Securing Data Exchange and Reporting in Cyber-Physical Systems
– An Architectural Study using Messaging Switching Hubs
Cyber-Physical Systems are systems where the physical reality meets the cyberspace. An isolated digital controller that controls a mechanical or electrical device has traditionally been called an embedded system. When embedded systems now are online and part of a network, they can be controlled remotely by an algorithm. Cyber-Physical Systems expands the scope of embedded systems to any integrations of computation, networking, and physical processes, even with humans in the loop. Sensors and other inputs in this context constantly produce data which is collected and is key for AI training and business intelligence.
Safety and Security are of most importance when it comes to systems that has physical implications. In this paper we go beyond traditional authentication and discuss how data flow paths can be restricted. A sensitive network can be protected by making a message switch hub the only entrance. A potential attacker cannot see beyond the hub which means that no attack surfaces are exposed from the outside and the data flows, in and out, are rigorously protected and specified. Security does not stop with this; The security is the same at the inside when communicating with the hub as from hub to hub.
Behind the hub there are senders/receivers and services connected asynchronously and synchronously. The hub can interface just about any digital service. It may also host business processes, storage, and applications. Application that themselves may communicate with other systems and services.
With the starting point of our own message switching hub (XT) we discuss an architecture for increased security for data exchange and reporting in cyber-physical systems. This is done in the context of edge computing networks that need to communicate and a robust hierarchical hub network. A selected feature list of the XT product is also attached as an appendix.