Next Article in Journal
Predicting COVID-19 Hospital Stays with Kolmogorov–Gabor Polynomials: Charting the Future of Care
Previous Article in Journal
Securing the Network: A Red and Blue Cybersecurity Competition Case Study
 
 
Article
Peer-Review Record

Security Analysis and Enhancement of INTERBUS Protocol in ICS Based on Colored Petri Net

Information 2023, 14(11), 589; https://doi.org/10.3390/info14110589
by Tao Feng, Chengfan Liu *, Xiang Gong and Ye Lu
Reviewer 1:
Reviewer 2: Anonymous
Information 2023, 14(11), 589; https://doi.org/10.3390/info14110589
Submission received: 28 August 2023 / Revised: 25 October 2023 / Accepted: 28 October 2023 / Published: 29 October 2023

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Try to avoid full stop for sub section headings.

Good to write overview of section before starting sub sections in one or two sentences.

Some figures are unclear and difficult to read. If possible enlarge blocks in figures, not lines.

 

 

Comments on the Quality of English Language

No comments

Author Response

See annex for details of responses

Author Response File: Author Response.docx

Reviewer 2 Report

Comments and Suggestions for Authors

The paper addresses the security concerns specific to the widely adopted INTERBUS protocol—a fieldbus protocol.  The presented approach utilizes Colored Petri Nets (CPN) theory for modeling, providing a comprehensive analysis of the protocol's security.

The abstract is well-written and summarizes the main contributions of the paper in a clear way.

In the Introduction, the most important notions used in the paper such as IoT, SCADA, Petri Net, etc. are briefly mentioned. The section is rather short but since there are separate sections dedicated to literature overview and preliminaries, it is not necessary to extend the Introduction section.

The Related Work section is generally well-written but some directions of research are missing and must be included supported by appropriate references. For example, an important paper is

A. Treytl, T. Sauter and C. Schwaiger, "Security measures for industrial fieldbus systems - state of the art and solutions for IP-based approaches," IEEE International Workshop on Factory Communication Systems, 2004. Proceedings., Vienna, Austria, 2004, pp. 201-209, doi: 10.1109/WFCS.2004.1377709.

where it is shown that automation networks differ from communication relations in the Internet, and solutions for the particular security problems on the field level and the interconnection with higher levels are yet to be proposed.

Another important recent paper is

Peserico, G., et al. Functional Safety Networks and Protocols in the Industrial Internet of Things Era. Sensors 2021, 21, 6073.

where the authors address the challenges concerned with functional safety networks and protocols in Industrial Internet of Things ecosystems. First, the design characteristics of functional safety networks is introduced and the adoption of safety protocols over wireless networks discussed. Then, the authors specifically address one of such protocols, namely Fail Safety over EtherCAT (FSoE), and provide the results of an extensive experimental session carried out exploiting a prototype system, implemented using commercial devices based on a WiFi network.

The notion of Petri Net which is central to the paper is well-explained in section 3.2 but the authors should state clearly the advantages of the Petri Net approach to the problem compared to other approaches. For example, in recent years an extension of the Petri Nets named Generalized Nets has been successfully used in the modelling of transport systems. In the recent paper

T. Boyukov et al. "Generalized net model of the connections between different types of transport in Bulgaria," 2022 IEEE 11th International Conference on Intelligent Systems (IS), Warsaw, Poland, 2022, pp. 1-4, doi: 10.1109/IS57118.2022.10019720.

a generalized net model of the connection between various types of transport systems is developed. The use of Petri Nets has one important advantage in comparison to their extensions such as the Generalized Net – Petri Net models are easier to be constructed and allow for easier construction of conceptual, analytical and simulation models. This should be included in the paper as a justification of the use of Petri Nets.

The paper should be formatted according to the journal template as at present different fonts are used in the titles of sections/subsections and the main text body.

At some places incorrect use of small letters instead of capitals is observed (see line 616).

The new solution models are well-described. What is missing to me is a discussion on the effect of the proposed models on the Quality of Service (QoS) as this is the most important parameter in service systems in general.

Overall, the paper is interesting and presents some valuable contributions. I recommend that the paper be published once the authors address adequately my remarks.

Comments on the Quality of English Language

Moderate editting is needed. There are punctuation errors and unclear sentences. 

Author Response

See annex for details of responses

Author Response File: Author Response.docx

Reviewer 3 Report

Comments and Suggestions for Authors

The article brings a very instigating problem with practical impact in the modern industry (even in the I3.0 stage). On the path to open models (toward I4.0), the security problem will appear and become critical.

 

Therefore, formal modeling communication in a manufacturing plant is undoubtedly an issue. On the other hand, the motivation to use Coloured Petri Nets on pages 4 and 5 is strongly connected with "tools that come with CPN Tools" instead of the suitability of the modeling process. Even if tools are essential for practical reasons, it certainly is not the primary motivation. It is unclear why coloured nets are used instead of classical nets since the identification of messages is not used in the folding.

 

The article details the process of modeling, which is an excellent practical work. However, it does not present a clear justification for using the proposed approach, which is the center of the proposition.

 

Reference 26, which seems important to introduce coloured Petri Nets, needs to be completed. The complete reference is,

 

Ratzer, A.V. et al. (2003). CPN Tools for Editing, Simulating, and Analysing Coloured Petri Nets. In: van der Aalst, W.M.P., Best, E. (eds) Applications and Theory of Petri Nets 2003. ICATPN 2003. Lecture Notes in Computer Science, vol 2679. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44919-1_28

 

 

Comments on the Quality of English Language

The paper also deserves an English revision. There some repetitive use of the same word in statements, as in "Assumes that attacker's computational power assumes" and other similar. 

Author Response

See annex for details of responses

Author Response File: Author Response.docx

Round 2

Reviewer 2 Report

Comments and Suggestions for Authors

Thank you for revising the paper. It has been significantly improved.  I recommend publishing the paper in the present form.

Comments on the Quality of English Language

There are some unclear sentences. Moderate editting is required.

Reviewer 3 Report

Comments and Suggestions for Authors

The answers from the author fit the comments. The article can still raise some discussion, but this is not an obstacle to publication.

Back to TopTop