Trustworthy Configuration Management for Networked Devices using Distributed Ledgers

by   Holger Kinkelin, et al.

Numerous IoT applications, like building automation or process control of industrial sites, exist today. These applications inherently have a strong connection to the physical world. Hence, IT security threats cannot only cause problems like data leaks but also safety issues which might harm people. Attacks on IT systems are not only performed by outside attackers but also insiders like administrators. For this reason, we present ongoing work on a configuration management system (CMS) that provides control over administrators, restrains their rights, and enforces separation of concerns. We reach this goal by conducting a configuration management process that requires multi-party authorization for critical configurations to achieve Byzantine fault tolerance against attacks and faults by administrators. Only after a configuration has been authorized by multiple experts, it is applied to the targeted devices. For the whole configuration management process, our CMS guarantees accountability and traceability. Lastly, our system is tamper-resistant as we leverage Hyperledger Fabric, which provides a distributed execution environment for our CMS and a blockchain-based distributed ledger that we use to store the configurations. A beneficial side effect of this approach is that our CMS is also suitable to manage configurations for infrastructure shared across different organizations that do not need to trust each other.


page 1

page 2

page 3

page 4


Digital Twins and Blockchain for IoT Management

Security and privacy are primary concerns in IoT management. Security br...

Multi-party authorization and conflict mediation for decentralized configuration management processes

Configuration management in networks with highest security demands must ...

Conceptualizing A Configuration Service for Complex Automation Systems

Arrowhead Framework (AHF) is being developed to enable large-scale IoT b...

ForestFirewalls: Getting Firewall Configuration Right in Critical Networks (Technical Report)

Firewall configuration is critical, yet often conducted manually with in...

Effectively Testing System Configurations of Critical IoT Analytics Pipelines

The emergence of the Internet of Things has seen the introduction of num...

Distributing and Obfuscating Firewalls via Oblivious Bloom Filter Evaluation

Firewalls have long been in use to protect local networks from threats o...

Enhancing an Intelligent Digital Twin with a Self-organized Reconfiguration Management based on Adaptive Process Models

Shorter product life cycles and increasing individualization of producti...

Please sign up or login with your details

Forgot password? Click here to reset