Madtls: Fine-grained Middlebox-aware End-to-end Security for Industrial Communication
CoRR(2023)
摘要
Industrial control systems increasingly rely on middlebox functionality such
as intrusion detection or in-network processing. However, traditional
end-to-end security protocols interfere with the necessary access to in-flight
data. While recent work on middlebox-aware end-to-end security protocols for
the traditional Internet promises to address the dilemma between end-to-end
security guarantees and middleboxes, the current state-of-the-art lacks
critical features for industrial communication. Most importantly, industrial
settings require fine-grained access control for middleboxes to truly operate
in a least-privilege mode. Likewise, advanced applications even require that
middleboxes can inject specific messages (e.g., emergency shutdowns).
Meanwhile, industrial scenarios often expose tight latency and bandwidth
constraints not found in the traditional Internet. As the current
state-of-the-art misses critical features, we propose Middlebox-aware DTLS
(Madtls), a middlebox-aware end-to-end security protocol specifically tailored
to the needs of industrial networks. Madtls provides bit-level read and write
access control of middleboxes to communicated data with minimal bandwidth and
processing overhead, even on constrained hardware.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要