on their construction parameters and associated strengths and weaknesses. Then, we outline the striking features of HBS schemes and their significance for the IoT security in the quantum era. We investigate the optimal selection of HBS in the IoT networks with respect to their performance-constrained requirements, resource-constrained nature, and design optimization objectives. In addition to ongoing standardization efforts, we also highlight current and future research and deployment challenges along with possible solutions. Finally, we outline the essential measures and recommendations that must be adopted by the IoT ecosystem while preparing for the quantum world.
Sabah Suhail, Rasheed Hussain, Choong Seon Hong et al.
"Trustworthy data" is the fuel for ensuring transparent traceability, precise decision-making, and cogent coordination in the supply chain (SC) space. However, the disparate data silos act as a trade barrier in orchestrating the provenance of product story starting from the transformation of raw materials into the circuit board to the assembling of electronic components into end products available on the store shelf for customers. Therefore, to bridge the fragmented siloed information across global supply chain partners, the diffusion of blockchain (BC) as one of the advanced distributed ledger technology (DLT) takeover the on-premise legacy systems. Nevertheless, the challenging constraints of blockchain including scalability, accessing off-line data, fee-less microtransactions and many more lead to the third wave of blockchain called IOTA. In this paper, we propose a framework for supporting provenance in the electronic supply chain (ECS) by using permissioned IOTA ledger. Realizing the crucial requirement of trustworthy data, we use Masked Authenticated Messaging (MAM) channel provided by IOTA that allows the SC players to procure distributed information while keeping confidential trade flows, tamper-proof data, and fine-grained accessibility rights. To identify operational disruption, we devise a transparent product ledger through transaction data and consignment information to keep track of the complete product journey at each intermediary step during SC processes. Furthermore, we evaluate the secure provenance data construction time for varying payload size.
Sabah Suhail, Mohammad Abdellatif, Shashi Raj Pandey et al.
The interconnection of resource-constrained and globally accessible things with untrusted and unreliable Internet make them vulnerable to attacks including data forging, false data injection, and packet drop that affects applications with critical decision-making processes. For data trustworthiness, reliance on provenance is considered to be an effective mechanism that tracks both data acquisition and data transmission. However, provenance management for sensor networks introduces several challenges, such as low energy, bandwidth consumption, and efficient storage. This paper attempts to identify packet drop (either maliciously or due to network disruptions) and detect faulty or misbehaving nodes in the Routing Protocol for Low-Power and Lossy Networks (RPL) by following a bi-fold provenance-enabled packed path tracing (PPPT) approach. Firstly, a system-level ordered-provenance information encapsulates the data generating nodes and the forwarding nodes in the data packet. Secondly, to closely monitor the dropped packets, a node-level provenance in the form of the packet sequence number is enclosed as a routing entry in the routing table of each participating node. Lossless in nature, both approaches conserve the provenance size satisfying processing and storage requirements of IoT devices. Finally, we evaluate the efficacy of the proposed scheme with respect to provenance size, provenance generation time, and energy consumption.