No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Leveraging Edge Computing and Differential Privacy to Securely Enable Industrial Cloud Collaboration Along the Value Chain
Abstract
Big data continues to grow in the manufacturing domain due to increasing interconnectivity on the shop floor in the course of the fourth industrial revolution. The optimization of machines based on either real-time or historical machine data provides benefits to both machine producers and operators. In order to be able to make use of these opportunities, it is necessary to access the machine data, which can include sensitive information such as intellectual property. Employing the use case of machine tools, this paper presents a solution enabling industrial data sharing and cloud collaboration while protecting sensitive information. It employs the edge computing paradigm to apply differential privacy to machine data in order to protect sensitive information and simultaneously allow machine producers to perform the necessary calculations and analyses using this data.
Der Einsatz von Edge-Computing-Technologien bietet Unternehmen große Potenziale für die Prozessoptimierung sowie die Entwicklung neuer Produkte und innovativer Geschäftsmodelle. Die mit Edge-Computing verbundene Verlagerung von Speicher- und Rechenkapazitäten nahe dem Ort der Datenerzeugung (der Edge) ermöglicht aus technischer, organisatorischer und wirtschaftlicher Perspektive neuartige Anwendungsfälle in verschiedensten Domänen. Insbesondere in kleinen und mittelständischen Unternehmen (KMU) mangelt es jedoch noch an Kenntnis über Edge-Computing und dessen praktische Einsatzmöglichkeiten zur Entwicklung und Implementierung von Anwendungsfällen. Ein Umstand, der die Realisierung datenwirtschaftlicher Wertschöpfung derzeit noch verhindert.
Ziel dieser Studie ist es, Unternehmen, insbesondere KMU, bei der Entwicklung eigener Edge-Computing-Anwendungsfälle zu unterstützen. Ausgehend von Fragestellungen hinsichtlich der Konzeptualisierung von Edge-Computing und Datenwirtschaft, der möglichen Gestaltung von Edge-Computing-Anwendungsfällen und den in diesem Rahmen auftretenden Herausforderungen und Potenzialen für Early-Adopters liefert diese Kurzstudie eine Orientierungshilfe für Entscheiderinnen und Entscheider, Entwicklungsmanagerinnen und Entwicklungsmanager und alle weiteren Interessierten, die sich derzeit oder zukünftig mit dem Einsatz von Edge-Computing zur Generierung von unternehmerischen Mehrwerten befassen. Die Studie liefert darüber hinaus Handlungsempfehlungen zur Entwicklung eigener Edge-Computing-Anwendungen in Unternehmen.
Die Ergebnisse dieser Studie basieren auf einer Analyse von Edge-Computing-Anwendungsfällen, die im Rahmen der zehn Projekte des vom Bundesministerium für Wirtschaft und Klimaschutz (BMWK) geförderten Technologieprogramms Edge Datenwirtschaft zum Veröffentlichungszeitpunkt der Studie entwickelt werden. Diese Edge-Computing-Anwendungsfälle werden hauptsächlich von Early-Adopters aus KMU umgesetzt. In einer Befragung wurden 37 zuvor definierte Herausforderungen und Potenziale durch 30 Early-Adopters aus verschiedenen Organisationen und Domänen und mit unterschiedlichen Rollen bewertet.
Eine konzeptuelle Gegenüberstellung der Themen Datenwirtschaft und Edge-Computing legt dar, dass Edge-Computing in verschiedenen Schritten der Datenwertschöpfungskette durch die lokale Durchführung von Prozessen eine wichtige Unterstützungsfunktion einnehmen kann. Mithilfe von Edge-Computing können die Gewinnung von Daten aus IoT-Umgebungen, Prozesse wie Datenaufbereitung und Datenanonymisierung sowie die Gewinnung und Bereitstellung von Informationen mit hoher Servicequalität erfüllt werden. Edge-Computing adressiert also auf konzeptioneller Ebene in der Datenwirtschaft herrschende Herausforderungen wie die Verwaltung und Analyse großer Datenmengen, die Einhaltung von Datenschutz- und Datensicherheitsrichtlinien sowie die technische Realisierung von Datensouveränität.
Die Studie stellt anhand von zehn realen Edge-Computing-Anwendungsfällen beispielhaft dar, wie Edge-Computing für interne Prozessinnovation sowie neuartige Produkte und Geschäftsmodelle in der Energie- und Wasserwirtschaft, der Gesundheitswirtschaft, der Lebensmittelindustrie, in der industriellen Produktion und im Bereich von Smart Living eingesetzt werden kann. Die schematische Darstellung der Anwendungsfälle dient als Inspirationsquelle zur Entwicklung eigener Edge-Computing-Anwendungsfälle und zeigt verschiedene Ansätze zur technischen Realisierung auf. Die zugehörige Beschreibung der Anwendungsfälle zeigt, wie wichtig die Kollaboration verschiedener Akteure bei der Realisierung von Edge-Computing-Anwendungsfällen ist.
Es sind vor allem wirtschaftliche und organisatorische Kriterien, die die Early-Adopters von Edge-Computing dazu bewegen, Edge-Computing-Anwendungsfälle aufzubauen: Die Befragten begründen ihre Motivation mit dem Vorantreiben der digitalen Transformation, der Verbesserung der ökologischen Nachhaltigkeitsbilanz sowie der Entwicklung innovativer Produkte und Dienstleistungen. Auf der anderen Seite identifizieren die Befragten insbesondere technische und organisatorische Faktoren als Hürden für die Umsetzung neuartiger Edge-Computing-Anwendungsfälle: Sie benennen unter anderem die Sicherstellung eines effizienten Gerätemanagements, das Fehlen von Standards für die Portabilität und Interoperabilität von Komponenten und Daten sowie den aktuell niedrigen Reifegrad technischer Lösungen zur Realisierung von Datensouveränität als Hemmfaktoren.
Diese Kurzstudie liefert Antworten auf die Fragen, wie Anwendungsfälle unter Nutzung von Edge-Computing-Ressourcen gestaltet werden können, welche Potenziale dabei ausschlaggebend sind und welche Herausforderungen für einen produktiven Einsatz zu überwinden sind. Die Studie gibt den Lesenden damit wichtige Hinweise für die Konzeptionierung und Konzeptevaluation eigener Edge-Computing-Anwendungsvorhaben.
Cyber-physical systems are subject to natural uncertainties and sensor noise that can be amplified/attenuated due to feedback. In this work, we want to leverage these properties in order to define the inherent differential privacy of feedback-control systems without the addition of an external differential privacy noise. If larger levels of privacy are required, we introduce a methodology to add an external differential privacy mechanism that injects the minimum amount of noise that is needed. On the other hand, we show how the combination of inherent and external noise affects system security in terms of the impact that integrity attacks can impose over the system while remaining undetected. We formulate a bilevel optimization problem to redesign the control parameters in order to minimize the attack impact for a desired level of inherent privacy.
The fourth industrial revolution (Industrie 4.0) is distinguished by a growing network and intelligence of machines, products, services and data. This results in new business models and value chains, but also various risks, e.g. by hacker attacks, data theft or manipulation. Many companies consider Industrie 4.0 much as a security challenge other than an opportunity or enabler for new business models. Therefore, effective security methods to protect the Industrie 4.0 systems and its associated values and assets are needed. One of the aims of Industrie 4.0 is identifying and developing new, appropriate security practices for enterprises and especially for their production systems. Based on the connectivity infrastructure in the shop floor, the diversity in the corporate landscape of the global mechanical and plant engineering ultimately causes that every company has to develop its own way of IT and production security management.
A lot of privacy protection technologies have been proposed, but most of them are independent and aim at protecting some specific privacy. There is hardly enough deep study into the attributes of privacy. To minimize the damage and influence of the privacy disclosure, the important and sensitive privacy should be a priori preserved if all privacy pieces cannot be preserved. This paper focuses on studying the attributes of the privacy and proposes privacy information security classification (PISC) model. The privacy is classified into four security classifications by PISC, and each classification has its security goal, respectively. Google search engine is taken as the research platform to collect the related data for study. Based on the data from the search engine, we got the security classifications of 53 pieces of privacy.
The collection of digital information by governments, corporations, and individuals has created tremendous opportunities for knowledge- and information-based decision making. Driven by mutual benefits, or by regulations that require certain data to be published, there is a demand for the exchange and publication of data among various parties. Data in its original form, however, typically contains sensitive information about individuals, and publishing such data will violate individual privacy. The current practice in data publishing relies mainly on policies and guidelines as to what types of data can be published and on agreements on the use of published data. This approach alone may lead to excessive data distortion or insufficient protection. Privacy-preserving data publishing (PPDP) provides methods and tools for publishing useful information while preserving data privacy. Recently, PPDP has received considerable attention in research communities, and many approaches have been proposed for different data publishing scenarios. In this survey, we will systematically summarize and evaluate different approaches to PPDP, study the challenges in practical data publishing, clarify the differences and requirements that distinguish PPDP from other related problems, and propose future research directions.
In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by public key infrastructures. One of the key criticisms is the architecture’s implicit assumption that certificate authorities (CAs) are trustworthy a priori. This work proposes a metric to compensate this assumption by a differentiating assessment of a CA’s individual trustworthiness based on objective criteria. The metric utilizes a wide range of factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection. The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA’s different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric’s outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.
Methoden der Systemidentifikation ermöglichen, das dynamische Verhalten von Werkzeugmaschinen zu ermitteln und Prozessparameter während der Bearbeitung zu optimieren. Der Verwendung cloudbasierter Ansätze erlaubt dabei die Auswertung großer Datenmengen und die Aggregation von Informationen über verschiedene Anlagen und Produktionsstandorte hinweg. Um die Bereitschaft der Maschinenbetreiber zu erhöhen, diese Daten über Unternehmensgrenzen hinaus bereitzustellen, müssen die Informationen noch innerhalb des Unternehmens anonymisiert und verschlüsselt werden.
System identification methods allow the determination of the dynamic behaviour of machine tools and the optimization of process parameters during machining operation. Cloud-based approaches facilitate the evaluation of large amounts of data and the aggregation of information from various machine tools and production sites. However, in order to increase the willingness of companies to make this data available across company boundaries, the information must be transferred in an anonymous and encrypted state.
While the privacy of personal data has captured great attention in the public debate, resulting, e.g., in the European GDPR guideline, the sovereignty of knowledge-intensive small and medium enterprises concerning the usage of their own data in the presence of dominant data-hungry players in the Internet needs more investigation. In Europe, even the legal concept of data ownership is unclear. We reflect on requirements analyses, reference architectures and solution concepts pursued by the International Data Spaces Initiative to address these issues. The second part will more deeply explore our current interdisciplinary research in a visionary “Internet of Production” with 27 research groups from production and materials engineering, computer science, business and social sciences. In this setting, massive amounts of heterogeneous data must be exchanged and analyzed across organizational and disciplinary boundaries, throughout the lifecycle from (re-)engineering, to production, usage and recycling, under hard resource and time constraints. A shared metaphor, borrowed from Plato’s famous Cave Allegory, serves as the core modeling and data management approach from conceptual, logical, physical, and business perspectives.
Industrial robots, used for milling processes, have to execute highly dynamic and accurate movements. External static and dynamic process forces lead to static deflections and dynamic excitations. In this paper, we present a coupled offline simulation and planning strategy of the machine-process interaction with online adaptation mechanisms for increased system robustness. The process planning, optimization and milling force prediction are executed offline, while the online compensation and adaptation accounts for static deflections and unmodeled disturbances. The benefits of the combined offline and online approach are demonstrated by stabilizing machining processes and accurate deflection compensation with unmodeled changes in spindle speed and feed rate for the machining of aluminum workpieces.
Public key infrastructures (PKIs) build the foundation for secure communication of a vast majority of cloud services. In the recent past, there has been a series of security incidents leading to increasing concern regarding the trust model currently employed by PKIs. One of the key criticisms is the architecture's implicit assumption that certificate authorities (CAs) are trustworthy a priori.
This work proposes a holistic metric to compensate this assumption by a differentiating assessment of a CA's individual trustworthiness based on objective criteria. The metric utilizes a wide range of technical and non-technical factors derived from existing policies, technical guidelines, and research. It consists of self-contained submetrics allowing the simple extension of the existing set of criteria. The focus is thereby on aspects which can be assessed by employing practically applicable methods of independent data collection.
The metric is meant to help organizations, individuals, and service providers deciding which CAs to trust or distrust. For this, the modularized submetrics are clustered into coherent submetric groups covering a CA's different properties and responsibilities. By applying individually chosen weightings to these submetric groups, the metric's outcomes can be adapted to tailored protection requirements according to an exemplifying attacker model.
Modern cyber physical systems (CPSs) has widely being used in our daily lives because of development of information and communication technologies (ICT). With the provision of CPSs, the security and privacy threats associated to these systems are also increasing. Passive attacks are being used by intruders to get access to private information of CPSs. In order to make CPSs data more secure, certain privacy preservation strategies such as encryption, and k-anonymity have been presented in the past. However, with the advances in CPSs architecture, these techniques also need certain modifications. Meanwhile, differential privacy emerged as an efficient technique to protect CPSs data privacy. In this paper, we present a comprehensive survey of differential privacy techniques for CPSs. In particular, we survey the application and implementation of differential privacy in four major applications of CPSs named as energy systems, transportation systems, healthcare and medical systems, and industrial Internet of things (IIoT). Furthermore, we present open issues, challenges, and future research direction for differential privacy techniques for CPSs. This survey can serve as basis for the development of modern differential privacy techniques to address various problems and data privacy scenarios of CPSs.
Customer-individual production in manufacturing is a current trend related to the Industrie 4.0 paradigm. Creation of design files by the customers is becoming more frequent. These design files are typically generated outside the company boundaries and then transferred to the organization where they are eventually processed and scheduled for production. From a security perspective, this introduces new attack vectors targeting producing companies. Design files with malicious configuration parameters can threaten the availability of the manufacturing plant resulting in financial risks and can even cause harm to humans. Human verification of design files is error-prone why an automated solution is required. A graph-theoretic modeling framework for machine tools capable of verifying the security of product designs is proposed. This framework is used to model an exemplary production process implemented in a wood processing plant based on the experiences of a real-world case study. Simulation of the modeled scenario shows the feasibility of the framework. Apart from security verification, the approach can be adopted to decide if a product design can be manufactured with a given set of machine tools.
In distributed control systems with shared resources, participating agents can improve the overall performance of the system by sharing data about their personal preferences. In this paper, we formulate and study a natural tradeoff arising in these problems between the privacy of the agent's data and the performance of the control system. We formalize privacy in terms of differential privacy of agents' preference vectors. The overall control system consists of N agents with linear discrete-time coupled dynamics, each controlled to track its preference vector. Performance of the system is measured by the mean squared tracking error. We present a mechanism that achieves differential privacy by adding Laplace noise to the shared information in a way that depends on the sensitivity of the control system to the private data. We show that for stable systems the performance cost of using this type of privacy preserving mechanism grows as O(T
3
/Nε
2
), where T is the time horizon and ε is the privacy parameter. For unstable systems, the cost grows exponentially with time. From an estimation point of view, we establish a lower-bound for the entropy of any unbiased estimator of the private data from any noise-adding mechanism that gives ε-differential privacy. We show that the mechanism achieving this lower-bound is a randomized mechanism that also uses Laplace noise.
To support industrial automation, systems such as GraspIt! and Dex-Net 1.0 provide “Grasp Planning as a Service” (GPaaS). To assist manufacturers setting up automated assembly lines, users can send part geometry via the Internet to the service and receive a ranked set of robust grasp configurations. As industrial users may be reluctant to share proprietary details of product geometry with outside parties, this paper proposes a privacy-preserving approach awhere a masked version of the part boundary is uploaded, allowing proprietary aspects of the part geometry to remain confidential. One challenge is the tradeoff between grasp coverage and privacy: balancing the desire for a rich set of alternative grasps based on analysis of graspable surfaces (coverage) against the desire for privacy. We introduce a grasp coverage metric based on dispersion from motion planning, and plot its relationship with privacy (the fraction of the object surface that is masked). We implement the algorithm using Dex-Net 1.0 and present case studies of the privacy-coverage tradeoff on a set of 23 industrial parts. Results suggest that masking the part using the convex hull of the proprietary zone can provide grasp coverage with minor distortion to the object similarity metric used to accelerate grasp planning in Dex-Net 1.0. Code, data, and additional information can be found at http://berkeleyautomation.io/privacy_preserving_grasping.
We introduce Concentrated Differential Privacy, a relaxation of Differential Privacy enjoying better accuracy than both pure differential privacy and its popular "(epsilon,delta)" relaxation without compromising on cumulative privacy loss over multiple computations.
The problem of privacy-preserving data analysis has a long history spanning multiple disciplines. As electronic data about individuals becomes increasingly detailed, and as technology enables ever more powerful collection and curation of these data, the need increases for a robust, meaningful, and mathematically rigorous definition of privacy, together with a computationally rich class of algorithms that satisfy this definition. Differential Privacy is such a definition. After motivating and discussing the meaning of differential privacy, the preponderance of this monograph is devoted to fundamental techniques for achieving differential privacy, and application of these techniques in creative combinations, using the query-release problem as an ongoing example. A key point is that, by rethinking the computational goal, one can often obtain far better results than would be achieved by methodically replacing each step of a non-private computation with a differentially private implementation. Despite some astonishingly powerful computational results, there are still fundamental limitations – not just on what can be achieved with differential privacy but on what can be achieved with any method that protects against a complete breakdown in privacy. Virtually all the algorithms discussed herein maintain differential privacy against adversaries of arbitrary computational power. Certain algorithms are computationally intensive, others are efficient. Computational complexity for the adversary and the algorithm are both discussed. We then turn from fundamentals to applications other than query-release, discussing differentially private methods for mechanism design and machine learning. The vast majority of the literature on differentially private algorithms considers a single, static, database that is subject to many analyses. Differential privacy in other models, including distributed databases and computations on data streams is discussed. Finally, we note that this work is meant as a thorough introduction to the problems and techniques of differential privacy, but is not intended to be an exhaustive survey – there is by now a vast amount of work in differential privacy, and we can cover only a small portion of it.
Supervisory Control and Data Acquisition (SCADA) systems control and monitor industrial and critical infrastructure functions, such as electricity, gas, water, waste, railway, and traffic. Recent attacks on SCADA systems highlight the need for stronger SCADA security. Thus, sharing SCADA traffic data has become a vital requirement in SCADA systems to analyze security risks and develop appropriate security solutions. However, inappropriate sharing and usage of SCADA data could threaten the privacy of companies and prevent sharing of data. In this paper, we present a privacy preserving strategy-based permutation technique called PPFSCADA framework, in which data privacy, statistical properties and data mining utilities can be controlled at the same time. In particular, our proposed approach involves: (i) vertically partitioning the original data set to improve the performance of perturbation, (ii) developing a framework to deal with various types of network traffic data including numerical, categorical and hierarchical attributes: (iii) grouping the portioned sets into a number of clusters based on the proposed framework; and (iiii) the perturbation process is accomplished by the alteration of the original attribute value by a new value (clusters centroid). The effectiveness of the proposed PPFSCADA framework is shown through several experiments on simulated SCADA, intrusion detection and network traffic data sets. Through experimental analysis, we show that PPFSCADA effectively deals with multivariate traffic attributes, producing compatible results as the original data, and also substantially improving the performance of the five supervised approaches and provides high level of privacy protection.
The pervasiveness of location-aware devices has spawned extensive research in trajectory data mining, resulting in many important real-life applications. Yet, the privacy issue in sharing trajectory data among different parties often creates an obstacle for effective data mining. In this paper, we study the challenges of anonymizing trajectory data: high dimensionality, sparseness, and sequentiality. Employing traditional privacy models and anonymization methods often leads to low data utility in the resulting data and ineffective data mining. In addressing these challenges, this is the first paper to introduce local suppression to achieve a tailored privacy model for trajectory data anonymization. The framework allows the adoption of various data utility metrics for different data mining tasks. As an illustration, we aim at preserving both instances of location-time doublets and frequent sequences in a trajectory database, both being the foundation of many trajectory data mining tasks. Our experiments on both synthetic and real-life data sets suggest that the framework is effective and efficient to overcome the challenges in trajectory data anonymization. In particular, compared with the previous works in the literature, our proposed local suppression method can significantly improve the data utility in anonymous trajectory data.
A Pseudonymous Communications Infrastructure for the Internet by Ian Avrum Goldberg Doctor of Philosophy in Computer Science University of California at Berkeley Professor Eric Brewer, Chair As more and more of people's everyday activities are being conducted online, there is an ever-increasing threat to personal privacy. Every communicative or commercial transaction you perform online reveals bits of information about you that can be compiled into large dossiers, often without your permission, or even your knowledge.
Infinite-horizon Gaussian processes
- A Solin
- J Hensman
- R E Turner