Design of a demilitarized network to secure the data stored in industrial networks

José Ricardo Núñez Alvarez

Abstract


Currently, the data and variables of a control system are the most important elements to be safeguarded in an industrial network, so it is vitally important to ensure their safety. This paper presents the design and simulation of a Demilitarized Network (DMZ) using firewalls to control access to all the information that is stored in the servers of the industrial network of the Hermanos Díaz Refinery in Santiago de Cuba, Cuba. In addition, the characteristics, configurations, methods, and rules of DMZs and firewalls are shown, select the configuration with three multi-legged firewalls as the most appropriate for our application, since it allows efficient exchange of data guaranteeing security and avoiding the violation of the control system. Finally, the simulation of the proposed network is carried out.

Keywords


Demilitarized network; firewalls; industrial network; control system; electrical network

References


A. Loulijat, N. Ababssi and M. Makhad. "DFIG use with combined strategy in case of failure of wind farm," International Journal of Electrical and Computer Engineering, vol.10, No.3, June 2020, pp. 2221-2234. DOI: 10.11591/ijece.v10i3.pp2221-2234.

S. Maity, P. Bera, S. K. Ghosh and E. Al-Shaer, "Formal integrated network security analysis tool: formal query-based network security configuration analysis," in IET Networks, vol. 4, no. 2, pp. 137-147, 3 2015. doi: 10.1049/iet-net.2013.0090.

K. Dadheech, A. Choudhary and G. Bhatia, "De-Militarized Zone: A Next Level to Network Security," 2018 Second International Conference on Inventive Communication and Computational Technologies (ICICCT), Coimbatore, 2018, pp. 595-600. DOI:10.1109/ICICCT.2018.8473328.

M. G. Intriago Cedeño, Y. Llosas Albuerne, P. Franco Marques, G. Pico Mera, J. R. Nuñez Alvarez, "Dimensionamiento de un Sistema de Autoconsumo Conectado a Red en la universidad técnica de Manabí-Ecuador," CISCI 2019 - Decima Octava Conf. Iberoam. en Sist. Cibern. e Informatica, Decimo Sexto Simp. Iberoam. en Educ. Cibern. e Inform., vol. 1, pp. 6–11, 2019.

Y. Li, F, Tao, Y, Cheng, X. Zhang and A. Y. C. Nee, "Complex networks in advanced manufacturing systems," Journal of Manufacturing Systems, Vol 43, Part 3, April 2017, Pages 409-421. doi.org/10.1016/j.jmsy.2016.12.001.

V. Varadharajan, K. Karmakar, U. Tupakula and M. Hitchens, "A Policy-Based Security Architecture for Software-Defined Networks," in IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 897-912, April 2019. doi: 10.1109/TIFS.2018.2868220.

I. Ahmad, S. Namal, M. Ylianttila and A. Gurtov, "Security in Software Defined Networks: A Survey," in IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2317-2346, Fourthquarter 2015.

doi: 10.1109/COMST.2015.2474118.

Z. Chen, W. Dong, H. Li, P. Zhang, X. Chen and J. Cao, "Collaborative network security in multi-tenant data center for cloud computing," in Tsinghua Science and Technology, vol. 19, no. 1, pp. 82-94, Feb. 2014. doi: 10.1109/TST.2014.6733211.

J. Garcia et al., "Reconfigurable distributed network control system for industrial plant automation," in IEEE Transactions on Industrial Electronics, vol. 51, no. 6, pp. 1168-1180, Dec. 2004.

doi: 10.1109/TIE.2004.837871.

P. Tenti and T. Caldognetto, "Optimal control of Local Area Energy Networks (E-LAN)," Sustainable Energy, Grids and Networks, Vol. 14, June 2018, Pages 12-24. doi.org/10.1016/j.segan.2018.03.002.

J. R. Núñez A., I. F. Benítez P., R. Proenza Y., L. Vázquez S., and D. Díaz M., “Metodología de diagnóstico de fallos para sistemas fotovoltaicos de conexión a red,” Rev. Iberoam. Automática e Informática Ind., vol. 17, no. 1, p. 94, Jan. 2020, doi: 10.4995/riai.2019.11449.

J. Zhang, Y. Kuai, S. Zhou, G. Hou and M. Ren, "Improved minimum entropy control for two-input and two-output networked control systems," 2016 UKACC 11th International Conference on Control (CONTROL), Belfast, 2016, pp. 1-5. DOI: 10.1109/CONTROL.2016.7737575.

M. E. M. B. Gaid, A. Cela and Y. Hamam, "Optimal integrated control and scheduling of networked control systems with communication constraints: application to a car suspension system," in IEEE Transactions on Control Systems Technology, vol. 14, no. 4, pp. 776-787, July 2006. DOI: 10.1109/TCST.2006.872504.

B. Rahmani and A. H. D. Markazi, "Variable Selective Control Method for Networked Control Systems," in IEEE Transactions on Control Systems Technology, vol. 21, no. 3, pp. 975-982, May 2013.

DOI: 10.1109/TCST.2012.2194739.

J. Nuñez, et al., "Tools for the Implementation of a SCADA System in a Desalination Process," IEEE Latin America Transactions, vol. 17, no. 11, pp. 1858–1864, 2019.

S. McLaughlin et al., "The Cybersecurity Landscape in Industrial Control Systems," in Proceedings of the IEEE, vol. 104, no. 5, pp. 1039-1057, May 2016. doi: 10.1109/JPROC.2015.2512235.

P. T. Tin, T. N. Nguyen and T. T. Trang, "Hybrid protocol for wireless EH network over weibull fading channel: performance analysis," International Journal of Electrical and Computer Engineering, vol.10, No.1, February 2020, pp. 1085-1091. DOI: 10.11591/ijece.v10i1.pp1085-1091.

Kun Liu, Anton Selivanov and Emilia Fridman, "Survey on time-delay approach to networked control", Annual Reviews in Control, Volume 48, 2019, Pages 57-79. doi.org/10.1016/j.arcontrol.2019.06.005.

S. S. Amin, G. A. Schwartz and S. S. Sastry, "Security of interdependent and identical networked control systems," Automatica, vol 49 (1), January 2013, Pages 186-192. doi.org/10.1016/j.automatica.2012.09.007.

E. Henriksson, D. E. Quevedo, E. G. W. Peters, H. Sandberg and K. H. Johansson, "Multiple-Loop Self-Triggered Model Predictive Control for Network Scheduling and Control," in IEEE Transactions on Control Systems Technology, vol. 23, no. 6, pp. 2167-2181, Nov. 2015. DOI: 10.1109/TCST.2015.2404308.

Jonathan Ponniah, Yih-Chun Hu and P. R. Kumar, "A Clean Slate Approach to Secure Wireless Networking," Foundations and Trends® in Networking, Vol. 9: No. 1, pp 1-105. 2015. http://dx.doi.org/10.1561/1300000037.

Z. Jinlin, G. Zhiqiang, S. Zhihuan and G. Furong, "Review and big data perspectives on robust data mining approaches for industrial process modeling with outliers and missing data," Annual Reviews in Control, Volume 46, 2018, Pages 107-133, ISSN 1367-5788, doi.org/10.1016/j.arcontrol.2018.09.003.

A, Mungekar, Y. Solanki and R. Swarnalatha, "Augmentation of a SCADA based firewall against foreign hacking devices," International Journal of Electrical and Computer Engineering, vol. 10, No. 2, pp. 1359-1366, April 2020, DOI: 10.11591/ijece.v10i2.pp1359-1366.

C, Shen et al., "Hybrid-Augmented Device Fingerprinting for Intrusion Detection in Industrial Control System Networks,” IEEE Wireless Communications, vol 25, No 6, pp. 26-31, Dec 2018. Doi:10.1109/MWC.2017.1800132

Y. Jeong and J. H Park, “Artificial Intelligence for the Fourth Industrial Revolution,” Journal on Information Processing Systems, vol. 14, no. 6, pp. 1301-1306. DOI: 10.3745/JIPS.00.0014.




DOI: http://doi.org/10.11591/ijece.v11i1.pp%25p
Total views : 0 times


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

ISSN 2088-8708, e-ISSN 2722-2578