{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,14]],"date-time":"2025-05-14T04:47:33Z","timestamp":1747198053830,"version":"3.40.5"},"reference-count":16,"publisher":"Walter de Gruyter GmbH","issue":"9","license":[{"start":{"date-parts":[[2023,9,1]],"date-time":"2023-09-01T00:00:00Z","timestamp":1693526400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,9,26]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The digitalization of industry and the convergence of IT and OT bring about the next generation of industrial automation systems which are expected to work with an orchestration of physical and virtualized components using a single converged network. The increase of complexity in such systems must be managed by an increase in automation for orchestration and management. However, bootstrapping such a complex system from out-of-the-box components is still a manual and error-prone process. We present a bootstrapping concept that brings up a system from out-of-the-box components to an operational solution with physical and virtualized components. The concept combines incremental network discovery with secure incremental bootstrapping of discovered physical components. The gained trust in the physical components of the network is then used to translate this trust into virtualized components. By attesting the trustworthiness of hosting infrastructure, the concept allows for virtualized components to be securely assigned a cryptographically secure identity that can be used in further application onboarding. Such securely bootstrapped systems are then capable to deliver the required adaptable, modular, and secure automation solutions of the future.<\/jats:p>","DOI":"10.1515\/auto-2023-0074","type":"journal-article","created":{"date-parts":[[2023,9,8]],"date-time":"2023-09-08T10:42:19Z","timestamp":1694169739000},"page":"748-758","source":"Crossref","is-referenced-by-count":0,"title":["Secure bootstrapping for next-gen industrial automation systems"],"prefix":"10.1515","volume":"71","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4611-7146","authenticated-orcid":false,"given":"S\u00f6ren","family":"Finster","sequence":"first","affiliation":[{"name":"ABB Corporate Research , Wallstadter Str. 59, 68526 Ladenburg , Deutschland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdallah","family":"Dawoud","sequence":"additional","affiliation":[{"name":"ABB Corporate Research , Wallstadter Str. 59, 68526 Ladenburg , Deutschland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0084-2246","authenticated-orcid":false,"given":"Florian","family":"Kohnh\u00e4user","sequence":"additional","affiliation":[{"name":"ABB Corporate Research , Wallstadter Str. 59, 68526 Ladenburg , Deutschland"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4924-640X","authenticated-orcid":false,"given":"Abdulkadir","family":"Karaagac","sequence":"additional","affiliation":[{"name":"ABB Corporate Research , Wallstadter Str. 59, 68526 Ladenburg , Deutschland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"374","published-online":{"date-parts":[[2023,9,8]]},"reference":[{"key":"2023120702422584762_j_auto-2023-0074_ref_001","unstructured":"ABB Process Automation, White Paper: The DCS of Tomorrow, 2022."},{"key":"2023120702422584762_j_auto-2023-0074_ref_002","unstructured":"The Open Group Open Process Automation Forum Business Working Group, The Open Process Automation Business Guide, 2021."},{"key":"2023120702422584762_j_auto-2023-0074_ref_003","doi-asserted-by":"crossref","unstructured":"S. Samtani, S. Yu, H. Zhu, M. Patton, and H. Chen, \u201cIdentifying scada vulnerabilities using passive and active vulnerability assessment techniques,\u201d in 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016, pp.\u00a025\u201330.","DOI":"10.1109\/ISI.2016.7745438"},{"key":"2023120702422584762_j_auto-2023-0074_ref_004","doi-asserted-by":"crossref","unstructured":"J. Schneider, S. Obermeier, and R. Schlegel, \u201cCyber security maintenance for scada systems,\u201d in 3rd International Symposium for ICS and SCADA Cyber Security Research 2015 (ICS-CSR), 2015, pp.\u00a089\u201394.","DOI":"10.14236\/ewic\/ICS2015.10"},{"key":"2023120702422584762_j_auto-2023-0074_ref_005","doi-asserted-by":"crossref","unstructured":"S. Rose, O. Borchert, S. Mitchell, and S. Connelly, \u201cZero trust architecture,\u201d in Tech. Rep., National Institute of Standards and Technology, 2020.","DOI":"10.6028\/NIST.SP.800-207-draft2"},{"key":"2023120702422584762_j_auto-2023-0074_ref_006","unstructured":"\u201cIEEE Standard for Local and metropolitan area networks \u2010 Station and Media Access Control Connectivity Discovery,\u201d in IEEE Std 802.1AB-2016 (Revision of IEEE Std 802.1AB-2009), 2016, pp.\u00a01\u2013146."},{"key":"2023120702422584762_j_auto-2023-0074_ref_007","doi-asserted-by":"crossref","unstructured":"R. Enns, M. Bjorklund, J. Schoenwaelder, and A. Bierman, Network Configuration Protocol (netconf), RFC 6241, RFC Editor, 2011. Available at: http:\/\/www.rfc-editor.org\/rfc\/rfc6241.txt.","DOI":"10.17487\/rfc6241"},{"key":"2023120702422584762_j_auto-2023-0074_ref_008","unstructured":"\u201cIEEE standard for local and metropolitan area networks \u2013 secure device identity,\u201d in IEEE Std 802.1AR-2018 (Revision of IEEE Std 802.1AR-2009), 2018, pp. 1\u201373."},{"key":"2023120702422584762_j_auto-2023-0074_ref_009","unstructured":"G. F. Lyon, Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning, Sunnyvale, CA, USA, Insecure, 2009."},{"key":"2023120702422584762_j_auto-2023-0074_ref_010","doi-asserted-by":"crossref","unstructured":"F. Kohnh\u00e4user, D. Meier, F. Patzer, and S. Finster, \u201cOn the security of IIoT deployments: an investigation of secure provisioning solutions for OPC UA,\u201d IEEE Access, vol.\u00a09, pp.\u00a099299\u201399311, 2021, https:\/\/doi.org\/10.1109\/access.2021.3096062.","DOI":"10.1109\/ACCESS.2021.3096062"},{"key":"2023120702422584762_j_auto-2023-0074_ref_011","unstructured":"W. Luo, Q. Shen, Y. Xia, and Z. Wu, \u201cContainer-IMA: a privacy-preserving integrity measurement architecture for containers,\u201d in 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019), 2019, pp.\u00a0487\u2013500."},{"key":"2023120702422584762_j_auto-2023-0074_ref_012","doi-asserted-by":"crossref","unstructured":"M. De Benedictis and A. Lioy, \u201cIntegrity verification of docker containers for a lightweight cloud environment,\u201d Future Generat. Comput. Syst., vol.\u00a097, pp.\u00a0236\u2013246, 2019, https:\/\/doi.org\/10.1016\/j.future.2019.02.026.","DOI":"10.1016\/j.future.2019.02.026"},{"key":"2023120702422584762_j_auto-2023-0074_ref_013","unstructured":"G. Cooper, B. Behm, A. Chakraborty, et al.., FIDO Device Onboard Specification 1.1, 2021."},{"key":"2023120702422584762_j_auto-2023-0074_ref_014","doi-asserted-by":"crossref","unstructured":"M. Pritikin, M. Richardson, T. Eckert, M. Behringer, and K. Watsen, Bootstrapping Remote Secure Key Infrastructures (BRSKI), Internet-Draft, 2020.","DOI":"10.17487\/RFC8995"},{"key":"2023120702422584762_j_auto-2023-0074_ref_015","unstructured":"OPC Foundation, OPC Unified Architecture Specification Part 21: Device Onboarding, 2022."},{"key":"2023120702422584762_j_auto-2023-0074_ref_016","doi-asserted-by":"crossref","unstructured":"K. Watsen, I. Farrer, and M. Abrahamsson, Secure Zero Touch Provisioning (SZTP), RFC 8572, 2019.","DOI":"10.17487\/RFC8572"}],"container-title":["at - Automatisierungstechnik"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/auto-2023-0074\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/auto-2023-0074\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,12,7]],"date-time":"2023-12-07T02:43:53Z","timestamp":1701917033000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/auto-2023-0074\/html"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,9,1]]},"references-count":16,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2023,9,8]]},"published-print":{"date-parts":[[2023,9,26]]}},"alternative-id":["10.1515\/auto-2023-0074"],"URL":"https:\/\/doi.org\/10.1515\/auto-2023-0074","relation":{},"ISSN":["0178-2312","2196-677X"],"issn-type":[{"type":"print","value":"0178-2312"},{"type":"electronic","value":"2196-677X"}],"subject":[],"published":{"date-parts":[[2023,9,1]]}}}