Page 9

Industrial Ethernet Book 104

Technology further from the truth. It is rather important that the additional delay introduced by an on-path security function, including firewalls, is considered in the latency and scheduling calculations of a TSN network. Depending on the specific application requirements concerning transmission latency and cycle time, a huge transmission delay may, however, not be tolerable even if it was made visible. Here, two classes of network security functions have to be differentiated: first, mechanisms that are directly implemented on the TSN communication path, and second, mechanisms that are located at the boundaries of a TSN network. Security mechanisms that are located on the communication path must only induce a low and calculable transmission delay. In contrast, longer delays may be tolerable at the boundaries of the TSN network. This distinction between different classes of network security functions also corresponds to the security best practice “Zones and Conduits” and adds an additional aspect to this security discussion: The subdivision of a network into communication zones is intended to establish separate communication areas and only enables communication between these areas on a “need to communicate” basis, thus further ensuring network security. In doing so, the “Zones and Conduits” best practice today primarily focuses on hardening the cyber security of a network. With TSN, the “timing of communication” will be an additional parameter to consider. It is, therefore, important to observe that TSN and “Zones and Conduits” go hand in hand, as the “need to communicate” and the “timing of communication” are both based on the same end-to-end communication relations of network devices. Consequently, a secure network design should place, for example, DPI firewalls at the interconnections between the different communication zones, while fast stateless ACL packet filters should be used inside the zones, where they are located directly on the TSN data path. Coincidentally, this way another best practice security concept is implemented, namely "Defense in Depth and Diversity". Effective software makes manual engineering and monitoring of TSN networks possible. This practice recommends combining security mechanisms that operate differently and connect them in series to secure a network. Following the best practice of "Defense in Depth and Diversity" network access layer security mechanisms such as IEEE802.1X often implemented in switches and routers should also be used to protect the direct access to the TSN network. Moreover, layer 2 security mechanisms should be employed to further harden the TSN network against attacks. Layer 2 security One of these mechanisms, which are currently being developed as part of the TSN standardization effort, is Ingress Filtering and Policing. This technology allows to check if data frames as well as their time of reception match a reserved data stream. If this is not the case, the packet is filtered and rejected before it leads to any negative effects on the network operation. Additionally, mechanisms such as MACsec (Media Access Control Security) can be used to authenticate, encrypt and integrityprotect the various data streams between the network participants. Especially security mechanisms such as MACsec, however, can have negative impacts on the end-to-end transmission latency in a TSN network, even if they operate in hardware. The additional delay introduced by these mechanisms has to be made visible as well. In doing so, the delay that must be considered strongly depends on whether the security mechanisms are based in software or hardware. Overall, the cornerstone of TSN cyber security is, if the introduced latency impact can be taken into account, nothing stands in the way of smooth, secure TSN operation. Summary Since TSN is not a manufacturer-specific technology, it can be universally utilized in all automation networks. To guarantee cyber security in a TSN network, the wheel does not have to be reinvented. The contrary is the case: security mechanisms that are state of the art today will ensure the secure operation of a TSN network. Still, the strict requirements for real-time communication add a new layer of complexity that needs to be considered in the network design. This new aspect, however, fits seamlessly into existing concepts. Although the entire family of standards for TSN is yet to be completed, the released standards can already be used. Moreover, as the specification of the remaining TSN standards is well under way in the IEEE 802.1 and 802.3 work groups, the standardization process ensures future TSN security mechanisms will be compatible with standard Ethernet. Dr. René Hummen and Dr. Oliver Kleineberg, Belden Corporation. SOURCE: BELDEN Using Cyclic Queuing and forwarding, data streams with reserved bandwidth are transmitted intermittently by one hop in the direction of the receiver with each cycle. 9 2.2018 industrial ethernet book


Industrial Ethernet Book 104
To see the actual publication please follow the link above