Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Bridge me if you can! Evaluating the latency of securing profinet

: Hohmann, Stephan; Mueller, Tobias; Stübs, Marius

Postprint urn:nbn:de:0011-n-6306808 (2.2 MByte PDF)
MD5 Fingerprint: bc1e4ddb0c7200d1fae17938c3b73b2e
© IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Erstellt am: 5.3.2021

Institute of Electrical and Electronics Engineers -IEEE-; IEEE Computer Society:
35th International Conference on Information Networking, ICOIN 2021 : January 13 - 16, 2021, Jeju Island, Korea & Virtual Conference
Piscataway, NJ: IEEE, 2021
ISBN: 978-1-7281-9102-7
ISBN: 978-1-7281-9100-3
ISBN: 978-1-7281-9101-0
International Conference on Information Networking (ICOIN) <35, 2021, Online>
European Commission EC
H2020; 857191; IoTwins
IoTwins Distributed Digital Twins for industrial SMEs: a big-data platform
Konferenzbeitrag, Elektronische Publikation
Fraunhofer FOKUS ()

Fieldbusses have been the backbone of inter-device communication in both industrial and home automation settings for a few decades. The underlying assumption is the availability of reliable and low-latency communication for all busses. This often implies that the busses are confined to a single physical location. With the advent of the 'Internet of Things' (IoT) and succinctly the 'Industrial Internet of Things' (IIoT) and the increased demand for control logic to be pushed into the 'Cloud', that assumption can no longer be upheld. Since no (I)IoT protocol exists to provide remote control, let alone in a secure fashion, while providing low latency at the same time, we are left with the problem of routing fieldbusses from, say, data-centres to shop-floors. This presents a challenge, because those busses have been designed for safety rather than security. In this paper, we elaborate on the viability of routing layer two fieldbus traffic while providing both: low latency to fulfil real-time requirements and security through cryptographic tunnels. We design and implement a network topology where Profinet traffic is routed through a VXLAN over Wireguard overlay to control a SoftPLC instance. We evaluate our implementation in a realistic test-bed and our measurements indicate that bridging Profinet over VXLAN and Wireguard induces a latency low enough for running time-critical applications.