connecting, monitoring and securing manufacturing assets 1 yan chen professor, eecs department...
TRANSCRIPT
Connecting, Monitoring and Securing
Manufacturing Assets
1
Yan Chen
Professor, EECS Department
Director, Lab for Internet & Security Technology (LIST)
http://list.cs.northwestern.edu
Northwestern University
DM-Box • Add connection capability to DM
equipment• Easy to integrate• Transmit multiple data streams:
operation data, diagnosis data, control data
• Support flexible interconnection topology
2
DM-Box Design: Real-Time & Reliability
3
TCP/UDP Layer
IP Layer
MAC Layer
NIC/Driver
Set the tx moment
Set the tx rate
Set retry time in a slot
Put the data into the TDMA queue
Disable CTS/RTS
Disable the backoff mechanism of CSMA/CD to send out packets
Immediately when transmission slot comes, reduce the transmission delay
Put the packets into TDMA soft queue, when TDMA slot comes, one packet
will be sent out
Choose a suitable retry time to balance the real-time and reliability of packet
transmission
Fixed transmission rate can get relatively fixed transmission time
Determine the transmission moment by setting the transmission timer, so the data are sent controlled by timer
Wireless
NIC/Driver
MAC Layer
IP Layer
TCP/UDP Layer
Main Works
• The most two important communication features in DM
• Problems: • Wireless data transmission often
encounter competition conflicts. • Currently in the IEEE 802.11
protocol, the MAC layer uses CSMA/CD which can not ensure the real-time or reliability
• DM-Box solution: TDMA over Wi-Fi ensures each IoT
device transmit data only in its own time slot and thus avoid interference.
DM-Box Implementation Specifications
• Support 4 types wireless cards simultaneously, 802.11 a/b/g/n
4
CPU nominal frequency 300/600 MHz
CPU core count 1
Size of RAM 64 MB
Architecture MIPS-BE
10/100 Ethernet ports 3
Supported input voltage 10 V - 28 V
PoE in Yes
PoE out No
Voltage Monitor No
PCB temperature monitor No
CPU temperature monitor No
Operating temperature range -40°C .. +70°C tested
5
NetShield: Massive Semantics-Based Vulnerability Signature Matching
for High-Speed Networks
7
NIDS/NIPS Overview
NIDS/NIPS (Network Intrusion Detection/Prevention System)
Signature DB
NIDS/NIPS `
`
`
Packets
Securityalerts
• Accuracy• Speed
7
NetShield Challenges and Solutions
8
• Challenges– Matching thousands of vulnerability
signatures simultaneously• Sequential matching match multiple sigs.
simultaneously
– High speed protocol parsing
• Solutions (achieving 10s Gps throughput)– An efficient algorithm which matches multiple
sigs simultaneously– A tailored parsing design for high-speed
signature matching– Code & ruleset release at www.nshield.org