Securing IIoT communications using OPC UA PubSub and Trusted Platform Modules

In the Industry 4.0 context, data are a valuable asset that must be protected. Ensuring the confidentiality and integrity of the data exchanged by the IIoT devices is challenging, especially when those devices are out of the companies premises or easily accessible (we call them out-premise devices). These devices become primary targets for attackers as a way to compromise data and cause damage to infrastructure or people. OPC UA PubSub provides the appropriate mechanisms to build scalable (e.g. one-to-many) secure and interoperable solutions with end-to-end encryption. However, authentication of IIoT devices remains a sensitive question, as it requires to securely embedding secrets. We present a novel approach based on open source software aiming to secure out-premise devices authentication, enabling the confidentiality and integrity of data exchanges with the rest of the system. Our approach uses a Trusted Platform Module as a secure element to protect the secrets embedded on devices. We further apply the approach on a predictive maintenance use case and evaluate the security level of our solution in such use case.

Automated summary

In the Industry 4.0 context, protecting data is crucial, especially when dealing with out-premise IIoT devices. OPC UA PubSub provides secure and interoperable solutions, but authentication remains a challenge. We propose a novel approach using open source software and a Trusted Platform Module to secure out-premise device authentication and ensure data confidentiality and integrity.