LINC is an industrial network gateway that provides secure and highly available remote connectivity at a low cost without the need for dedicated network connections. This research project utilizes SCION technology and is similar to the EDGE Gateways developed at Anapaya. Industrial Control Systems (ICSs) such as manufacturing units, chemical processing plants etc., were traditionally operated in isolated networks. However, with the advent of the Industrial Internet of Things (IIoT) and Industry 4.0, ICSs are increasingly interconnected. As a result, it is now common to manage and control industrial systems remotely. This has become important because of the COVID-19 pandemic and the many employees working from home as a result.
Security, privacy and high availability are paramount to network connections in industrial systems. Usually, dedicated leased lines or MPLS backbones are used to establish these connections, however, they incur high costs. LINC can provide these crucial features at a low cost without the need for dedicated networks using the SCION internet architecture. With SCION, LINC connections can be served over a public network, reducing the cost and management overhead of maintaining dedicated connections.
LINC leverages the path-aware networking and multi-path features of SCION to provide secure and highly available connectivity. The key features of LINC are:
SCION gives end-hosts the control over the path used to send traffic and LINC utilizes this feature to provide geofencing. Through a traffic policy file exposed by the LINC gateway, administrators can block certain Autonomous systems (ASes) or specify trusted ASes, thereby ensuring that the traffic only traverses through trusted paths. Unlike the current BGP based Internet, SCION border routers do not have routing tables for inter AS routing. Instead, the complete path is written to the packet header of the SCION packet, and SCION border routers enforce this path. Routing attacks like BGP hijacking are impossible, unless the attacker is able to completely rewrite the packet header and contents. However, as the packet header is cryptographically secured an attacker would need to compromise the secret keys of ASes on the path to achieve that. Contrary to BGP, SCION has a split between the control plane, where the routing decisions are made, and the data plane, where the data is forwarded.
LINC allows users to specify path selection preference based on path metrics such as latency, jitter and bandwidth, thus putting the users firmly in control. It probes all available paths continuously and dynamically selects the optimal path based on the specified preference.
High availability is essential for interacting remotely with an industrial control system. LINC supports three operating modes that provide high availability: single-path, redundant multipath, and adaptive multipath mode. If the chosen path fails in single-path mode because of a failure or attack in the network, the gateway switches over to the next best path. In this mode, the failover can take up to a second to complete. This mode is most suited for applications that can tolerate a momentary interruption in connectivity. For applications that require the highest availability, the redundant multi-path mode can be used. In this mode, traffic is simultaneously sent over two or more paths. If a path fails, the next available two paths are used. As a result, failures in the network, such as path failures, do not affect the connectivity as long as there is at least one working path between the gateways. In adaptive multipath mode, the gateway follows a make before break approach. The gateway starts duplicating the traffic over an additional path when the performance metrics of the primary path fall below a specified threshold. If the primary path recovers, the redundant transmission is stopped. If the performance of the primary path deteriorates further, traffic is completely routed over the secondary path. This mode provides a trade-off between the interruption of connectivity in the single-path mode and the high network utilization of the redundant multi-path mode. Additionally, this mode enables LINC to adapt quickly to changing network conditions.
SCION has a dynamically recreatable key (DRKey) mechanism that enables routers and end hosts to derive symmetric cryptographic keys on the fly. LINC uses this feature to authenticate and encrypt data between two gateways, thereby providing protection against eavesdropping and man-in-the-middle attacks.
Figure 1 illustrates an example LINC deployment where the SCADA network of a factory is connected to a remote enterprise network through LINC gateways.
Figure 1: An example LINC deployment connecting a SCADA network to a remote Enterprise network
The simulated remote driving demo below showcases the capabilities of LINC. Similar to industrial control systems, remote driving requires a highly reliable communication channel: any interruption can have severe consequences in a real-world scenario, such as a fatal accident. In the demo, the remote control sends control messages to the simulator, and the simulator sends back a video feed from a front-facing camera of the car. Both the controller and the simulator are connected to a LINC gateway. There are three SCION paths available between the two gateways. The demo shows how LINC behaves on the three operating modes over varying network conditions.
As you can see from the demo, LINC can provide high availability at varying degrees using its three operating modes. Along with that, the path selection preference of LINC can also be seen in action. In the demo, path selection is set to prefer paths with low latency and jitter. Throughout the demo, among the available paths, the path with the lowest latency and jitter is chosen by LINC.
If you want to know more about the great work done with SCION, and how this can benefit you, send us a message.