An FPGA-based Unidirectional Gateway Proposal for OT-IT Network Separation to Secure Industrial Automation Systems
Publication date
2023-08-22
Document type
Conference paper
Organisational unit
Scopus ID
Conference
2023 IEEE 21st International Conference on Industrial Informatics (INDIN), 18-20 July 2023, Lemgo, Germany
Publisher
IEEE
ISSN
ISBN
Part of the university bibliography
✅
Language
English
Keyword
Data diode
FPGA-based
OT-IT separation
Secure industrial automation system
Unidirectional
Abstract
A new FPGA-based approach for a data diode transmitting data unidirectionally from a high security zone to a lower security zone is evaluated and implemented. With the FPGA implementation, the need of additional hardware could be minimized compared to most state-of-the-art data diode realizations. The proposed data diode is designed to use the available backplane bus communication protocol between the programmable logic controller (PLC) and its connected peripherals. To demonstrate the universal approach an open-source platform based on the Revolution Pi (RevPi) and its backplane bus is used. Principally the data diode behaves as a mirror presenting the complete protected system behind the high security zone including the RevPi controller and its devices to the information technology (IT) network. Another controller within the lower security zone is used to imitate the operational technology (OT) process. Our approach is not limited to the above controller and can be applied to any type of PLC. The only requirement is that the communication protocol on the backplane bus is known and can be modified for this purpose.
Version
Published version
Access right on openHSU