DTCS Lab Main Projects 

Scenario: The rise of cloud-to-edge computing in industrial settings has highlighted the need for dynamic, flexible, and secure systems capable of real-time monitoring and optimization. The development of Digital Twin technology presents a key opportunity to create virtual replicas of industrial machines, enhancing operational efficiency and security. However, the integration of cloud-to-edge continuum scenarios introduces challenges in system deployment, migration, and orchestration, particularly when ensuring the security of machines through robust access control mechanisms. This project seeks to address these challenges by developing a Proof of Concept (POC) for Digital Twin technology in industrial environments, utilizing containerization for flexibility and interfacing with Next Generation Firewalls (NGFWs) to implement a Zero Trust Architecture.

Partnership: The project is carried out in collaboration with the Bi-Rex consortium as part of the "Progetto Casa delle tecnologie emergenti COBO, CUP F39I22001840004." Bi-Rex will provide access to its Multi-access Edge Computing (MEC) node and datacenter infrastructure, offering essential resources without additional costs. The terms of access and resource allocation will be decided as the project progresses, ensuring seamless collaboration between academic and industrial partners.

Objectives:

• Develop and containerize a Digital Twin that can monitor and migrate between different nodes, including on-premises edge nodes and MEC nodes.

• Interface the Digital Twin with NGFWs to ensure dynamic and secure configuration of firewall rules, only allowing necessary communication to and from industrial machines.

• Implement Zero Trust Architecture to restrict traffic based on parameters such as protocols, throughput, and node identifiers, ensuring the highest level of security in industrial environments.

Technologies Employed: The project will utilize containerization techniques for the Digital Twin to enable efficient deployment, migration, and orchestration across cloud-to-edge environments. It will also leverage NGFWs integrated with the Digital Twin for dynamic security management, adopting the Zero Trust Architecture approach to limit network traffic based on predefined criteria, ensuring only authorized communication occurs between machines and external nodes.

Expected Results and Impact:

• Enhance security and flexibility in cloud-to-edge continuum environments through the use of Digital Twin technology.

• Improve the safety and efficiency of industrial machine operations by providing real-time monitoring and dynamic firewall configurations.

• Promote the adoption of innovative security architectures, such as Zero Trust, in industrial settings, setting a new standard for operational security and machine protection.

Duration: The project will span a total of 12 months, ensuring sufficient time for development, testing, and evaluation of the POC, with iterative adjustments made based on real-world deployments within the Bi-Rex infrastructure.

Overview: This project was developed in collaboration with Carpigiani to address trust issues among stakeholders in the servitization model of ice cream machines. Servitization allows businesses to pay for machines based on actual usage, but it requires high levels of trust or third-party oversight to ensure accuracy and reliability in reporting machine usage data.

To solve these challenges, the project integrates Blockchain technology into Carpigiani’s ice cream machines. This allows for secure, non-repudiable storage and management of machine usage statistics, providing a transparent and trustworthy environment for all parties involved, including machine manufacturers, ice cream refill producers, and ice cream makers.

Key Objectives:

1. Establish a trustworthy system for recording machine usage by leveraging Blockchain, removing the need for third-party oversight.

2. Integrate Blockchain technology directly into smart ice cream machines, enabling remote monitoring and usage tracking based on refill consumption.

3. Ensure privacy of business-relevant information by securing transaction data, preventing refill producers from accessing competitive information.

4. Design and implement a low energy consumption permissioned Blockchain, ensuring scalability and efficiency.

Methodology:

• Blockchain Integration: Carpigiani’s smart ice cream machines, equipped with remote management capabilities, are integrated with Blockchain technology to securely record refill usage.

• Transaction Endorsement Policy: Each transaction is approved by all involved parties through smart contracts, ensuring the accuracy of machine usage data.

• Smart Contracts: Smart contracts regulate and validate the transactions, such as ensuring the ice cream maker uses only certified and valid refills.

Expected Results:

• A secure and transparent servitization model that fosters trust among manufacturers, refill producers, and machine operators.

• Non-repudiable transactions recorded on the Blockchain, ensuring every refill is accounted for, validated, and verifiable.

• Enhanced data privacy for refill producers, with restricted access to sensitive information, thereby preserving competitive advantage.

• Proof of concept for a scalable, low-energy Blockchain solution, tailored for the manufacturing and servitization industry.

Use Cases:

1. Ice Cream Machine Servitization: The project will showcase how Blockchain can be applied in a pay-per-use business model, providing secure tracking of machine usage via refill consumption.

2. Refill Validation: Blockchain technology ensures the use of certified and non-expired refills by ice cream makers, enhancing product quality and operational compliance.

Impact: This project demonstrates how Blockchain can revolutionize trust-based business models in manufacturing, particularly servitization. By ensuring transparent and verifiable machine usage tracking, Carpigiani’s ice cream machines will benefit from greater trust and efficiency among all stakeholders. It sets a new precedent for using Blockchain in industrial IoT environments, enabling enhanced operational transparency and fostering innovation in the manufacturing sector.

Project Overview: DATRUST aims to bridge the gap between physical and digital worlds by creating trustworthy data flows. This is essential in contexts like Industry 4.0 and smart cities where data from physical devices must be accurately and securely transmitted to digital applications. The project will achieve this through Digital Twins (DTs), which represent physical objects digitally and enable intelligent data orchestration.

Key Objectives:

1. Define and manage Trustworthy Data Flows between physical and digital layers.

2. Develop a new model for Trustworthy Digital Twins (T-DTs), which can monitor, validate, and ensure the quality of data flows.

3. Implement a unified computing and communication infrastructure for scalable, distributed deployment of DTs.

4. Design and build an Intelligent Orchestration Layer to dynamically manage DTs and optimize data flow configurations.

Methodology: The project will focus on designing and implementing the following components:

• Trustworthy Digital Twin design: DTs will act as intermediaries between physical and digital spaces, ensuring data flows meet quality standards.

• Computing and Communication layer: This infrastructure will support scalable deployment of DTs across various platforms (cloud, edge, on-premises).

• Intelligent Orchestration layer: Algorithms will be developed to manage data flows dynamically, optimizing the performance and security of both physical and digital components.

Expected Results:

1. A comprehensive Trustworthiness Management Platform that will handle large-scale, multi-organizational data flows.

2. A set of methodologies and algorithms for deploying, configuring, and maintaining DTs in real-world scenarios.

3. Practical proof-of-concept implementations in Smart City and Industry 5.0 environments.

4. Contributions to scientific and industrial communities, especially in areas like cloud computing, IoT, and artificial intelligence.

Use Cases:

• Smart City: The project will test how trustworthy data flows can improve infrastructure management, such as traffic systems and public safety.

• Industry 5.0: Applications like predictive maintenance and asset tracking will rely on the trustworthy orchestration of data from physical devices to digital services.

Impact: DATRUST will address significant challenges in data trustworthiness for next-generation technologies such as 5G, IoT, and artificial intelligence. It will enable European industries and cities to leverage data for enhanced efficiency and innovation, aligning with EU digital and green transitions.

This project is aligned with the EU Strategic Plan 2021-2024 and aims to create a unified data platform to meet the growing demands of a data-driven society. It also supports the objectives of the Italian Piano Nazionale di Ripresa e Resilienza (PNRR) in digital transformation and innovation.

Scenario: The convergence of Information Technology (IT) and Operational Technology (OT) due to the Industrial Internet of Things (IIoT) has created unprecedented opportunities for enhanced efficiency and predictive maintenance. However, it also introduces critical security challenges. Traditional perimeter-based security models no longer suffice, as modern industrial environments now include remote access, cloud integration, and personal device use. The "SEcurity and RIghts In the CyberSpace" (SERICS) project addresses these challenges by exploring the adoption of Zero Trust Architecture (ZTA) in industrial settings, eliminating the assumption that devices within enterprise borders are trustworthy. The project will also consider the legal implications of these security threats on worker safety and regulatory compliance.

Partnership: Led by the University of Ferrara, the project is under the guidance of Principal Investigator (PI) Carlo Giannelli and co-Principal Investigator (co-PI) Cinzia Bisi. The research team comprises experts from various departments, including law and engineering, ensuring a multidisciplinary approach. This team will collaborate closely to analyze technological and legal issues associated with implementing ZTA in industrial environments.

Objectives:

• Adopt Zero Trust Architecture (ZTA) to secure industrial environments, addressing the complexity of IT and OT integration.

• Develop and implement Next Generation Firewalls (NGFWs) and Digital Twins (DTs) to dynamically manage security configurations and monitor industrial machine traffic.

• Analyze cryptographic algorithms, both traditional and quantum-based, to determine their suitability for IIoT devices with limited computational resources.

• Provide a comprehensive legal analysis, focusing on criminal law, labor law, and emerging cybersecurity regulations, ensuring that security measures comply with existing legal frameworks.

Technologies Employed: The project will integrate NGFWs and DTs into the industrial infrastructure to create programmable topologies that limit network traffic to what is necessary. DTs will interface with NGFWs to dynamically configure security rules and ensure secure access to industrial machines. The project will also assess traditional and quantum cryptographic algorithms for use in IIoT environments, considering hardware limitations.

Expected Results and Impact:

• Enhance Industrial Security: By implementing ZTA, the project aims to create a secure, flexible architecture for industrial environments.

• Improve Worker Safety: Security protocols will prevent unauthorized access, reducing risks to workers operating industrial machinery.

• Ensure Legal Compliance: A thorough legal analysis will ensure the security solutions align with regulations, such as the Cyber Resilience Act and NIS2.

• Advance Cybersecurity Innovation: The project will develop and validate cutting-edge cybersecurity strategies tailored to the complexities of IIoT.

Duration: 15 months

Scenario: The C4SI Project aims to elevate cybersecurity in production systems and connected machinery within SMEs in Emilia-Romagna. This goal is pursued through targeted training on the new "Regolamento Macchine" of the European Union and the development of innovative solutions for Operational Technology (OT). The project emphasizes the Zero Trust paradigm, authentication methodologies, access control, and monitoring solutions for operator activities.

Partnership: Research partners include CRIS (University of Modena and Reggio Emilia); CIRI-ICT (University of Bologna); IN4 Hub (University of Ferrara) and CRIT. Industrial partners include: SACMI; IMA and VEM.

Objectives: The C4SI project aims to enhance the cybersecurity of industrial systems, providing SMEs with the tools and training needed to protect their operations against emerging threats.

• Simplify guidelines for the “Regolamento Macchine”: develop simplified guidelines tailored for SMEs in the region.

• Increase awareness and provide training: conduct awareness and training sessions for SMEs, university students, and ITS students.

• Protect communications: implement the Zero Trust paradigm to secure communications between connected devices.

• Enhance operator safety: Develop innovative systems for access, authentication, and tracking of operator activities.

Technologies Employed: The project employs the Zero Trust paradigm, passwordless authentication, and advanced monitoring tools. These technologies are integrated into prototypes designed for OT, ensuring robust security and simplified operator interactions.

Expected Results and Impact:

• Security posture verification: SMEs can identify security issues in a virtual environment without disrupting production.

• Advanced training environment: The platform will provide attack and defense scenarios for training and validating skills.

• Real-time monitoring: Implement real-time performance monitoring and preventive maintenance to enhance security.

• Cost reduction: Early identification of security flaws will reduce production and maintenance costs.

Duration: 30 months

Website: c4si-project.eu

Scenario: The increasing need for skills to detect and address cybersecurity threats requires highly qualified experts who undergo constant training on attack scenarios as close to reality as possible. A Cyber Range is a specific application of the digital twin concept, designed to fully replicate a physical object/system in a virtual system. The versatility of the Cyber Range lies in its ability to design and deploy fully customizable operational scenarios based on training objectives.

Partnership: The CRI4.0 project is led by Prof. Carlo Giannelli and spearheaded by CONSORZIO T3 LAB. Key partners include IN4 Hub (University of Ferrara), CRIS (University of Modena and Reggio Emilia), CLUSTER INS (Innovation in Services), and Laboratorio CIRI-ICT (University of Bologna). 

Objectives: The primary objective of the CRI4.0 project is to create a Cyber Range dedicated to the industrial manufacturing sector. This Cyber Range will serve as an interdisciplinary laboratory for testing industrial plant security and training current and future specialists. The project aims to provide a pilot implementation of a Cyber Range deployed in a virtual (Cloud) environment, along with the necessary software tools to deploy it on the private infrastructure of users, such as the involved companies.

Technologies Employed: The CRI4.0 project employs advanced virtualization and cloud technologies to create a comprehensive Cyber Range. This includes the development of software tools and methodologies that enable easy deployment and use by industrial companies, ensuring a flexible and robust training and testing environment.

Expected Results and Impact:

• Security posture verification: companies can use the Cyber Range to identify security issues related to configuration errors and known vulnerabilities in a virtual environment, preventing production disruptions.

• Advanced training environment: the platform will provide pre-configured attack examples and defense strategies for training employees and students at various specialization levels, and for validating the skills of existing teams.

• Real-time performance monitoring: the Cyber Range will enable real-time system performance monitoring and preventive maintenance to avoid security incidents.

• Cost reduction: by identifying security flaws during the design phase, the project aims to reduce production and maintenance costs, avoiding expensive repairs later.

Duration: 30 months

Website: cri40.it/

Scenario: The IGNITE 5.0 project aims to enhance network connectivity management within manufacturing production lines, paving the way for Industry 5.0. By leveraging advanced technologies, the project seeks to create intelligent and secure networking solutions for industrial environments.

Partnership: The project involves several key partners: AIRI, the University of Modena and Reggio Emilia, Alma Mater Studiorum – University of Bologna, the University of Ferrara, and Romagna Tech S.C.p.A. These institutions bring expertise in network architecture, system performance testing, software management, and industrial applications. Industry partners include Bonfiglioli S.p.a., STOORM 5 S.r.l., and VEM Sistemi S.p.a., which contribute practical insights and real-world use cases.

Objectives: The primary objective of IGNITE 5.0 is to improve the connectivity management of network components within manufacturing production lines. This will be achieved through the introduction of the Asset Administration Shell (AAS), a software component providing specific management services for each production line element.

Technologies Employed: The project employs cutting-edge technologies such as the Asset Administration Shell (AAS) to offer specialized network management services. These services interact with Operational Technology (OT) and Information Technology (IT) networks, enabling seamless management and control of industrial connectivity.

Expected Results and Impact: The project is expected to deliver a prototype management platform and AAS through a testbed that replicates industrial environments. This platform will facilitate remote control and management of connectivity, significantly advancing data collection, system interaction, and cybersecurity. The impact on companies in the Emilia-Romagna region will be substantial, with improved operational efficiency, enhanced digital twins, and fortified cybersecurity measures.

Duration: 30 months

Website: ignite5-project.eu