Connectivity Framework
5 : Connectivity Transport Layer
connectivity framework based on the connection-oriented transport may preclude it from providing a connectionless data exchange .
5.1.5 PRIORITIZATION
IIoT systems need to ensure that critical data is delivered ahead of non-critical data .
The connectivity transport function can provide the ability to prioritize some messages over others in the data exchange between endpoints .
5.1.6 TIMING & SYNCHRONIZATION
IIoT systems need a way to synchronize local endpoint clocks over a connectivity transport network . Many methods are in use today , including NTP- or PTP-based time synchronization and GPS clocks , and new approaches are in development .
The connectivity transport function may provide the ability to synchronize time across the network .
5.1.7 MESSAGE SECURITY
The security mechanisms provided by the connectivity transport layer should implement and enforce the connectivity-framework-layer data security function ( see section 4.1.11 ).
Transport layer security involves both the messaging protocol and the network layer security . Both should provide mechanisms for endpoint authentication , message encryption and message authentication . Security implemented by each function may provide controls with different granularity and be separately administered .
At the network level , network endpoint security mechanisms can grant access based on policy and enforce security by means of encrypted virtual local area networks ( VLANs ) and firewalls .
At the messaging protocol level , message oriented security mechanisms based on policy can enforce permissions by fine-grained cryptographic means . For example , different data flows may be configured to use different cryptographic keys such that permissions granted to an application to access one flow does not allow it to observe a different flow .
There may be multiple transport and network hops between endpoints . End-to-end security is desired , and security should not be compromised when crossing gateways , proxies and bridges between the endpoints .
For more details , please refer to the Industrial Internet Security Framework ( IISF ) 1 .
1
See [ IIC-IISF2016 ] IIC : PUB : G5 : V1.0 : PB : 20170228 - 40 -