Search Results (101)

In the classic energy sector, as well as in the manufacturing and process industries, Programmable Logic Controller (PLC) systems are used for electrical substation control. However, PLCs frequently do not support the communication protocols defined on the standard International Electrotechnical Commission (IEC) 61850. Therefore, this paper presents a vendor-independent method for the integration of Protection and Control (P&C) Intelligent Electronic Devices (IEDs), components of the substation bay level, in PLCs from the substation station level. The method can be used with legacy and modern controllers that offer an open communication interface, where the use of Transmission Control Protocol/Internet Protocol (TCP/IP) is supported. Since many legacy systems offer an open communication interface, this method makes it possible to reuse PLCs, bringing cost efficiency and ecological benefits. The method can be used in a single or redundant way since redundancy is always required in power distribution control. A prototype was developed for the integration over IEC 61850 Manufacturing Message Specification (MMS), and its functional validation is presented in this paper. This solution, besides reducing hardware and software acquisition costs, also contributes to a reduction in electronic waste (E-Waste) and the achievement of Sustainable Development Goals (SDGs). Full article

This paper addresses the need for accessible and interoperable supervision solutions within the Industry 4.0 paradigm, particularly for small-scale or resource-constrained environments. The proposed system integrates a web-based architecture using opensource technologies to enable real-time industrial monitoring and data acquisition. A hybrid setup was developed, combining a virtual glass manufacturing process in Factory IO with a physical three-phase induction motor controlled by a Modicon M580 PLC. The system architecture includes a local HMI developed in Control Expert and a remote interface built with React and Node.js, both synchronized through a MySQL 8.0 database populated via Python 3.13 using the Modbus TCP/IP protocol. Experimental results demonstrate consistent data synchronization, reliable multi-platform integration, and an average end-to-end latency of 156 ms, validating the feasibility of the approach for IIoTbased applications. The solution demonstrates how general-purpose web technologies can be effectively repurposed for industrial use, offering a cost-effective and scalable alternative to traditional SCADA systems. The proposed architecture is easily replicable, adaptable to various process configurations, and suitable for academic, prototyping, and SME environments. Full article

The original Modbus specification for RS-485 and RS-232 buses supported broadcast transmission. As the protocol evolved into Modbus-TCP, to use the TCP transport, this useful feature was lost, likely due to the point-to-point nature of TCP connections. Later proposals did not restore the broadcast transmission capability, although they used UDP as transport and UDP, by itself, would have supported it. Moreover, they did not address the inherent lack of reliable delivery of UDP, leaving datagram loss detection and recovery to the application layer. This paper describes a novel redesign of Modbus-UDP that addresses the aforementioned shortcomings. It achieves a mean round-trip time of only 38% with respect to Modbus-TCP and seamlessly supports a previously published protocol based on Modbus broadcast. In addition, the built-in retransmission of Modbus-UDP reacts more efficiently than the equivalent Modbus-TCP mechanism, exhibiting 50% of its round-trip standard deviation when subject to a 1% two-way IP datagram loss probability. Combined with the lower overhead of UDP versus TCP, this makes the redesigned Modbus-UDP protocol better suited for a variety of Industrial Internet of Things systems with limited computing and communication resources. Full article

Traditional industrial robot programming methods often pose high usage thresholds due to their inherent complexity and lack of standardization. Manufacturers typically employ proprietary programming languages or user interfaces, resulting in steep learning curves and limited interoperability. Moreover, conventional systems generally lack capabilities for remote control and real-time status monitoring. In this study, a novel approach is proposed by integrating digital twin technology with traditional robot control methodologies to establish a virtual–real mapping architecture. A high-precision and efficient digital twin-based control platform for industrial robots is developed using the Unity3D (2022.3.53f1c1) engine, offering enhanced visualization, interaction, and system adaptability. The high-precision twin environment is constructed from the three dimensions of the physical layer, digital layer, and information fusion layer. The system adopts the socket communication mechanism based on TCP/IP protocol to realize the real-time acquisition of robot state information and the synchronous issuance of control commands, and constructs the virtual–real bidirectional mapping mechanism. The Unity3D platform is integrated to develop a visual human–computer interaction interface, and the user-oriented graphical interface and modular command system effectively reduce the threshold of robot use. A spatially curved part welding experiment is carried out to verify the adaptability and control accuracy of the system in complex trajectory tracking and flexible welding tasks, and the experimental results show that the system has high accuracy as well as good interactivity and stability. Full article

The convergence of Operational Technology (OT) and Information Technology (IT) networks has become increasingly prevalent with the growth of Industrial Internet of Things (IIoT) applications. This shift, while enabling enhanced automation, remote monitoring, and data sharing, also introduces new challenges related to communication latency and cybersecurity. Oftentimes, legacy OT protocols were adapted to the TCP/IP stack without an extensive review of the ramifications to their robustness, performance, or safety objectives. To further accommodate the IT/OT convergence, protocol gateways were introduced to facilitate the migration from serial protocols to TCP/IP protocol stacks within modern IT/OT infrastructure. However, they often introduce additional vulnerabilities by exposing traditionally isolated protocols to external threats. This study investigates the security and reliability implications of migrating serial protocols to TCP/IP stacks and the impact of protocol gateways, utilizing two widely used OT protocols: Modbus TCP and DNP3. Our protocol analysis finds a significant safety-critical vulnerability resulting from this migration, and our subsequent tests clearly demonstrate its presence and impact. A multi-tiered testbed, consisting of both physical and emulated components, is used to evaluate protocol performance and the effects of device-specific implementation flaws. Through this analysis of specifications and behaviors during communication interruptions, we identify critical differences in fault handling and the impact on time-sensitive data delivery. The findings highlight how reliance on lower-level IT protocols can undermine OT system resilience, and they inform the development of mitigation strategies to enhance the robustness of industrial communication networks. Full article

Quantum computing challenges the mathematical problems anchoring the security of the classical public key algorithms. For quantum-resistant public key algorithms, the National Institute of Standards and Technology (NIST) has undergone a multi-year standardization process and selected the post-quantum cryptography (PQC) public key digital signatures of Dilithium, Falcon, and SPHINCS⁺. Finding common ground to compare these algorithms can be difficult because of their design differences, including the fundamental math problems (lattice-based vs. hash-based). We use a visualization model to show the key/signature size vs. security trade-offs for all PQC algorithms. Our performance analyses compare the algorithms’ computational loads in the execution time. Building on the individual algorithms’ analyses, we analyze the communication costs and implementation overheads when integrated with Public Key Infrastructure (PKI) and with Transport Layer Security (TLS) and Transmission Control Protocol (TCP)/Internet Protocol (IP). Our results show that the lattice-based algorithms of Dilithium and Falcon induce lower computational overheads than the hash-based algorithms of SPHINCS⁺. In addition, the lattice-based PQC can outperform the classical algorithm with comparable security strength; for example, Dilithium 2 and Falcon 512 outperform RSA 4096 in the TLS handshake time duration. Full article

Industrial Control Systems (ICS) have become increasingly vulnerable to cyber threats due to the growing interconnectivity with enterprise networks and the Industrial Internet of Things (IIoT). Among these threats, Address Resolution Protocol (ARP) spoofing presents a critical risk to the integrity and reliability of Modbus TCP/IP communications, particularly in environments utilizing Siemens S7 programmable logic controllers (PLCs). Traditional defense methods often rely on host-based software solutions or cryptographic techniques that may not be practical for legacy or resource-constrained industrial environments. This paper proposes a novel, lightweight hardware device designed to detect and mitigate ARP spoofing attacks in Modbus TCP/IP networks without relying on conventional computer-based infrastructure. An experimental testbed using Siemens S7-1500 and S7-1200 PLCs (Siemens, Munich, Germany) was established to validate the proposed approach. The results demonstrate that the toolkit can effectively detect malicious activity and maintain stable industrial communication under normal and adversarial conditions. Full article

Hybrid simulation integrates numerical and experimental techniques to analyze structural responses under static and dynamic loads. It physically tests components that are not fully characterized while modeling the rest of the structure numerically. Over the past two decades, hybrid testing platforms have become increasingly modular and versatile. This paper presents the development of a robust hybrid testing software framework at the National Laboratory for Civil Engineering (LNEC), Portugal, and evaluates the efficiency of its algorithms. The framework features a LabVIEW-based control and interface application that exchanges data with OpenSees via the OpenFresco middleware using a TCP/IP protocol. Designed for slow to real-time hybrid testing, it employs a predictor–corrector algorithm for motion control, enhanced by an adaptive time series (ATS)-based error tracking and delay compensation algorithm. Its modular design facilitates the integration of new simulation tools. The framework was first assessed through simulated hybrid tests, followed by validation via a hybrid test on a two-bay, one-story steel moment-resisting frame, where one exterior column was physically tested. The results emphasized the importance of the accurate system identification of the physical substructure and the precise calibration of the actuator control and delay compensation algorithms. Full article

Blockchain technology, as a distributed ledger technology, is becoming increasingly popular in various fields. However, the performance limitations of blockchain networks hinder their further development. Existing research on optimizing blockchain communication mechanisms based on P2P networks is constrained by the end-to-end transmission principles of TCP/IP networks, which lead to network congestion and bandwidth wastage during large-scale blockchain content distribution. Meanwhile, studies on ICN-based blockchain systems primarily focus on blockchain communication protocol implementation and compatibility within ICN/NDN networks. However, research on blockchain communication mechanisms in hybrid IP/ICN networking environments remains limited, failing to fully leverage ICN’s advantages to enhance the communication efficiency of existing blockchain P2P networks. To address this issue, this paper proposes BLOCK-ICN, an ICN-based blockchain network communication architecture compatible with IP networks. BLOCK-ICN enables ICN nodes with computing and storage capabilities to deploy blockchain applications, while maintaining compatibility with P2P networks. By leveraging ICN multicast technology, the architecture provides relay acceleration services for blockchain data dissemination. Specifically, in terms of network topology, BLOCK-ICN classifies network domains based on delay information provided by an enhanced resolution system and establishes select domain gateways based on data flow forwarding dependencies, thereby constructing a hierarchical and structured relay network topology. Regarding the broadcast protocol, ICN nodes perform parallel broadcasting via ICN multicast, and upon receiving messages, they further disseminate them to P2P nodes, reducing the overall network broadcast latency and bandwidth consumption. We extended SimBlock to implement and evaluate BLOCK-ICN. Simulation results demonstrated that, in a Bitcoin network with 16,000 nodes and an ICN node ratio of 1%, the broadcast delays for propagating blockchain data to 90% and 50% of the network were reduced by 25% and 33.2%, respectively, compared to Bitcoin. Full article

Current technological progress in automation and robotics allows human kinematics to be used to control any device. As part of this study, a sensory glove was developed that allows for a delta robot to be controlled using hand movements. The process of controlling an actuator can often be problematic due to its complexity. The proposed system solves this problem using human–machine interactions. The sensory glove allows for easy control of the robot by detecting the rotation of the hand and pressing the control buttons. Conventional buttons have been replaced with SMART materials such as conductive thread and conductive fabric. The ESP32 microcontroller placed on the control glove collects data read from the MPU6050 sensor. It also facilitates wireless communication with the Raspberry Pi microcontroller supporting the Modbus TCP/IP protocol, which controls the robot’s movement. Due to the noise of the data read from the gyroscope, the signals were subjected to a filtering process using basic recursive filters and an advanced algorithm with Kalman filters. Full article

This paper presents an intrusion detection system (IDS) leveraging a hybrid machine learning approach aimed at enhancing the security of IoT devices at the edge, specifically for those utilizing the TCP/IP protocol. Recognizing the critical security challenges posed by the rapid expansion of IoT networks, this work evaluates the proposed IDS model with a primary focus on optimizing training time without sacrificing detection accuracy. The paper begins with a comprehensive review of existing hybrid machine learning models for IDS, highlighting both their strengths and limitations. It then provides an overview of the technologies and methodologies implemented in this work, including the utilization of “Botnet IoT Traffic Dataset For Smart Buildings”, a newly released public dataset tailored for IoT threat detection. The hybrid IDS model is explained in detail, followed by a discussion of experimental results that assess the model’s performance in real-world conditions. Furthermore, the proposed IDS is evaluated for its effectiveness in enhancing IoT security within smart building environments, demonstrating how it can address unique challenges such as resource constraints and real-time threat detection at the edge. This work aims to contribute to the development of efficient, reliable, and scalable IDS solutions to protect IoT ecosystems from emerging security threats. Full article

Domain Name Server (DNS) amplification Distributed Reflection Denial of Service (DRDoS) attacks are a Distributed Denial of Service (DDoS) attack technique in which multiple IT systems forge the original IP of the target system, send a request to the DNS server, and then send a large number of response packets to the target system. In this attack, it is difficult to identify the attacker because of its ability to deceive the source, and unlike TCP-based DDoS attacks, it usually uses the UDP protocol, which has a fast communication speed and amplifies network traffic by simple manipulating options, making it one of the most widely used DDoS techniques. In this study, we propose a simple convolutional neural network (CNN) model that is designed to detect DNS amplification DRDoS attack traffic and has hyperparameters adjusted through experiments. As a result of evaluating the accuracy of the proposed CNN model for detecting DNS amplification DRDoS attacks, the average accuracy of the experiment was 0.9995, which was significantly better than several machine learning (ML) models in terms of performance. It also showed good performance compared to other deep learning (DL) models, and, in particular, it was confirmed that this simple CNN had the fastest time in terms of execution compared to other deep learning models by experimentation. Full article

The growing prevalence of cybersecurity threats is a significant concern for railway systems, which rely on an extensive network of onboard and trackside sensors. These threats have the potential to compromise the safety of railway operations and the integrity of the railway infrastructure itself. This paper aims to examine the current cybersecurity measures in use, identify the key vulnerabilities that they address, and propose solutions for enhancing the security of railway infrastructures. The report evaluates the effectiveness of existing security protocols by reviewing current standards, including IEC62443 and NIST, as well as case histories of recent rail cyberattacks. Significant gaps have been identified, especially where modern and legacy systems need to be integrated. Weaknesses in communication protocols such as MVB, CAN and TCP/IP are identified. To address these challenges, the paper proposes a layered security framework specific to railways that incorporate continuous monitoring, risk-based cybersecurity modeling, AI-assisted threat detection, and stronger authentication methodologies. The aim of these recommendations is to improve the resilience of railway networks and ensure a safer, more secure infrastructure for future operations. Full article

The paper presents an innovative virtual reality (VR)-based environment for personalized telerehabilitation programs. This environment integrates a parallel robotic structure designed for the lower limb rehabilitation of patients with neuromotor disabilities and a virtual patient. The robotic structure is controlled via a user interface (UI) that communicates with the VR environment via the TCP/IP protocol. The robotic structure can also be operated using two controllers that communicate with a VR headset via the Bluetooth protocol. Through these two controllers, the therapist demonstrates to the patient various exercises that the robotic system can perform. With the right-hand controller, the therapist guides exercises for the hip and knee, while the left-hand controller manages ankle exercises. The therapist remotely designs a rehabilitation plan for patients at home, defining exercises, interacting with the rehabilitation robot in real-time via the VR headset and the two controllers, and initiating therapy sessions. The user interface allows monitoring of patient progress through video feedback, electromyography (EMG) sensors, and session recording. Full article

OT (operational technology) protocols such as DNP3/TCP, commonly used in the electrical utility sector, have become a focal point for security researchers. We assess the applicability of attacks previously published from theoretical and practical points of view. From the theoretical point of view, previous work strongly focuses on transcribing protocol details (e.g., list fields at the link, transport, and application layer) without providing the rationale behind protocol features or how the features are used. This has led to confusion about the impact of many theoretical DNP3 attacks. After a detailed analysis around which protocol features are used and how, a review of the configuration capabilities for several IEDs (Intelligent Electrical Devices), and some testing with real devices, we conclude that similar results to several complex theoretical attacks can be achieved with considerably less effort. From a more practical point of view, there is existing work on DNP3 man-in-the-middle attacks; however, research still needs to discuss how to overcome a primary hardening effect: IEDs can be configured to allow for communication with specific IP addresses (allow list). For purely scientific purposes, we implemented a DNP3 man-in-the-middle attack capable of overcoming the IP allow-list restriction. We tested the attack using real IEDs and network equipment ruggedized for electrical environments. Even though the man-in-the-middle attack can be successful in a lab environment, we also explain the defense-in-depth mechanisms provided by industry in real life that mitigate the attack. These mechanisms are based on standard specifications, capabilities of the OT hardware, and regulations applicable to some electrical utilities. Full article