Description
Master Thesis, (Bachelor Thesis possible with excellent fit of skills)
Evaluation of the Lightweight Machine-to-Machine protocol for Industrial Bootstrapping
Motivation and Task Assume you ship a large number of networked IIoT devices to your customers production facility. How to securely provide them with individual configuration and certificates within the customers PKI? A solution concept to avoid excessive manual effort is called secure bootstrapping. The Lightweight Machine-to-Machine (LwM2M) protocol by the Open Mobile Alliance (OMA) is such a method for deploying and configuring network devices securely. In this thesis, its secure application in industrial environments and production systems (OT/IIoT/IACS) shall be evaluated. This includes setting up an LwM2M testbed, either at the industrial production line at Fraunhofer AISEC or in a separate network with test devices, to evaluate the security of the protocol and its different use-cases. Its features and restrictions shall further be evaluated against the requirements of the industrial cybersecurity standard ISA/IEC 62443. A comparison shall be drawn to similar setups involving the competitor protocols BRSKI (Bootstrapping Remote Secure Key Infrastructures) or SZTP (Secure Zero Touch Provisioning). Finally, the suitability of LwM2M as a bootstrapping solution for industrial environments is concluded. Keywords: OMA LwM2M, PKI, X.509, ISA/IEC 62443, SZTP, BRSKI, OT, IIoT, IACS
Prerequisites The following list of prerequisites is neither complete nor binding, but shall give you an impression of the expertise required for the topic: • Self-initiative and the ability to work systematically and in a self-directed way • Knowledge of IT security, ideally in the field of certificates, PKI, and trust establishment • Programming experience, e.g., with devices such as Raspberry Pi, Arduino etc. • First experiences with (the security of) automated and interconnected industrial environments would be ideal but are not a must
Please attach a current grade sheet and CV to your application so that we can assess your qualification.
Contact Adrian Reuter, Sebastian N. Peters
E-Mail: adrian.reuter@aisec.fraunhofer.de
E-Mail: sebastian.peters@aisec.fraunhofer.de
Fraunhofer Research Institute for Applied and Integrated Security AISEC Department Product Protection and Industrial Security Lichtenbergstraße 11, 85748 Garching near Munich, Germany
https://www.aisec.fraunhofer.de
|