FALLSEM2024-25_BMEE410L_TH_VL2024250105875_2024-10-09_Reference-Material-I

Module Overview

  • Focus on Security Framework, Software Design Concepts, Middleware, and Securing the Industrial Internet of Things (IIoT).

Security Framework and Software Design Concepts

Introduction to Security Frameworks

  • Essential for securing IIoT applications.

Understanding APIs (Application Programming Interface)

  • Applications: User-facing software on devices (laptops, tablets, smartphones).

  • Programming: Code written by developers to create applications.

  • Interface: A method for users and devices to communicate.

  • API Definition: Provides a template for software interactions; allows communication between applications.

Technical Perspective of APIs

  • APIs must be configured by programmers to ensure data is correctly managed in databases.

  • An API is defined as a specification that outlines functionality, usage, and input/output formats.

Web Services and API Types

  • Web Service APIs: Common in modern applications, including REST and SOAP.

  • Facilitates service-oriented architectures implying integration with diverse services.

SOAP (Simple Object Access Protocol)

  • Established itself within SOA environments as a preferred web service.

  • Works exclusively with XML for messaging, offering documentations via WSDL.

  • Key Features:

    • Extensible with optional features.

    • Can operate over various network protocols beyond HTTP.

    • Complexity in XML can lead to error-prone interactions.

    • Built-in error handling aids in diagnosing issues.

REST (Representational State Transfer)

  • Designed to address SOAP limitations in web environments.

  • Simplifies interactions through straightforward URL calls.

  • Utilizes basic HTTP commands (GET, POST, PUT, DELETE).

  • Outputs in various data formats for flexibility (CSV, JSON, RSS).

Comparing SOAP vs REST

Advantages of SOAP

  • Language, platform, and transport independence.

  • Best for distributed environments.

  • Offers error handling and extensive pre-built functionality.

Advantages of REST

  • Easier to utilize with a low learning curve.

  • Efficient with smaller message formats.

  • Fast due to less processing overhead.

IIoT Middleware Architecture

  • Middleware integrates diverse technologies in IIoT.

  • Provides capabilities for connecting protocols and consuming APIs.

Components of IIoT Middleware

  • Connectivity: Support for diverse sensors and actuators.

  • Endnode Management: Authentication and management of network nodes.

  • Data Processing: Translation and preparation of incoming data.

  • Database Integration: Connects applications with data storage solutions.

  • Data Visualization: Employs graphical tools for displaying information.

  • Analytics: Offers real-time data processing crucial for industrial settings.

  • Front-end Management: APIs and microservices for developers.

  • Security: Ensures confidentiality, integrity, and network availability.

Role of IIoT Middleware in Data Management

  • Middleware enables connection of numerous transducers to make data actionable.

  • Aims to turn raw data into insights, thereby converting data into knowledge.

  • Middleware solutions typically include services for authentication, protocol translation, and event processing.

Open Source Middleware Solutions for IIoT

  • Open source middleware addresses cost issues for small to medium enterprises (SMEs).

  • Examples include Kaa, OpenIoT, Alljoyn, and Mango.

Commercial Middleware Solutions

  • Some SMEs opt for commercial middleware due to reliability and support.

  • Examples include ThinkWorx, Oracle Fusion, IBM Bluemix.

Securing the Industrial Internet

  • Security Concerns: IIoT systems lack traditional firewalls; securing applications is critical.

Network Security Issues in Industrial Environments

  1. Encryption Risks: Can give a false sense of security; hackers may find vulnerabilities.

  2. Ransomware: Automation in attacks is significant; preventative measures are crucial.

  3. DDoS Attacks: Flooding of networks demands proactive defense strategies.

  4. Insider Threats: Human actions can lead to breaches; monitoring is essential.

  5. Cloud Security: Organizations must be vigilant regarding cloud data handling.

  6. SQL Injection: Attackers exploit vulnerabilities; regular software checks are necessary.

  7. Man-in-the-Middle Attacks: Protecting communications is vital to prevent data interception.