Scribd
Upload
3 views

IoT Chapter 2

The document discusses the implementation of automation systems using a local cloud approach based on the ISA-95 automation pyramid. It covers key aspects such as latency management, security measures, and the importance of service authentication and authorization in local clouds. Additionally, it highlights the need for inter-cloud interaction and the challenges associated with maintaining security during service exchanges between different local clouds.

Uploaded by

thethmusan.kuk
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
3 views

IoT Chapter 2

The document discusses the implementation of automation systems using a local cloud approach based on the ISA-95 automation pyramid. It covers key aspects such as latency management, security measures, and the importance of service authentication and authorization in local clouds. Additionally, it highlights the need for inter-cloud interaction and the challenges associated with maintaining security during service exchanges between different local clouds.

Uploaded by

thethmusan.kuk
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

YANGON TECHNOLOGICAL UNIVERSITY

DEPARTMENT OF ELECTRONIC ENGINEERING

EcE-71016 Computer Aided Manufacturing

Presented by:
Ma Yoon Pann Eain
ME.EC-2(16th Batch)
3.8.2023

1
Automation Application Engineering in Local Clouds

The engineering of an automation system is today based on the ISA-95


automation pyramid. This will be the basis to us a local cloud approach.

The automation system has to be partitioned into a number of local clouds


that is related to
automation functional issues
real-time and latency requirements
security and safety issues
engineering complexity related to real time and security
deployment and test issues

2
The local cloud provides some features like

Cloud service infrastructure


Automation support services
Predictable latency properties-well-defined usage of communication physical layer and
lower layer protocols
Security properties - authentication and authorization

Each of these features can be used to build the desired application services and the
auxiliary support systems needed by the control application, thus reducing the
complexity of the local cloud design.

3
Latency in Local Clouds

Automation has strong requirements on real-time data exchange and control.


The total latency is dependent on communication channel bandwidth, protocol packet
overhead, and the size of the data transmitted.
The communication is based on TDMA medium access approach.

In TDMA, the available communication bandwidth is divided into a number of


timeslots. Each timeslot can then be assigned to a certain actor or activity in the local
cloud. Some examples based on TDMA are

IEEE 802.15.4 (TDMA mode)


Time Triggered Protocol
Industrial Ethernet
Fieldbus/Profibus

4
The payload and protocol size is the other factor that will determine latency over a
network link.
The payloads are most often encoded in XML or JSON. EXI is a standardized approach
to compress XML or JSON encoded payloads. Compression rates of about 30 can be
expected. This will clearly help to reduce the network link latency for a service
transfer.
The minimum latencies achievable will be dependent on number of nodes, type of
MAC, type of transport protocol, payload compression, etc.
Network simulation tools like NS-3 enable the prediction of latency in a specific local
cloud setting.

5
Security in Local Clouds

To secure in local clouds, the possibility is to provide a local security “fencing” around
the local cloud and appropriate authenticating, authorization, and encryption of
services within the local cloud.
Fencing needs ways of keeping non-internal network activity outside the local cloud.

A secure local cloud have should have firewalls at the interface to other clouds which
support blocking of “external” traffic to come into the local cloud.
Such security fencing is dependent on control and minimizing of
communication in and out of the local cloud.

6
Service Authentication and Authorisation

Authentication is provided to ensure the identity of a service consumer requesting


access to a provided service.
Authorisation is to ensure that the requesting system has the right to consume the
requested service.
For IoT-based automation, a local cloud may hold both resource constrained devices
and more powerful devices. They have different capabilities in handling authentication
and authorisation technologies while still performing its dedicated automation task.

A local cloud should be capable of having one or a combination of


authentication and authorisation methods like

Strong certificates like X.509


Ticket-based solutions like Radius or Kerberos
7
Data Encryption

Data encryption can be provided either by enforcing IP communication encryption or


relying on SOA protocol provided payload encryption.

IPSec is an end-to-end security scheme operating in the Internet Layer of the Internet
Protocol Suite. IPSec protects all application traffic over an IP network. Applications
can be automatically secured by IPSec at the IP layer.

Other Internet security systems such as Transport Layer Security (TLS) and Secure Shell
(SSH), operate in the upper layers at the Application layer. Some SOA protocols like
CoAP or MQTT use TLS or DTLS within the protocol, thus protecting the payload during
transport.

8
System of Systems Scalability

Local clouds should be capable of inter-cloud interaction while maintaining


SOA capabilities. Following the SOA based IoT and SoS approach there is a need for:

Service discovery external to the local cloud


Orchestration of service exchanges between systems residing in more than one local
cloud
Handling of security, authentication, authorisation, and data encryption for service
exchanges between systems residing in more than one local cloud
Service exchange between systems residing in two different local clouds
Protocol, encoding, and semantics translation supporting service exchanges between
systems applying different SOA, protocols, encodings and semantics

9
Inter-cloud Service Exchange Security

Every external communication is punching a hole in the security fence created by a


firewall at the rim of the local cloud.

For the inter-cloud service exchange there are two processes that will punch holes in
the local cloud security fence. These processes are
Orchestration of an inter-cloud service exchange
The service exchange data path

10
Thank You So Much!!

11

You might also like