Pk-IOTA is a research prototype for securing OPC UA communications in Industry 4.0 by combining:
- programmable data-plane validation (P4 switches), and
- decentralized certificate management workflows built on IOTA.
This repository contains both the implementation and the reproducibility artifacts used for overhead evaluation and formal analysis.
IOTA_src/- IOTA transaction workflows, smart contracts, frontend utilities, and MQTT-related scripts.
testbeds/- Kathara-based network labs, P4 programs, traffic replay/synthesis pipelines, analyzers, and image build tooling.
tests/- Result artifacts and plots (existing
IOTA,P4and testbed campaign outputs underTESTBEDS).
- Result artifacts and plots (existing
formal_verification/- Tamarin models and security property checks.
utils/- Legacy helper scripts and utility image definitions.
testbeds/Maynard- Replay-based benchmark using host-split PCAP traces (OPC UA on TCP/8666).
testbeds/motra/simple-water-treatment-plant/kathara-single-dev-p4- MOTRA reproduction in Kathara with one P4 switch per subnet.
testbeds/ot-security-testbed/kathara-otsec-p4- OT Security testbed reproduction in Kathara (single L2 domain + one P4 switch).
testbeds/1client_1server- Synthetic OPC UA scenario for controlled certificate-size overhead sweeps.
- Testbeds overview and execution guide:
- Build or pull required Docker images for the selected lab.
- Run paired measurements (
forwardvsextraction) with the per-testbed runner. - Run the corresponding analyzer to generate:
per_run.csvsummary.csvreport.md
- Store outputs under
tests/TESTBEDS(default for the all-in-one orchestrator).
- Docker
- Kathara
- Python 3
capinfos(wireshark-common)- Optional (formal verification):
tamarin-prover,maude
- This repository contains demo/lab material, including sample certificates/keys and test credentials in some subdirectories.
- Do not reuse these assets in production environments.
- Before publishing derivatives, verify your branch does not contain sensitive runtime artifacts.
If you use this repository, please cite our paper!
@article{rinieri2025pkiota,
title = {Pk-IOTA: Blockchain empowered Programmable Data Plane to secure OPC UA communications in Industry 4.0},
author = {Rinieri, Lorenzo and Gori, Giacomo and Melis, Andrea and Girau, Roberto and Prandini, Marco and Callegati, Franco},
journal = {arXiv preprint arXiv:2511.10248},
year = {2025},
url = {https://arxiv.org/abs/2511.10248}
}