IoT4CPS – Trustworthy IoT for CPS FFG - ICT of the Future Project No. 863129 Deliverable D7.4 Test-beds and guidelines for securing IoT products and for secure set-up production environments The IoT4CPS Consortium: AIT – Austrian Institute of Technology GmbH AVL – AVL List GmbH DUK – Donau-Universit t Krems I!AT – In"neon Technologies Austria AG #KU – JK Universit t Lin$ / Institute for &ervasive 'om(uting #) – Joanneum )esearch !orschungsgesellschaft mbH *+KIA – No,ia -olutions an. Net/or,s 0sterreich GmbH *1& – *1& -emicon.uctors Austria GmbH -2A – -2A )esearch GmbH -)!G – -al$burg )esearch !orschungsgesellschaft -''H – -oft/are 'om(etence 'enter Hagenberg GmbH -AG0 – -iemens AG 0sterreich TTTech – TTTech 'om(utertechni, AG IAIK – TU Gra$ / Institute for A((lie. Information &rocessing an. 'ommunications ITI – TU Gra$ / Institute for Technical Informatics TU3 – TU 3ien / Institute of 'om(uter 4ngineering 1*4T – 1-Net -ervices GmbH © Copyright 2020, the Members of the IoT4CPS Consortium !or more information on this .ocument or the IoT5'&- (ro6ect, (lease contact8 9ario Drobics7 AIT Austrian Institute of Technology7 mario:.robics@ait:ac:at IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' Document Control Title8 Test-be.s an. gui.elines for securing IoT (ro.ucts an. for secure set-u( (ro.uction environments Ty(e8 &ublic 4.itorBsC8 Katharina Kloiber 4-mail8 ,,;D-net:at AuthorBsC8 Katharina Kloiber, Ni,olaus DEr,, -ilvio -tern )evie/erBsC8 -te(hanie von )E.en, Violeta Dam6anovic, Leo Ha((-2otler Doc ID8 DF:5 Amendment History Version Date Author Description/Comments VG:? ?>:G?:@G@G -ilvio -tern Technology Analysis VG:@ ?G:G>:@G@G -ilvio -tern &ossible )esearch !iel.s for the -2I--ystem VG:> >?:G<:@G@G Katharina Kloiber Initial version (re(are. VG:5 G<:GA:@G@G Katharina Kloiber -tate-of-the-Art VG:H @@:GA:@G@G *i,olaus Dürk, Katharina Test-be.s Kloiber VG:= GF:?G:@G@G *i,olaus Dürk, Katharina Gui.elines an. -tructure Kloiber VG:F ?H:?G:@G@G -te(hanie von )E.en7 Kathar- Internal revie/ ina Kloiber V?:G @=:??:@G@G Katharina Kloiber 'orrection an. "nal Version Legal Notices The information in this .ocument is sub6ect to change /ithout notice: The 9embers of the IoT5'&- 'onsortium ma,e no /arranty of any ,in. /ith regar. to this .ocu- ment, inclu.ing7 but not limite. to7 the im(lie. /arranties of merchantability an. "tness for a (artic- ular (ur(ose: The 9embers of the IoT5'&- 'onsortium shall not be hel. liable for errors containe. herein or .irect7 in.irect7 special7 inci.ental or conseIuential .amages in connection /ith the fur- nishing7 (erformance, or use of this material: The IoT5'&- (ro6ect is (artially fun.e. by the JI'T of the !utureJ &rogram of the !!G an. the 29VIT: Version V1.G &age @ / F5 IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' Contents Abbreviations:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::= 4Decutive -ummary:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::F ?: Intro.uction::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::< ?:?: 9otivation:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::< ?:@: 9arket "gures:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::A @: 'urrent -tate of Technology Play:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?G @:?: 4nvironment:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?G @:@: Har./are:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?? @:>: -oftware:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?> @:5: )emote Diagnostics an. 9aintaining::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?5 @:H: Data integration into IoT (ro.ucts:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?= @:=: )elevant )egulatories::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?= @:F: Technology Analysis:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?F @:F:?: !ire/all:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::?F @:F:@: )emote 9aintaining:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@@ >: )is,s of -ecurity Leaks in IoT &ro.ucts an. &ro.uction 4nvironments::::::::::::@F >:?: Har./are Attac,s:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@F >:?:?: *on-Invasive::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@F >:?:@: Invasive::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@< >:@: -oftware Attac,s::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@< >:@:?: 3eak7 Guessable or Har.-'o.e. &ass/ords::::::::::::::::::::::::::::::::::::::::::::@A >:@:@: 'hec, of -ervice:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@A >:@:>: 3eb Interfaces:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@A >:@:5: Up.ates::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::@A >:@:H: Default configuration::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>G >:>: 'ommunication 'hannels::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>G >:>:?: 'ommunication between 9anufacturer an. -up(liers::::::::::::::::::::::::::::>G >:>:@: 'ommunication between 9anufacturer an. -up(liers::::::::::::::::::::::::::::>? 5: )eIuirements:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>@ 5:?:?: General Data &rotection )egulation BGD&)C:::::::::::::::::::::::::::::::::::::::::::::>5 H: Guidelines:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>H H:?: +(en -ource:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>F H:@: )egular 9aintenance::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>F Version V1.G &age > / F5 IoT4C&- – <=>?@A Test-be.s an. guidelines for securing IoT (ro.ucts an. for secure set-up (ro.uction environments Dissemination level8 &U2LI' H:>: -ecurity Up.ates::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>< H:5: 'loud 'om(uting::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>< H:5:?: &rivate vs: (ublic cloud::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5G H:H: 4ncry(tion:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5G H:=: !ire/alls:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5? H:F: Afterlife of .evices::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5? =: Test-Be.s::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5> =:?: -BI Virtual !actory Demonstrator::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5> =:?:?: -ystem architecture:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::55 =:?:@: 'om(onents:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5F =:?:>: Demonstrator remote 3D-(rinting:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::=? =:?:5: Twins:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::=@ =:@: -BI !lash 9e.ia )ecor.ing Demonstrator:::::::::::::::::::::::::::::::::::::::::::::::::::::::=H =:@:?: 'om(onents:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::=< F: 'onclusion::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::F> <: )eferences::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::F5 List of Figures !igure ?8 Trust Levels:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::>= !igure @8 -BI virtual factory test-be.:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::55 !igure >8 Overview -BI-'once(t::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::5= !igure 58 'om(onents of the -BI-connecte. virtual factory::::::::::::::::::::::::::::::::::::5< !igure H8 -BI connecte. virtual factory – software overvie/:::::::::::::::::::::::::::::::::::H> !igure =8 Dual -tac,::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::HF !igure F8 Dual -tac, Lite:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::H< !igure <8 6in4 Tunnelling::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::HA