Skip to Main content Skip to Navigation

Design of mechanisms for filtering and isolations of industrial protocols

Abstract : With the rise of Industry 4.0, many infrastructures were forced to open their networks to the Internet, mainly to meet the growing need for supervision and remote control. But where these infrastructures were previously isolated, spared from external threats, their opening has caused the emergence of new threats, particularly network ones, which were not addressed and present serious risks.Network cybersecurity solutions, like Firewalls, Intrusion Detection Systems or Intrusion Protection Systems are commonly used to address the concern of industrial infrastructures cybersecurity. However the trend of relying on software-based systems to ensure network protection brought to light the vulnerabilities of these systems, due to their inherent software implementation. Furthermore, the industry is tied to its own specificities (low-latency, support of specific network protocols), which are rarely covered by common IT solutions.The main goal of this thesis is to study the use of FPGA-based devices applied to cybersecurity for industrial networks. Either as support for software-based security applications, or to perform critical network analysis operations. First it presents the industrial context, with control systems, their architectures, needs, implementation rules, specific protocols and also gives two examples of control systemsas they can be found in the industry. Then it highlights the security problematic, with a description of the most common threats, cases study about their applications and impact in a control system, and discussions on the state of the art counter-measures available on the market. Through the establishment of a security target, it points the vulnerability of software elements and operating systems as well as the lack of process state aware security analysis.To address these issues, we propose, through a first contribution, to enforce the security of the software system by taking advantage of existing FPGA's protection mechanisms. Finally, to answer specific application threats, we introduce an implementation of a brute force matching architecture with time and operational-process awareness, on FPGA.This thesis was conducted in collaboration between the Montpellier computer science, robotic and microelectronic laboratory (LIRMM) and the SECLAB company.
Complete list of metadatas

Cited literature [71 references]  Display  Hide  Download
Contributor : Abes Star :  Contact
Submitted on : Monday, January 20, 2020 - 6:13:13 PM
Last modification on : Wednesday, September 9, 2020 - 3:11:28 AM


Version validated by the jury (STAR)


  • HAL Id : tel-02446150, version 2



Peter Rouget. Design of mechanisms for filtering and isolations of industrial protocols. Micro and nanotechnologies/Microelectronics. Université Montpellier, 2019. English. ⟨NNT : 2019MONTS027⟩. ⟨tel-02446150v2⟩



Record views


Files downloads