Towards Flexible Integration of 5G and IIoT Technologies in Industry 4.0: A Practical Use Case

applied
sciences
A icle
Towa ds Flexible In eg a ion o 5G and IIoT
Technologies in Indus y 4.0: A P ac ical Use Case
Jo ge Sasiain , Ane Sanz , Jasone As o ga and Edua do Jacob *
Depa men o Communica ions Enginee ing, Facul y o Enginee ing in Bilbao, Uni e si y o he Basque
Coun y UPV/EHU, Plaza Ingenie o To es Que edo, 1, 48013 Bilbao, Spain; jo [email p o ec ed] (J.S.);
[email p o ec ed] (A.S.); [email p o ec ed] (J.A.)
*Co espondence: edua [email p o ec ed]; Tel.: +34-946-014-214
Recei ed: 27 Sep embe 2020; Accep ed: 26 Oc obe 2020; Published: 29 Oc obe 2020


Abs ac :
The Indus y 4.0 e olu ion en isions ully in e connec ed scena ios in he manu ac u ing
indus y o imp o e he e iciency, quali y, and pe o mance o he manu ac u ing p ocesses.
In pa allel, he consolida ion o 5G echnology is p o iding subs an ial ad ances in he wo ld
o communica ion and in o ma ion echnologies. Fu he mo e, 5G also p esen s i sel as a key
enable o ul ill Indus y 4.0 equi emen s. In his a icle, he au ho s i s p opose a 5G-enabled
a chi ec u e o Indus y 4.0. Sma Ne wo ks o Indus y (SN4I) is in oduced, an expe imen al
acili y based on wo 5G key-enabling echnologies—Ne wo k Func ions Vi ualiza ion (NFV) and
So wa e-De ined Ne wo king (SDN)—which connec s he Uni e si y o he Basque Coun y’s
Ae onau ics Ad anced Manu ac u ing Cen e and Facul y o Enginee ing in Bilbao.
Then, he au ho s
p esen he deploymen o a Wi eless Senso Ne wo k (WSN) wi h s ong access con ol mechanisms
in o such a chi ec u e, enabling secu e and lexible Indus ial In e ne o Things (IIoT) applica ions.
Addi ionally, he au ho s demons a e he implemen a ion o a use case consis ing in he moni o ing
o a b oaching p ocess ha makes use o machine ools loca ed in he manu ac u ing cen e ,
and o se ices om he p oposed a chi ec u e. The au ho s inally highligh he bene i s achie ed
ega ding lexibili y, e iciency, and secu i y wi hin he p esen ed scena io and o he manu ac u ing
indus y o e all.
Keywo ds:
indus y 4.0; 5G; NFV; SDN; IIoT; access con ol; manu ac u ing p ocess; ae onau ics
ad anced manu ac u ing cen e
1. In oduc ion
Cu en ly, a e olu ion is aking place in he way manu ac u ing p ocesses a e being designed.
This e olu ion, gene ally labeled Indus y 4.0 [
1
], en isions ully in e connec ed scena ios in he
manu ac u ing indus y o imp o e he e iciency, quali y, and pe o mance o he manu ac u ing
p ocesses. Indus y 4.0 emb aces he use o in o ma ion and communica ion echnologies in
indus ial scena ios o achie e a g ea e sma iza ion and au onomy o he manu ac u ing
p ocesses h ough he in eg a ion o cybe -physical sys ems and he in e connec ion o machines,
de ices, senso s, and people.
On 1 June 2017, he Eu opean Pa liamen adop ed a esolu ion on de eloping an in eg a ed
indus ial digi aliza ion s a egy o he EU [
2
], highligh ing “a cu ing-edge digi al in as uc u e”,
as one o i s ou pilla s. This pilla a ge s no only applica ions bu also in as uc u e imp o emen s.
I is p ecisely in he deli e y o his lexible, agile, and esilien in as uc u e and in he e olu ion
owa ds ully in e connec ed scena ios whe e communica ion echnologies can play a decisi e ole.
Two o hese echnologies ha a e addi ionally conce ned wi h his a icle a e Ne wo k Func ions
Vi ualiza ion (NFV) and So wa e-De ined Ne wo king (SDN), bo h o which a e conside ed key
Appl. Sci. 2020,10, 7670; doi:10.3390/app10217670 www.mdpi.com/jou nal/applsci
Appl. Sci. 2020,10, 7670 2 o 20
enable s o he i h gene a ion o mobile ne wo ks (5G) o achie e a lexible and agile ne wo k
pla o m o e which o deploy he e ogeneous se ices [
3
,
4
]. These echnologies ep esen an e olu ion
owa ds he so wa iza ion and i ualiza ion o he ne wo k in as uc u e and he ne wo k unc ions.
The in eg a ion o NFV and SDN in he manu ac u ing indus y (Figu e 1) can g ea ly simpli y he
design and deploymen cycle o new and inno a i e manu ac u ing se ices while achie ing be e
u iliza ion o compu ing and ne wo king physical esou ces.
Figu e 1.
In eg a ion o Indus y 4.0 wi h Ne wo k Func ions Vi ualiza ion (NFV) and
So wa e-De ined Ne wo king (SDN).
In con as , adi ional ne wo k a chi ec u es p esen se e al sho comings in ega ds o lexibili y,
accessibili y, and dynamici y ha can be u he agg a a ed in indus ial scena ios whe e he
coexis ence wi h he e ogeneous de ices, machine ools, and indus y-speci ic p o ocols is a eali y.
These p oblems and limi a ions can be summa ized as ollows:
•
Deploymen imes o new se ices a e slow and o en in ol e he acquisi ion o dedica ed
ha dwa e componen s o suppo speci ic unc ionali ies. This is also ied o an ine icien use o
ha dwa e esou ces. No only does his ha e an impac on he deploymen cos s, bu also on he
o e all quali y o he manu ac u ing p ocesses. I can also nega i ely impac inno a ion in he
manu ac u ing indus y.
•
Se ices a e di icul o e-u ilize. A solu ion speci ically deployed o a gi en manu ac u ing
p ocess o machine ool may be di ec ly applicable o sa is y he equi emen s o o he ones.
Howe e , he e a e no con enien mechanisms o ease he e-u iliza ion o se ices in such cases,
o en leading o duplica ion o e o s and esou ces in se ing hem up.
Appl. Sci. 2020,10, 7670 3 o 20
•
Con igu abili y o se ices is limi ed. Solu ions a e deployed a he s a ically and he li ecycle
managemen o econ igu a ion o a se ice o en equi es signi ican manual in e en ion and
ha dwa e manipula ion, and some imes e en he acquisi ion o addi ional ha dwa e componen s.
•
The isola ion be ween di e en business p ocesses is di icul o en o ce and manage. The conce ns
in ela ion o he p i acy and secu i y o c i ical da a mean ha some p ocesses a e no connec ed
o a sha ed ne wo k in as uc u e o o he In e ne , limi ing hei capabili ies.
The Indus y 4.0 pa adigm also en isions he in eg a ion o Indus ial In e ne o Things (IIoT)
echnologies [
5
]. These echnologies consis o a massi e deploymen o in e connec ed de ices which
a e esponsible o ga he ing, analyzing, sending, and moni o ing da a on a la ge scale. Mos o hese
IIoT applica ions comp ise small senso s wi h limi ed capabili ies and esou ces, named Cons ained
De ice Senso (CDS). These in e connec ed senso s o m a Wi eless Senso Ne wo k (WSN), in which
he CDSs a e able o communica e wi h each o he making use o sui able communica ion p o ocols.
IIoT echnologies enable he achie emen o mos o he Indus y 4.0 main objec i es, such as
he inc ease o he manu ac u ing p ocess e iciency, he educ ion o p oduc ion imes, and he
imp o emen o he use expe ience.
Howe e , he in eg a ion o WSNs in o indus ial en i onmen s comes wi h secu i y issues
ha mus be o e come. The wi eless na u e o he senso s comp ising he WSN and hei limi ed
p ocessing capaci y leads o a highe ulne abili y o a acks. This implies he need o in oducing
obus secu i y mechanisms ha a oid unau ho ized a acks such as da a ampe ing o da a il a ion.
Mo eo e , as hese
de ices do no suppo adi ional secu i y mechanisms due o hei hea y
cons ain s, p o ec ing hese de ices is no s aigh o wa d, becoming a hind ance o achie ing secu e
IIoT applica ions.
The objec i es o he p esen a icle a e h ee old. The i s objec i e is o de elop an NFV- and
SDN-enabled a chi ec u e capable o o e coming he a o emen ioned limi a ions. In his ega d,
he pu sued goals a e o mo e away om s a ic solu ions o e dedica ed ha dwa e and e ol e owa ds
he mo e cos - and esou ce-e icien i ualiza ion and so wa iza ion mechanisms; imp o e he
accessibili y, eusabili y, and li ecycle managemen o se ices; and p o ide highly g anula se ice
isola ion a da a and pe o mance le els. To ealize his i s objec i e, he in oduc ion o Sma
Ne wo ks o Indus y (SN4I) is p oposed, an NFV- and SDN-enabled expe imen al acili y deployed
ac oss he Facul y o Enginee ing in Bilbao (EIB) and he Ae onau ics Ad anced Manu ac u ing Cen e
(CFAA). SN4I has been en isioned o s udy he in eg a ion o NFV and SDN echnologies in coexis ence
wi h indus ial ne wo ks and p o ocols whils enabling he deploymen o inno a i e manu ac u ing
se ices le e aging he bene i s o hese echnologies.
The second objec i e is o in eg a e se e al CDSs in a WSN suppo ed by he NFV- and
SDN-enabled in as uc u e o make possible he in eg a ion o IIoT applica ions. These IIoT
applica ions will be s eng hened by he use o a ligh weigh access con ol p o ocol ha p e en s
hem om ecei ing unau ho ized accesses o he senso s and imp o es he secu i y ulne abili ies
ha wi eless scena ios en ail. Mo eo e , his p o ocol will also p o ide a dynamic and ine-g ained
access con ol be ween he use s and he senso s, enabling a lexible beha io o he IIoT applica ions.
The WSN will also le e age he bene i s o SDN and NFV in ega ds o ne wo k slicing and o e all
lexibili y, p o iding added dynamici y o he in eg a ion o senso se ices in o di e en p ocesses.
The hi d objec i e is o demons a e a use case deployed o e such in as uc u e in a
manu ac u ing cen e ha also pe mi s o alida e he a chi ec u e. I consis s o he moni o ing o a
b oaching p ocess in he CFAA h ough he in eg a ion o i ualized Machine Lea ning (ML) se ices
o enhance he p ocess, as well as se ices om he WSN o addi ional da a ga he ing. To eed he ML
algo i hms, da a om he b oaching p ocess will be collec ed om se e al b oaching ool componen s,
and, addi ionally, in o ma ion ela ed o en i onmen al condi ions will be ga he ed om he CDSs in
he WSN. The desc ip ion o he use case in he p esen a icle ocuses on discussing how he se ices
and componen s in ol ed in his use case ha e been in eg a ed in o he p oposed in as uc u e.
Appl. Sci. 2020,10, 7670 4 o 20
The a icle is s uc u ed as ollows. Sec ion 2add esses he ela ed wo k in he ield o NFV and
SDN echnologies in indus ial scena ios and he secu iza ion o IIoT applica ions. Sec ion 3desc ibes
he main echnologies conce ned wi h he a icle, and Sec ion 4gi es a de ailed explana ion o he
a o emen ioned SN4I expe imen al acili y. Then, in Sec ion 5, he use case o a 5G-enabled sma
b oaching p ocess is p esen ed. Following ha , Sec ion 6illus a es he main bene i s p o ided by his
wo k. Finally, Sec ion 7ga he s he main conclusions.
2. Rela ed Wo k
This sec ion ga he s ela ed wo ks bo h in e ms o he applica ion o NFV and SDN 5G
echnologies o indus ial scena ios so as o he secu iza ion o such scena ios.
2.1. 5G, NFV and SDN in Indus ial En i onmen s
The 5GPPP associa ion, a Eu opean ini ia i e conce ned wi h he deli e y o solu ions,
a chi ec u es, echnologies, and s anda ds o he ubiqui ous nex -gene a ion communica ion
in as uc u es [
6
], iden i ied se en di e en e icals o he a ge s o he nex wa e o 5G applica ions:
Au omo i e, Manu ac u ing, Media, Ene gy, Public Sa e y and Sma Ci ies. A se ies o R&D
p ojec s unde he 5GPPP p og amme such as 5GTANGO [
7
], 5G SMART [
8
], 5G CONNI [
9
],
and 5G-T ans o me [
10
] has wo ked on de eloping 5G pilo s o se e al o hese e ical use cases,
wi h some o hem ocusing on sma manu ac u ing and Indus y 4.0 use cases. The e a e also
ini ia i es such as he 5G Alliance o Connec ed Indus ies and Au oma ion (5G-ACIA) [
11
] pushing
o he in eg a ion o 5G echnologies in he manu ac u ing e ical. F aunho e ’s In e na ional Cen e
o Ne wo ked, Adap i e P oduc ion (ICNAP) [
12
], was ounded in la e 2016 o ind ou which new
app oaches in in o ma ion echnology can lead he way owa ds Indus y 4.0.
NFV and SDN a e consolida ed echnologies ha ha e p o ided subs an ial bene i s o he wo ld
o communica ions and compu ing o he pas decade. Howe e , as e ical indus ies e ol e owa ds
an adop ion o he eme ging 5G echnologies [
13
], he ange o applica ion o 5G echnologies such as
NFV and SDN is expanding. Wollschlaege e al.
[14]
p esen ed a e iew o echnological ends in he
wo ld o indus ial communica ion, highligh ing he ole o 5G echnologies in indus ial au oma ion.
The a icle calls o he adop ion o 5G echnologies such as NFV and SDN o achie e ha monized
se ice p o isioning on op o he he e ogenei y and complexi y o indus ial ne wo ks, in which
E he ne and 5G communica ion and legacy indus ial communica ion sys ems will likely coexis .
Simila ly, Rao and P asad
[15]
highligh ed he c i ical ole ha 5G echnologies will play in enabling
he ul a-low la ency and eliabili y and high da a a e equi emen s o Indus y 4.0, and in d i ing
se e al o i s use cases.
P ecisely, se e al e o s o b ing NFV and SDN echnologies in o indus ial en i onmen s ha e
al eady been ca ied in he con ex o he Indus y 4.0 e olu ion. These con ibu ions align wi h
he undamen al in en ions o he p esen a icle, as hey demons a e ha he in elligence and
o e all quali y o indus ial p ocesses can be enhanced hanks o mo e lexible and ine-g ained
communica ions while add essing limi a ions o adi ional ne wo k a chi ec u es such as lack
o au oma ion and adap i i y o a ying and equi emen s imposed by he e ogeneous use cases.
Ma e al. [16]
p oposed he deploymen o an SDN-based in as uc u e in an indus ial en i onmen ,
which, also le e aging ne wo k i ualiza ion and NFV o he implemen a ion o ne wo k se ices,
op imizes se ice quali y and imp o es indus ial p oduc ion e iciency. Peus e e al.
[17]
demons a ed how NFV echnology can g ea ly simpli y he ealiza ion o a sma manu ac u ing
applica ion, in which se e al ne wo k se ices a e deployed o in e connec machines and o collec
and agg ega e senso
da a. Mekikis e al. [18] showcased
he implemen a ion o a 5G expe imen al
pla o m o Tac ile In e ne in indus ial en i onmen s le e aging NFV and SDN echnologies. O he
wo k (e.g., [
19
,
20
]) ocus on he applicabili y o NFV and SDN o deploy secu i y se ices and enhance
secu i y in indus ial ne wo ks. Al hough his is no speci ically a di ec objec i e o he in eg a ion
o NFV and SDN in ou wo k, hey illus a e how he adop ion o hese echnologies can lay he
Appl. Sci. 2020,10, 7670 5 o 20
ounda ions o he implemen a ion o mo e obus and lexible secu i y mechanisms and applica ions
in compa ison o adi ional indus ial ne wo ks.
In ega ds o solu ions aimed a p o iding addi ional lexibili y and dynamici y o IIoT ne wo ks
h ough he adop ion o NFV and SDN echnologies, he au ho s o [
21
,
22
] p oposed he in oduc ion
o ne wo k slicing mechanisms in IIoT scena ios wi h a la ge amoun o senso s deployed o di e en
moni o ing pu poses. They ocused on applying ne wo k slicing o add ess a ying Quali y o Se ice
equi emen s o di e en IIoT applica ions. This di e s om ou in en ions o le e aging ne wo k
slicing o a he enable a dynamic assignmen o hese IIoT applica ions o di e en business p ocesses.
2.2. Secu i y o IIoT Applica ions
The de elopmen o IIoT applica ions in ol es he deploymen o a la ge numbe o
esou ce-dep i ed senso s o ga he da a on a massi e scale, in o de o eed ML algo i hms ha will
imp o e decision-making and sma ize manu ac u ing p ocesses. The use o such limi ed de ices
has mean ha , when designing IIoT applica ions, he de elopmen o ligh weigh and easible
communica ion p o ocols has been p io i ized, lea ing secu i y issues in he backg ound. In ac ,
mos IIoT indus ial communica ion p o ocols used oday, such as MQTT, AMQP, and XMPP, ely on
implemen ing T anspo Laye Secu i y (TLS) [
23
] o Da ag am T anspo Laye Secu i y (DTLS) [
24
]
a he anspo laye o building hei secu e e sion.
The ealiza ion o he Indus y 4.0 concep , based on massi e da a ga he ing and a i icial
in elligence echniques, will esul in imp o ed manu ac u ing p ocesses and decision making.
Howe e , i will also open he doo o new secu i y ulne abili ies coming om he In e ne and
no known o he adi ionally isola ed indus ial en i onmen s. The au ho s o [
25
–
27
] p esen ed
he ea u es and challenges o secu i y and p i acy o IoT. Al hough he implemen a ion o secu e
anspo laye channels is essen ial o build secu e communica ions, i is no enough, and applica ion
laye secu i y mechanisms o IoT mus also be de eloped. Such secu i y mechanisms ha e al eady
been esea ched and de eloped o In e ne -connec ed esou ce- ich de ices and communica ions
o yea s, and a e widely used nowadays. Howe e , adi ional secu i y mechanisms designed and
e alua ed o he esou ce- ich de ices a e no di ec ly applicable o IoT en i onmen s, due o he high
esou ce cons ain s o he IoT de ices. In ac , secu i y mechanisms widely used in he adi ional
In e ne equi e high compu a ional capabili ies and s o age capaci y, ea u es no a ailable in cu en
IoT de ices. Fo his eason, in addi ion o using ligh weigh and easible applica ion laye indus ial
p o ocols, IoT ne wo ks equi e also he de elopmen o speci ic secu i y mechanisms ha will ake
he special cha ac e is ics o he a ge ed en i onmen s in o accoun .
Rega ding he p o ec ion o da a con iden iali y and in eg i y a he applica ion laye ,
Objec Secu i y o Cons ained REST ul En i onmen s [
28
] (OSCORE) has been p oposed.
Howe e , his p o ocol
is speci ically ailo ed o he ope a ion o he CoAP [
29
] p o ocol and is no
easily ex ensible o o he p o ocols such as MQTT, XMPP, e c. This p o ocol makes i possible o p o ec
he in eg i y and con iden iali y o CoAP messages e en when he communica ion includes a p oxy,
which is usual in indus ial communica ion, and, he e o e, he DTLS session is e mina ed a he p oxy.
Ne e heless, implemen ing secu i y mechanisms ha p o ec he con iden iali y and in eg i y
o he communica ions is no enough o ha e a secu e IoT applica ion. In ac , while adi ional IoT
scena ios comp ise senso s ha ga he da a and send i o a cen alized se e , he nex -gene a ion
IoT, designed o Indus y 4.0, en isions he use o sma senso s beha ing as small se e s. In such
scena ios, he clien s es ablish a di ec end- o-end (E2E) connec ion wi h he senso s in o de o ge
he da a. Mo eo e , hese scena ios also allow some kind o con igu a ion o he senso pa ame e
by he end use s. The e o e, in hese new applica ions, i is e y impo an o implemen a s ong
access con ol p ocess, in o de o gua an ee ha only au ho ized use s es ablish a connec ion wi h he
senso s. Besides, due o he dynamic na u e o IoT applica ions, he access con ol solu ions should be
as exp essi e as possible, in o de o e alua e no only he pe missions o he use s bu also he local
con ex condi ions.

Appl. Sci. 2020,10, 7670 6 o 20
Di e en app oaches ha e been ca ied ou o de elop access con ol mechanisms o he IoT.
On he one hand, some adi ional solu ions ha e been adap ed o he IoT. Fo example, Sei z e al.
[30]
p oposed he Au ho iza ion F amewo k o he IoT, which adap s eX ensible Access Con ol Ma kup
Language (XACML) o IoT applica ions. This p oposal de ines e y exp essi e secu i y policies, bu
hey a e oo hea y o be implemen ed in he mos cons ained de ices. Simila ly, Zhang and Gong
[31]
p oposed he Usage-based access con ol (UCON) adap ed o IoT. Howe e , hese wo app oaches a e
based on a cen alized a chi ec u e, whe e a cen al se e pe o ms all he access con ol p ocesses, so
hey do no o e any exp essi eness as hey do no ake in o accoun any local condi ion o he de ices.
Among he solu ions based on a dis ibu ed a chi ec u e, He nández-Ramos e al.
[32]
p oposed
Dis ibu ed Capabili y-Based Access Con ol (DCapBAC) o IoT, which o e s capabili y-based access
con ol, exchanging okens ha con ain in o ma ion abou he use s and hei pe missions. Howe e ,
his mechanism has been de eloped using Ja a, and, as i s amewo k is a he hea y, i is no sui able
o mos cons ained de ices.
Ano he possible solu ion is he Delega ed CoAP Au hen ica ion and au ho iza ion F amewo k
(DCAF), p oposed in [
33
], which uses secu i y policies ha conside local condi ions o he senso s.
Howe e , he implemen a ion o his mechanism equi es he es ablishmen o DTLS channels,
and his inc eases he o e head o he messages exchanged, was ing he esou ces o he de ices.
Mo eo e , his solu ion
uses Concise Bina y Objec Rep esen a ion [
34
] (CBOR) o encode and
comp ess he policies, and as i is a gene ic comp esso , i does no o e a high enough comp ession a e.
To deal wi h some o he a o emen ioned p oblems, he Ladon [
35
] p o ocol was de eloped,
an access con ol solu ion easible e en in he mos cons ained de ices. This p o ocol pe o ms
he au hen ica ion and E2E au ho iza ion o he use s wan ing o access a esou ce in he senso s.
Howe e , he secu i y policies i uses a e a he s a ic, educing he exp essi eness o he p ocess.
As an e olu ion
o Ladon, Hid a [
36
] allows o he en o cemen o highly exp essi e policy-based
secu i y policies which also include local con ex condi ions, such as ba e y le el. Fo his eason,
his wo k p oposes o ex end he applicabili y scena ios o Hid a by in eg a ing i in a 5G-enabled
indus ial en i onmen as an o ches a ed NFV ne wo k se ice. In his way, he IIoT applica ions can
implemen obus access con ol mechanisms in a as and lexible way.
3. Building Technologies
This sec ion p o ides an o e all o e iew o he main echnologies upon which he p oposed
5G-enabled indus ial ne wo k is buil .
3.1. NFV and SDN
As p e iously s a ed, he co e echnologies ha ealize he p oposed in as uc u e a e NFV and
SDN. Each o hem plays a c i ical ole in enabling a mo e agile, lexible, and cos -e icien p o isioning
o ne wo k se ices.
NFV echnology is conce ned wi h he abs ac ion, o decoupling, o ne wo k unc ions om
physical ha dwa e. Thanks o i ualiza ion, a ple ho a o applica ion se ices (such as da a p ocessing
se ices) and ne wo k se ices (such as i ewalls and NAT) ha ha e adi ionally un on dedica ed
se e s and appliances can be eloca ed in o commodi y ha dwa e as i ual se ices. Each o he
ha dwa e se e s comp ising an NFV in as uc u e exposes hei a ailable physical esou ces (such
as CPU, memo y disk, and ne wo k in e aces) as i ual esou ces, and each i ual se ice o
i ual se ice componen is assigned a speci ic po ion o hese i ual esou ces on demand. Vi ual
se ices can be deployed in an isola ed ashion ega dless o he ha dwa e se e ha hey ha e been
alloca ed in o.
The NFV a chi ec u al amewo k s anda dized by he Eu opean Telecommunica ions S anda ds
Ins i u e (ETSI) is depic ed in Figu e 2below. The NFV In as uc u e (NFVI) comp ises he o ali y
o he physical esou ces, possibly including esou ces om di e en loca ions o domains. These
physical esou ces may include compu ing, s o age, and ne wo king esou ces, and oge he build
Appl. Sci. 2020,10, 7670 7 o 20
he en i onmen ha is capable o suppo ing he c ea ion o Vi ual Ne wo k Func ions (VNFs).
A i ualiza ion laye in he NFVI abs ac s hese ha dwa e esou ces in o a pool o i ual esou ces
ha can be con enien ly sliced and alloca ed o mul iple VNFs.
Figu e 2. ETSI NFV e e ence a chi ec u al amewo k.
In NFV, he in elligence is p o ided by he NFV Managemen and O ches a ion (MANO) block.
MANO pe o ms all he ac ions ha in ol e he li e cycle managemen (e.g., c ea ion, con igu a ion,
and e mina ion) o he a o emen ioned VNFs. Fu he mo e, a Ne wo k Se ice (NS) can encompass
mul iple VNFs p o iding a b oade se ice on he whole. MANO can be subdi ided in o he Vi ualized
In as uc u e Manage (VIM), and a highe le el NFV O ches a o (NFVO). The VIM is esponsible
o he in e ac ion wi h he NFVI esou ces ac oss one domain du ing VNF alloca ion and dealloca ion
asks, whe eas he NFVO wo ks a he le el o NSs and VNFs, managing hei li e cycle.
In an NFV/SDN scena io, i NFV echnology ealizes he deploymen o se ices le e aging
i ualiza ion mechanisms, SDN is he echnology ha ealizes he in e connec ion o hose se ices and
hei componen s. T adi ional ne wo king has been implemen ed in such a way ha he unc ionali y
o o wa d he ne wo k packe s and he unc ionali y o decide how hey a e o wa ded a e con ained
in he same de ice. These unc ionali ies a e known as da a plane and con ol plane, espec i ely.
As ep esen ed in Figu e 3, SDN h i es on he sepa a ion o hese wo planes o enable he
implemen a ion o a mo e cen alized con ol plane in which each o wa ding de ice is no longe
esponsible o making hei own o wa ding decisions. Ins ead, con ol plane asks a e elega ed
o one o mo e cen alized con olle s possessing a b oade iew o he whole ne wo k opology
and condi ions. These con olle s en o ce he o wa ding logic in o each de ice, which now only
has o execu e da a plane asks (packe o wa ding). Thus, ne wo k de ices do no need o use
speci ic p o ocols and exchange in o ma ion be ween hem in o de o make cohe en o wa ding
decisions. SDN also esul s in g ea e p og ammabili y and econ igu abili y o he ne wo k hanks o
he cen aliza ion o he o wa ding in elligence and he high g anula i y p o ided in he classi ica ion
o ne wo k a ic.
Appl. Sci. 2020,10, 7670 8 o 20
Figu e 3. T adi ional ne wo k e sus so wa e de ined ne wo k.
3.2. OpenS ack, Open Sou ce MANO, and ONOS
SN4I makes use o a ious so wa e p oduc s ha o ches a e and manage he physical componen s
(physical se e s and in e connec ed swi ches) ha make up he in as uc u e, acco ding o he
p e iously explained NFV and SDN echnologies. These so wa e componen s a e OpenS ack, Open
Sou ce MANO (OSM), and Open Ne wo k Ope a ing Sys em (ONOS).
OpenS ack implemen s he Vi ualized In as uc u e Manage (VIM) o he NFV a chi ec u al
amewo k p e iously shown in Figu e 2. I also p o ides a common i ualiza ion laye o he
ha dwa e se e s in he NFVI i manages in o de o abs ac hei physical esou ces in o i ual
esou ces. OpenS ack is ul ima ely capable o con olling a pool o i ual esou ces and alloca e
di e en kinds o esou ces om i in o de o ins an ia e Vi ual Machines (VMs). OpenS ack can also
manage he li e cycle o hese VMs, as well as se up hei in e nal means o in e connec ion. A VM
holds a componen o a VNF (a VNF can con ain one o mo e VMs) and can be exposed and pe cei ed
by an end use jus as a eal dedica ed compu e sys em.
Open Sou ce Mano (OSM) is, as i s name implies, he MANO o SN4I. OSM is an ETSI NFV-aligned
Managemen and O ches a ion so wa e ha p o ides an uppe laye o he OpenS ack se ices. OSM
p o ides he SN4I in as uc u e manage s wi h a ool o design and build NSs and VNFs composed o
e en ual VMs, as well as Vi ual Links and Connec ion Poin s be ween hei componen s. OSM is hen
esponsible o in e ac ing wi h OpenS ack in o de o ealize he componen s and in e connec ions
o he designed NSs in o he NFVI. OSM exposes in e aces o manage he li e cycle o hese NSs
and VNFs and includes ich ea u es o hei moni o iza ion, as well as o he con igu a ion and
au oma ion o hei unc ionali y.
Finally, Open Ne wo k Ope a ing Sys em (ONOS) pe o ms as he con olle o he SDN
ne wo k in as uc u e, which comp ises bo h in e -VIM and in a-VIM connec ions. In SN4I,
ONOS, h ough a p o ocol
named OpenFlow, popula es in o he da a plane de ices he o wa ding
ules ha make possible he in e connec ion o all he componen s o a gi en p ocess (i.e., a gi en NS),
while simul aneously ensu ing ha hey a e isola ed om o he p ocesses’ a ic. Fu he mo e, ONOS
can be in eg a ed wi h OSM in o de o au oma ically ins all hese o wa ding ules ha co espond o
he NSs’ Vi ual Links.
3.3. Hid a
As p e iously men ioned, in he IoT scena ios designed o Indus y 4.0, he senso s beha e as
small se e s, and he use s es ablish a secu e E2E connec ion wi h hem o ei he ecei e da a o
con igu e some pa ame e s. In his con ex , s ong access con ol mechanisms mus be implemen ed,
in o de o gua an ee ha only au ho ized use s can es ablish a connec ion wi h he de ices. Mo eo e ,
due o he dynamic na u e o he IIoT applica ions, hese access con ol mechanisms should be lexible
and exp essi e, so ha hey pe mi o deny he access o he use s based no only on he pe missions
bu also on he local con ex condi ions.
Appl. Sci. 2020,10, 7670 9 o 20
Hid a [
36
] is a secu i y p o ocol ha gua an ees bo h au hen ica ion and au ho iza ion o a emo e
subjec wan ing o es ablish an E2E connec ion wi h a CDS. The aim o Hid a is o o e a s ong and
dynamic access con ol solu ion ha can be implemen ed e en in he mos cons ained de ices.
To p o ide exp essi eness o he access con ol p ocedu e, his p o ocol combines he cen alized
and dis ibu ed a chi ec u es, pe o ming he au ho iza ion in wo s eps. On he one hand, he
cen alized se e named Access Con ol Se e (ACS) pe o ms he au hen ica ion and p elimina y
au ho iza ion o he eques ing subjec s, disca ding mos unau ho ized eques s and hence a oiding
unnecessa y messages wi h he CDSs. On he o he hand, o enable exp essi e con ex -based access
con ol, each CDS is a dis ibu ed con ol poin ha pe o ms he local au ho iza ion. This au ho iza ion
is pe o med based on local con ex condi ions such as he ba e y le el o he senso o he
en i onmen al pa ame e s. The access decision is made a e applying a e y exp essi e secu i y policy.
Figu e 4shows he de ailed ope a ion o Hid a. Fi s , in Phase 1, he Delega ed Au hen ica ion o
he use is pe o med, whe e he use au hen ica es o he ACS and eques s a Ticke G an ing Ticke
(TGT). In he case o success ul au hen ica ion, he icke is sen o he use .
Figu e 4. Hid a ope a ion.
In Phase 2, he P elimina y Au ho iza ion is pe o med in he ACS, based on he a ibu es o he
use , on he esou ce, and on he expec ed ac ions. The subjec uses he TGT o demons a e ha i is
an al eady au hen ica ed en i y and ob ain he esou ce icke s equi ed o access any esou ce on he
CDSs. The C eden ial Manage (CM) o he ACS checks i he use has he p ope pe missions, and i
so, i sends a message o he CDS con aining he secu i y policy o be applied.
Besides, his message
also con ains a session key o be checked by he CDS in o de o gua an ee he eshness o he message.
I Phase 2 has p o ed success ul, as he use has al eady he icke o access he CDS, in Phase 3,
he Locally Au ho ized Secu i y Associa ion is pe o med in he CDS. When he use sends a message
con aining he icke , he CDS applies he secu i y policy p e iously ecei ed in o de o make an
access decision. The applica ion o his exp essi e policy means ha he access decision is made based
on cu en local con ex condi ions o e e y access a emp . I he CDS decides o pe mi he access,
an E2E secu i y connec ion is es ablished be ween he subjec and he CDS.
Finally, in Phase 4, he Access No i ica ion is pe o med, whe e he senso sends o he ACS he
de ails o he access a emp , bo h pe mi ed and denied, o logging and accoun ing p ocedu es.
The use o he a o emen ioned exp essi e secu i y policies equi es he de ini ion o a p ope
policy language. The policy language de ined o Hid a consis s o di e en s uc s, some op ional and
some manda o y, enabling he educ ion o he policy leng h when simple policies a e needed. These
s uc s go nes ed one inside ano he s a ing om a basic “Policy” s uc , as shown in Figu e 5, and he
Appl. Sci. 2020,10, 7670 16 o 20
o he in as uc u es. The opposi e is also ue, and VNFs om ex e nal endo s o designe s can be
added o he SN4I ca alog and in eg a ed in o NSs p o ided by SN4I and in o i s speci ic compu ing
and ne wo king in as uc u e.
Meanwhile, he hea ily au oma ized and agile se ice deploymen and li e cycle managemen
open up he possibili y o in oduce new ways in which se ices can ansi ion om a de elopmen
e sion o p oduc ion deploymen . A se ice can be i s es ed and alida ed in a local da acen e
wi h minimum esou ces, and hen deployed and in eg a ed in o he p oduc ion da acen e in-plan ,
adjus ing he esou ce and connec i i y equi emen s as app op ia e. This e ec i ely aligns wi h
he Con inuous In eg a ion/Con inuous Deli e y (CI/CD) pa adigm equen ly used in so wa e
de elopmen , which is d i en by in oducing ongoing au oma ion and moni o ing in he de elopmen
p ocess h ough inc emen al changes and con inuous eedback in he in eg a ion and deli e y o
he p oduc .
E en hough SN4I cu en ly comp ises wo da acen e s in wo sepa a e loca ions (EIB and CFAA),
he in eg a ion o addi ional da acen e s is possible. Unde he o ches a ion o he same cen alized
NFV MANO, i is possible o a ach addi ional emo e da acen e s, o e en public clouds, which
could p o ide addi ional ha dwa e esou ces and capabili ies in o de o adap o he equi emen s
o u u e applica ions. While he wo cu en ly in eg a ed da acen e s a e OpenS ack-based, o he
da acen e o cloud echnologies such as Amazon Web Se ices (AWS), VMwa e Cloud, Kube ne es
public and p i a e clus e s, and OpenNebula can also be suppo ed unde he same managemen and
o ches a ion plane.
Rega ding he IIoT slice and he deployed WSN, one o he main bene i s o his a chi ec u e is
ha senso s can se e mul iple applica ions, meaning ha hey do no need o be s a ically assigned
o a single p ocess. Al hough in he use case p esen ed in his wo k he whole WSN is shown o be
associa ed wi h he b oaching p ocess, i is possible o se up addi ional p ocesses ha also make use
o he se ices o e ed by he WSN in di e en ways. This e ec i ely enables a scena io whe e senso s,
and, mo e speci ically, he se ices hey p o ide, can dynamically loa ac oss one o mo e p ocesses
on demand, adjus ing hei assignmen s based on he needs o each p ocess a any gi en momen .
Each o hese p ocesses can le e age he au hen ica ion and au ho iza ion mechanisms p o ided by
Hid a and can ei he make use o he p e iously discussed IIoT slice o se up hei own local Hid a
se ice hanks o he Hid a VNF a ailable in he se ice ca alog.
Mo eo e , wi h such an exp essi e access con ol mechanism and wi h he use o he secu i y
policies, i is possible o g an o e oke access o any esou ce in he CDSs acco ding o he e alua ion
o some local con ex condi ions. As p e iously desc ibed, his access con ol decision is made based
on a secu i y policy, being he use o highly exp essi e secu i y policies essen ial in o de o ob ain a
ine-g ained access con ol p ocedu e. Fo example, he eques o a p elimina ily au ho ized use can
hen be denied i he ba e y le el is no enough o pe o m he eques ed ope a ion. In his con ex ,
senso s can be conside ed easily econ igu able, since, h ough he access con ol, he alues can be se
and accessed depending on he esul o he secu i y policy e alua ion. The e o e, he lexible IIoT
in eg a ion is made possible as he beha io o he senso s can be pe sonalized o con igu ed by means
o con eying he p ope secu i y policy o be applied in e e y pa icula case.
A summa y o he bene i s p o ided by his wo k, including hei impac on indus ial
en i onmen s, as well as hei impac on he speci ic use case p esen ed in Sec ion 5, is p esen ed in
Table 1.

Appl. Sci. 2020,10, 7670 17 o 20
Table 1. Summa y o bene i s.
Bene i O e all Impac Impac on Use Case
Mo e agile and au oma ized
deploymen cycle o se ices.
Reduc ion in deploymen ime and
cos s. Fas e ansi ion be ween
local deploymen o in-plan
deploymen .
Fas e deploymen and p oduc ion
s a -up o da a ecollec ion and ML
se ices.
Mo e lexible li ecycle
managemen o se ices.
Easie upg ade, adap a ion, and
con igu a ion o se ices, and
se ice down ime educ ion.
Abili y o au oma e speci ic se ice
asks. Abili y o quickly scale
esou ces on demand and in eg a e
new se ice componen s i equi ed
by he p ocess.
Se ice isola ion a da a and
pe o mance le el.
Da a leak a oidance be ween
business p ocesses and a oidance
o pe o mance issues due o
esou ce con en ion.
Gua an ees o e ed in he isola ion
o he b oaching p ocess a ic as
well as in he pe o mance and
bandwid h o he ML se ices.
In elligen se ice placemen ,
e icien esou ce alloca ion, and
highly g anula ne wo k a ic
classi ica ion.
Lowe cos s and be e
pe o mance due o he
op imiza ion o compu ing and
ne wo king esou ces and
in elligen ma ching o ha dwa e
capabili ies.
Compu ing esou ces e icien ly
assignable based on ML p ocessing
equi emen s. Bandwid h adap able
o di e en a ic lows o he
b oaching ool and be ween he
se ice VMs.
Se ice ca alog a ailabili y.
Fas e se ice deli e y and as e
in oduc ion o new se ices.
Abili y o expo and impo
designed se ices.
Abili y o expo se ices o
componen s designed o his
p ocess o o he p ocesses o
immedia e deploymen . Abili y o
quickly impo and deploy al eady
designed ex e nal se ices o his
p ocess.
In e ope abili y be ween NFV
solu ions.
Abili y o in eg a e wi h o he da a
cen e s o o he NFV echnologies,
including public clouds and
con aine ized en i onmen s.
Abili y o in oduce addi ional
ha dwa e capabili ies i bene icial o
he p ocess.
Dynamically assignable and
sha eable senso s and senso
se ices.
Lowe cos s due o usage
op imiza ion and as se ice
p o isioning due o dynamici y.
Ob ainable en i onmen al da a
om senso s dynamically adap able
o a ying p ocess equi emen s.
S ong bu ligh weigh and
exp essi e suppo o secu i y
policies.
Cus omizable and ine-g ained
secu i y policies and high
econ igu abili y wi h a minimal
pe o mance impac .
Usage o senso se ices
cus omizable o p ocess
equi emen s.
7. Conclusions
In his wo k, a 5G-enabled a chi ec u e is p esen ed based on Sma Ne wo ks o Indus y
(SN4I), an expe imen al acili y o Indus y 4.0 based on NFV and SDN ha spans be ween he
Ae onau ics Ad anced Manu ac u ing Cen e (CFAA) and he Facul y o Enginee ing in Bilbao (EIB)
a he Uni e si y o he Basque Coun y. To comple e he p oposed a chi ec u e, he in eg a ion o a
WSN is shown, in o de o enable he deploymen o IIoT applica ions wi h he implemen a ion o
app op ia e secu i y mechanisms.
The subs a e p o ided by he p oposed IT in as uc u e, in which isola ed slices composed
o machine ools, senso s, and in e connec ed Vi ual Ne wo k Func ions can be lexibly deployed
and con igu ed, has enabled he de elopmen o he use case p esen ed in his wo k, consis ing in
a 5G-enabled sma b oaching p ocess. In his use case, he moni o ing o he b oaching p ocess is
enabled h ough ML VNFs and h ough he measu emen o en i onmen al pa ame e s om he WSN.
Appl. Sci. 2020,10, 7670 18 o 20
Fu he mo e, o gua an ee secu e access and use o he in o ma ion ha hese senso s ga he , he WSN
has been p o ec ed wi h a s ong and exp essi e access con ol mechanism named Hid a.
Addi ionally, his wo k p esen s se e al bene i s ha he adop ion o a 5G-enabled a chi ec u e
can p o ide o indus ial en i onmen s in e ms o lexibili y,
agili y, e iciency, and au oma ion
in he
deploymen and li e cycle managemen o se ices capable o empowe ing manu ac u ing p ocesses.
I is also shown how hese bene i s align wi h he cha ac e is ics o he p esen ed use case. O e all,
he au ho s belie e ha he a chi ec u e p esen ed os e s inno a ion in he manu ac u ing p ocesses
by p o iding an IT-based playg ound ha can con ibu e o an imp o emen o hei o e all quali y
and pe o mance.
The wo k p esen ed he e pa es he way o he u u e: SN4I and CFAA ha e ecen ly been
in eg a ed in o he 5G Euskadi Pilo , which will allow he use o Ul a-Reliable Low-La ency
Communica ions (URLLC) and massi e Machine Type Communica ions (mMTC) communica ion
se ices and Mul i-access Edge Compu ing (MEC) echnologies in he CFAA. All echnologies
p esen ed he e— he use o NFV and SDN h ough a s anda dized, 5G complian and echnology
agnos ic MANO; he use o a lexible and secu e IIoT WSN; and he in eg a ion wi h indus ial
p o ocols—will in eg a e seamlessly wi h he coming echnologies.
Au ho Con ibu ions:
J.S. and E.J. con ibu ed o he design and implemen a ion o he NFV/SDN pla o m.
A.S. and J.A. con ibu ed o he design and implemen a ion o he IIoT access con ol mechanisms. All au ho s
con ibu ed o he concep ualiza ion o he use case. J.S. and A.S. con ibu ed o he w i ing. J.A. and E.J.
con ibu ed o he inal e iew. All au ho s ha e ead and ag eed o he published e sion o he manusc ip .
Funding:
This wo k was suppo ed in pa by he Spanish Minis y o Economy, Indus y and Compe i i eness
h ough he S a e Sec e a ia o Resea ch, De elopmen and Inno a ion unde he “Adap i e Managemen o
5G Se ices o Suppo C i ical E en s in Ci ies (5G-Ci y)” TEC2016-76795-C6-5-R and “Towa ds ze o ouch
ne wo k and se ices o beyond 5G (TRUE5G)” PID2019-108713RB-C54 p ojec s and in pa by he Depa men
o Economic De elopmen and Compe i i eness o he Basque Go e nmen h ough he 5G4BRIS KK-2020/00031
esea ch p ojec .
Acknowledgmen s:
We acknowledge he Ae onau ics Ad anced Manu ac u ing Cen e o o e ing us he
possibili y o in eg a e ou SN4I in as uc u e wi h he machine ools in he cen e .
Con lic s o In e es : The au ho s decla e no con lic o in e es .
Re e ences
1.
Lasi, H.; Fe ke, P.; Kempe , H.G.; Feld, T.; Ho mann, M. Indus y 4.0. Bus. In . Sys . Eng.
2014
,6, 239–242.
[C ossRe ]
2.
Eu opean Pa liamen . Legisla i e T ain 08.2020. Digi ising Eu opean Indus y. A ailable online:
h ps://www.eu opa l.eu opa.eu/legisla i e- ain/ heme-connec ed-digi al-single-ma ke / ile-digi i
sing-eu opean-indus y (accessed on 28 Oc obe 2020).
3.
Yousa , F.Z.; B edel, M.; Schalle , S.; Schneide , F. NFV and SDN—Key echnology enable s o 5G ne wo ks.
IEEE J. Sel. A eas Commun. 2017,35, 2468–2478. [C ossRe ]
4.
Bou as, C.; Kollia, A.; Papazois, A. SDN & NFV in 5G: Ad ancemen s and challenges. In P oceedings o he
2017 20 h Con e ence on Inno a ions in Clouds, In e ne and Ne wo ks (ICIN), Pa is, F ance, 7–9 Ma ch
2017; pp. 107–111.
5.
Wan, J.; Tang, S.; Shu, Z.; Li, D.; Wang, S.; Im an, M.; Vasilakos, A.V. So wa e-de ined indus ial in e ne o
hings in he con ex o indus y 4.0. IEEE Sens. J. 2016,16, 7373–7380. [C ossRe ]
6.
5G In as uc u e Public P i a e Pa ne ship (5G PPP). 5G and Ve icals. A ailable online: h ps://5g-ppp.e
u/ e icals/ (accessed on 28 Oc obe 2020).
7.
5GTANGO. 5G De elopmen and Valida ion Pla o m o Global Indus y. A ailable online:
h ps://5g ango.eu/ (accessed on 28 Oc obe 2020).
8.
5G SMART. 5G o Sma Manu ac u ing. A ailable online: h ps://5gsma .eu/ (accessed on 28
Oc obe 2020).
9.
5G CONNI. P i a e 5G Ne wo ks o Connec ed Indus ies. A ailable online: h ps://5g-conni.eu/
(accessed on 28 Oc obe 2020).
Appl. Sci. 2020,10, 7670 19 o 20
10.
5G-T ans o me . 5G Mobile T anspo Pla o m o Ve icals. A ailable online: h p://5g- ans o me .eu/
(accessed on 28 Oc obe 2020).
11.
5G-ACIA. 5G Alliance o Connec ed Indus ies and Au oma ion. A ailable online: h ps://www.5g-acia.
o g/ (accessed on 28 Oc obe 2020).
12.
ICNAP. In e na ional Cen e o Ne wo ked, Adap i e P oduc ion. A ailable online: h ps://www. e ne z
e-adap i e-p oduk ion.de/en.h ml (accessed on 28 Oc obe 2020).
13.
Za ei opoulos, A.; Gou as, P.; Fo opoulou, E.; Tsiolis, G.; Xi o o os, T.; Bonne , J.; Ca ozzo, G.; Rizou, S.;
Ga as, A.; Ba os, M.J.; e al. Enabling Ve ical Indus ies Adop ion o 5G Technologies: A Ca og aphy o
e ol ing solu ions. In P oceedings o he 2018 Eu opean Con e ence on Ne wo ks and Communica ions
(EuCNC), Ljubljana, Slo enia, 18–21 June 2018; pp. 1–9.
14.
Wollschlaege , M.; Sau e , T.; Jaspe nei e, J. The u u e o indus ial communica ion: Au oma ion ne wo ks
in he e a o he in e ne o hings and indus y 4.0. IEEE Ind. Elec on. Mag. 2017,11, 17–27. [C ossRe ]
15.
Rao, S.K.; P asad, R. Impac o 5G echnologies on indus y 4.0. Wi el. Pe s. Commun.
2018
,100, 145–159.
[C ossRe ]
16.
Ma, Y.W.; Chen, Y.C.; Chen, J.L. SDN-enabled ne wo k i ualiza ion o indus y 4.0 based on IoTs and
cloud compu ing. In P oceedings o he 2017 19 h In e na ional Con e ence on Ad anced Communica ion
Technology (ICACT), Bongpyeong, Ko ea, 19–22 Feb ua y 2017; pp. 199–202.
17.
Peus e , M.; Schneide , S.; Behnke, D.; Mülle , M.; Bök, P.B.; Ka l, H. P o o yping and demons a ing
5G e icals: he sma manu ac u ing case. In P oceedings o he 2019 IEEE Con e ence on Ne wo k
So wa iza ion (Ne So ), Pa is, F ance, 24–28 June 2019; pp. 236–238.
18.
Mekikis, P.V.; Raman as, K.; An onopoulos, A.; Ka sakli, E.; Sanab ia-Russo, L.; Se a, J.; Pubill, D.;
Ve ikoukis, C. NFV-enabled expe imen al pla o m o 5G Tac ile In e ne suppo in indus ial en i onmen s.
IEEE T ans. Ind. In o m. 2019,16, 1895–1903. [C ossRe ]
19.
Behnke, D.; Mülle , M.; Bök, P.B.; Schneide , S.; Peus e , M.; Ka l, H.; Rocha, A.; Mesqui a, M.; Bonne , J.
NFV-d i en in usion de ec ion o sma manu ac u ing. In P oceedings o he 2019 IEEE Con e ence
on Ne wo k Func ion Vi ualiza ion and So wa e De ined Ne wo ks (NFV-SDN), Dallas, TX, USA,
12–14 No embe 2019; pp. 1–6.
20.
Pe oulakis, N.E.; Fysa akis, K.; Askoxylakis, I.; Spanoudakis, G. Reac i e secu i y o SDN/NFV-enabled
indus ial ne wo ks le e aging se ice unc ion chaining. T ans. Eme g. Telecommun. Technol.
2018
,29, e3269.
[C ossRe ]
21.
Wu, H.; Nguyen, G.T.; Cho ppa h, A.K.; Fi zek, F. Ne wo k Slicing o Condi ional Moni o ing in he
Indus ial In e ne o Things. A ailable online: h ps://sdn.ieee.o g/newsle e /janua y-2018/ne wo k-sli
cing- o -condi ional-moni o ing-in- he-indus ial-in e ne -o - hings (accessed on 28 Oc obe 2020).
22.
Wu, H.; Tsokalo, I.A.; Kuss, D.; Salah, H.; Pingel, L.; Fi zek, F.H. Demons a ion o ne wo k slicing o lexible
condi ional moni o ing in indus ial IoT ne wo ks. In P oceedings o he 2019 16 h IEEE Annual Consume
Communica ions & Ne wo king Con e ence (CCNC), Las Vegas, NV, USA, 11–14 Janua y 2019; pp. 1–2.
23.
Resco la, E. The T anspo Laye Secu i y (TLS) P o ocol Ve sion 1.3. RFC 8446. 2018. A ailable online:
h ps://dx.doi.o g/10.17487/RFC8446 (accessed on 28 Oc obe 2020).
24.
Resco la, E.; Modadugu, N. Da ag am T anspo Laye Secu i y Ve sion 1.2. RFC 6347. 2012. A ailable
online: h ps://dx.doi.o g/10.17487/RFC6347 (accessed on 28 Oc obe 2020).
25.
Riahi S a , A.; Na alizio, E.; Challal, Y.; Ch ou ou, Z. A oadmap o secu i y challenges in he In e ne o
Things. Digi . Commun. Ne w. 2018,4, 118–137. [C ossRe ]
26.
Wei, W.; Yang, A.T.; Shi, W.; Sha, K. Secu i y in In e ne o Things: Oppo uni ies and Challenges.
In P oceedings o he 2016 In e na ional Con e ence on Iden i ica ion, In o ma ion and Knowledge in
he In e ne o Things (IIKI), Beijing, China, 20–21 Oc obe 2016; pp. 512–518.
27.
Roman, R.; Zhou, J.; Lopez, J. On he ea u es and challenges o secu i y and p i acy in dis ibu ed in e ne
o hings. Compu . Ne w. 2013,57, 2266–2279. [C ossRe ]
28.
Selande , G.; Ma sson, J.; Palombini, F.L.S. Objec Secu i y o Cons ained REST ul En i onmen s
(OSCORE). RFC 8613. 2019. A ailable online: h ps://dx.doi.o g/10.17487/RFC8613 (accessed on 28
Oc obe 2020).
29.
Shelby, Z.; Ha ke, K.; Bo mann, C. The Cons ained Applica ion P o ocol (CoAP); RFC 7252. 2019. A ailable
online: h ps://dx.doi.o g/10.17487/RFC7252 (accessed on 28 Oc obe 2020).
Appl. Sci. 2020,10, 7670 20 o 20
30.
Sei z, L.; Selande , G.; Geh mann, C. Au ho iza ion amewo k o he In e ne -o -Things. In P oceedings o
he 2013 IEEE 14 h In e na ional Symposium on A Wo ld o Wi eless, Mobile and Mul imedia Ne wo ks
(WoWMoM), Mad id, Spain, 4–7 June 2013; pp. 1–6. [C ossRe ]
31.
Zhang, G.; Gong, W. The Resea ch o Access Con ol Based on UCON in he In e ne o Things. J. So w.
2011,6, 724–731. [C ossRe ]
32.
He nández-Ramos, J.; Ja a, A.J.; Ma ín, L.; Ska me a, A. DCapBAC: Embedding Au ho iza ion logic in o
Sma Things h ough ECC op imiza ions. In . J. Compu . Ma h. 2014,93, 345–366. [C ossRe ]
33.
Bel an, V.; Ska me a, A.F. An o e iew on delega ed au ho iza ion o CoAP: Au hen ica ion and
au ho iza ion o Cons ained En i onmen s (ACE). In P oceedings o he 2016 IEEE 3 d Wo ld Fo um on
In e ne o Things (WF-IoT), Res on, VA, USA, 12–14 Decembe 2016; pp. 706–710.
34.
Bo mann, C.; Ho man, P. Concise Bina y Objec Rep esen a ion (CBOR). RFC 7049. 2019. A ailable online:
h ps://dx.doi.o g/10.17487/RFC7049 (accessed on 28 Oc obe 2020).
35.
As o ga, J.; Jacob, E.; Hua e, M.; Higue o, M. Ladon: End- o-end au ho isa ion suppo o
esou ce-dep i ed en i onmen s. IET In . Secu . 2012,6, 93–101. [C ossRe ]
36.
U ia e, M.; As o ga, J.; Jacob, E.; Hua e, M.; Ca ne e o, M. Exp essi e Policy-Based Access Con ol o
Resou ce-Cons ained De ices. IEEE Access 2018,6, 15–46. [C ossRe ]
37.
IEEE S anda ds Associa ion. IEEE S anda d o Low-Ra e Wi eless Ne wo ks; IEEE S anda ds Associa ion:
Pisca away, NJ, USA, 2016; Volume 802.
38.
Mon eneg o, G.; Kushalnaga , N.; Hui, J.; Culle , D. T ansmission o IP 6 Packe s o e IEEE 802.15.4
Ne wo ks. RFC 4944. 2007. A ailable online: h ps://dx.doi.o g/10.17487/RFC4944 (accessed on 28
Oc obe 2020).
39.
Win e , T.; Thube , P.; B and , A.; Hui, J.; Kelsey, R.; Le is, P.; Pis e , K.; S uik, R.; Vasseu , J.; Alexande ,
R. RPL: IP 6 Rou ing P o ocol o Low-Powe and Lossy Ne wo ks. RFC 6550. 2012. A ailable online:
h ps://dx.doi.o g/10.17487/RFC6550 (accessed on 28 Oc obe 2020).
Publishe ’s No e:
MDPI s ays neu al wi h ega d o ju isdic ional claims in published maps and ins i u ional
a ilia ions.
c
2020 by he au ho s. Licensee MDPI, Basel, Swi ze land. This a icle is an open access
a icle dis ibu ed unde he e ms and condi ions o he C ea i e Commons A ibu ion
(CC BY) license (h p://c ea i ecommons.o g/licenses/by/4.0/).