TUM Logo

Evaluation of the Lightweight Machine-to-Machine protocol for Industrial Bootstrapping

Evaluation of the Lightweight Machine-to-Machine protocol for Industrial Bootstrapping

Supervisor(s): Sebastian Peters, Adrian Reuter
Status: open
Topic: Others
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching

Description

Master Thesis, (Bachelor Thesis possible with excellent fit of skills)

Evaluation of the Lightweight Machine-to-Machine protocol for Industrial Bootstrapping


Motivation and Task
Assume you ship a large number of networked IIoT devices to your customers production facility. How
to securely provide them with individual configuration and certificates within the customers PKI? A
solution concept to avoid excessive manual effort is called secure bootstrapping. The Lightweight
Machine-to-Machine (LwM2M) protocol by the Open Mobile Alliance (OMA) is such a method for
deploying and configuring network devices securely.
In this thesis, its secure application in industrial environments and production systems (OT/IIoT/IACS)
shall be evaluated. This includes setting up an LwM2M testbed, either at the industrial production
line at Fraunhofer AISEC or in a separate network with test devices, to evaluate the security of the
protocol and its different use-cases. Its features and restrictions shall further be evaluated against
the requirements of the industrial cybersecurity standard ISA/IEC 62443. A comparison shall be
drawn to similar setups involving the competitor protocols BRSKI (Bootstrapping Remote Secure
Key Infrastructures) or SZTP (Secure Zero Touch Provisioning). Finally, the suitability of LwM2M as
a bootstrapping solution for industrial environments is concluded.
Keywords: OMA LwM2M, PKI, X.509, ISA/IEC 62443, SZTP, BRSKI, OT, IIoT, IACS


Prerequisites
The following list of prerequisites is neither complete nor binding, but shall give you an impression of
the expertise required for the topic:
• Self-initiative and the ability to work systematically and in a self-directed way
• Knowledge of IT security, ideally in the field of certificates, PKI, and trust establishment
• Programming experience, e.g., with devices such as Raspberry Pi, Arduino etc.
• First experiences with (the security of) automated and interconnected industrial environments
would be ideal but are not a must


Please attach a current grade sheet and CV to your application so that we can assess your
qualification.


Contact
Adrian Reuter,  Sebastian N. Peters

E-Mail: adrian.reuter@aisec.fraunhofer.de

E-Mail: sebastian.peters@aisec.fraunhofer.de


Fraunhofer Research Institute for Applied and Integrated Security AISEC
Department Product Protection and Industrial Security
Lichtenbergstraße 11, 85748 Garching near Munich, Germany

https://www.aisec.fraunhofer.de