IoT Security Approaches in Oil & Gas Solution Industry 4.0

Oil and Gas Industry is a very complex one where very specialized equipment, tools and assets are used. The last years, the trend within that industry is to integrate digital technologies in the oil and gas extraction processes as ICT performance has increased and the price has declined. As effect, the productivity of the industry has increased by using digital technologies as IoT, cloud computing, industrial internet, artificial intelligence, block-chain etc. This paper highlights IoT approaches and solutions that could be applied in the oil and gas industry in creating new value in information generated by IoT infrastructures by integration the sensor data, communication channels and data analytics. Large variety of IoT deployments and protocols raises the IoT security assurance way. In this sense, the paper provides security solutions and examples.


Introduction
Industry 4.0 and Internet of Things -IoT are new terms on hype these days and in the market more solutions appear in the field of these buzzing words.According with Wikipedia [9], "Industry 4.0 is a name for the current trend of automation and data exchange in manufacturing technologies.It includes cyber-physical systems, the Internet of things, cloud computing and cognitive computing.Industry 4.0 is commonly referred to as the fourth industrial revolution."Fig. 1.Industry 4.0 Phases [9] The Industry 4.0 revolution applied into Oil and Gas field, involves the improvement of the existing SCADA systems and specific filed bus communications protocols (e.g.OPC) with Internet of Things and Cloud computing technologies, in order to provide predictive analytics.The predictive analytics help the IoT solution to detect potential downtimes and to operate fixes within the productions systems with zero-down-time approach.In Oil and Gas filed specific equipment and protocols are deployed and the cyber security level should be high in order to use the produced data in cloud computing context.Therefore, for the Oil & Gas Industry 4.0 solution, the following diagram shows the potential Sensors/Actuators Applications [10]:  Through this application they can also notify when a repair is complete as figure 7 highlights.C6) Analytics Web Dashboard is used for having predictive maintenance.

Components Overview and Data Flow
The first two components from the architecture (C1

Security Improvements for the IoT REST APIs
REpresentational State Transfer (REST) facilitates communication between computer systems on the web.Implementation of REST is made by using the next elements [12]: The CA certificate could be created by using OpenSSL tool.In order to use users' certificates, the following stages must be followed [18] 1. Creating CA certificatetwo steps to be accomplished [18]

Fig. 3 .
Fig. 3. System Architecture of the prototype for Matrikon/Honeywell Data Logger Gateway integration with Oracle IoT CS

Fig. 7 .
Fig. 7. Oracle Android Mobile Technician App -Monitoring Screen [16]urces provided by directory structure URIs.Structured files (e.g.JSON, XML) as representation of the objects and attributes.HTTPmethods to send messages across web.Session state hold only by the clients.According to TechTarget, "A RESTful API is an application program interface (API) that uses HTTP requests to GET, PUT, POST and DELETE data".RESTful API provides high flexibility to software developers to design, implement and maintain applications thanks to stateless and modularity principles of the REST.RESTful APIs are appropriate for web applications, but they are also successfully used in cloud computing and microservice implementations.Because REST services are used over the web, security must be the main concern and challenge for RESTful API implementers and integrators.According to[14],[16], following technologies and security measures can be used when RESTful APIs are implemented for IoT cloud computing solutions: DOI: 10.12948/issn14531305/22.3.2018.05

out verificationCert.key 2048 2
.3 Create a Certificate Signing Request (CSR) for the private key verification certificate.The registration code is used for the Common Name field: aws iot get-registration-code 2.2 Generate a key pair for the private key verification certificate: DOI: 10.12948/issn14531305/22.3.2018.05openssl genrsa -

/rootCA.pem aws iot update-certificate --certificate-id xxxxxxxxxxx --new-status ACTIVE aws iot register-certificate --certificate-pem file://deviceCert.crt --ca-certificate-pem file://caCert.crt aws iot update-ca-certificate --cert-id caCertificateId --new-auto-registration-status ENABLE aws iot register-ca-certificate --ca-certificate file://rootCA.pem --verification-cert file://privateKeyVerificationCert.crt --allow-auto-registration
Signatureit is generated by considering the items: the encoded header, the encoded payload, a key, the algorithm specified in the header and the signature generation pattern as:In[17], some examples to get the activation token and message token are provided to guide the Oracle IoT Cloud Service REST API user how to create requests for such kind of tokens.The requests are sent by using cURL utility tool in the command line and the server response is provided also in the command line.The cURL command for getting the activation token looks like [17]: Algorithm(base64UrlEncode(header) + "." + base64UrlEncode(payload), key) curl -X POST -H 'Accept:application/json' -H 'Content-Type: application/x-www-form-urlencoded' --