Security of Digital Twins in Manufacturing

Lead Research Organisation: University of Sheffield
Department Name: Computer Science


Increasing productivity in manufacturing is a critical economic goal of the UK government and digitisation has been proposed as the cornerstone of achieving that. The MadeSmarter review makes a case for widespread digitisation across sectors (including manufacturing) and indicates the economic benefits that would accrue to the UK in doing so. It also draws significant attention to the role to be played by so-called Digital Twins.

Gartner has defined a digital twin as "a software design pattern that represents a physical object with the objective of understanding the asset's state, responding to changes, improving business operations and adding value" and describing a DT as "a digital representation of a real-world entity or system." The implementation of a digital twin is an encapsulated software object or model that mirrors a unique physical object, process, organization, person or other abstraction." For advanced manufacturing a DT has been described by the AMRC as "a live digital coupling of the state of a physical asset or process to a virtual representation with a functional output." Functional output here means information sent to a system or human observer that is actionable to deliver value.

There are many views on the precise nature of Twins Twins. Loosely speaking, there is a physical system or sensors, actuators and other assets or entities of which a "digital mirror" is maintained. Essentially, this is some digital model of important aspects of the system. The AMRC definition draws attention to the real-time ("live") nature of Digital Twins in manufacturing. This digital model can serve many purposes, from acting as the vehicle for remote interaction with the system by its operators (and remote operation has acquired a new importance in the light of the need to develop resilience to pandemics) to being the prmiary reference model over which intrusions are detected. Digital Twins have been identified by Gartner as one of the major technologies of our time.

Since Digital Twins are perceived as fundamental to value generation by systems so it is no surprise that their security has arisen as a problem. They may encapsulate important IPR and provide the most up to reference for the system's state. That information itself may be confidential and its integrity is critical to the effectiveness of a system to deliver ts business goals.

Understanding of the security of Digital Twins is limited. There has hardly been any reseach in this area. In this proposal we advance a wide-ranging initial programme of work that will engage stakeholders and lead eventually to a comprehensive understanding of security priorities concerning Digital Twins. Our programme mixes concrete research with engagement and roadmapping. It fuses the use of formal mathematic approaches to specification of systems and proofs of their properties, through to exploiting machine learning to detect intrusions. Our proposal also brings to bear expertise in manufacturing, robtics and control engineering. It is significantly interdisciplinary.

At its conclusion we will have a community aware of the risks of Digital Twins and with a fully informed sense of priorities for research and innovation. We will initiate new areas of research but also seek to understand the potential for cross-pollination and transfer of research insights from other domains.


10 25 50

publication icon
Pasikhani A (2022) Adversarial RL-Based IDS for Evolving Data Environment in 6LoWPAN in IEEE Transactions on Information Forensics and Security

publication icon
Verma G (2022) CB-DA: Lightweight and Escrow-Free Certificate-Based Data Aggregation for Smart Grid in IEEE Transactions on Dependable and Secure Computing

publication icon
Wang W (2022) An AI-Driven Secure and Intelligent Robotic Delivery System in IEEE Transactions on Engineering Management

Description Digital Twin (DT) is a revolutionary technology changing how a smart manufacturing industry carries out its day-to-day activities. DT can provide numerous advantages such as real-time synchronised functioning, monitoring and data analysis. However, security and privacy issues in DT have not been thoroughly investigated. Our work proposes a user-empowerment-based privacy-preserving authentication protocol for a cloud-based Digital Twin using a Decentralised Identifier (DID) and Verifiable Credential (VC). Here, user empowerment provides full control to users over their identities, and with the help of VC, users can prove their authenticity and preserve their privacy. We have addressed some fundamental problems such as usability and auditability of existing approaches. Our approach allows engagers with the DT to be excluded where thsi si thought necessary (a concept generally referred to as revocation). A security analysis of the proposed scheme shows that it is secured against significant security threats. With the help of performance analysis, we prove that the proposed work effectively ensures security and privacy in DT.
Exploitation Route We wish to wait until we have finished, before answering this. We will amend in due course.
Sectors Aerospace

Defence and Marine


including Industrial Biotechology

Title IoT based test environment for Digital Twin Security Assessment 
Description This is still being developed. We will alter this to a full description when the work is complete. We have developed an IoT based development environment that allows us to run a robot over the net with feedback to a digital twin being maintained. This will allows us to carry out various forms of attacks and to collect data from such attacks via the digita twin. This will allow us to instantiate a digital twin based intrusion detection system, allowing various attacks to be detected. It also allows us to execute attacks in a controlled environment. (We cannot carry out attacks in a live networking environment. ) 
Type Of Material Improvements to research infrastructure 
Year Produced 2024 
Provided To Others? No  
Impact [Is the 120000 char limit erroneous?] This is basically a reseearch enabler. As indicated above it allows us to attack a system in a controlled environment. It is being used for that purposes right now. It is not publically available since it requires access to our internal resources. The principal wider benefit will arise from teh research outputs it enable.s 
Title Threat Modeling Approacch 
Description We may change where this appears in the final write up. We are developing a threat model for digital twins that seeks to bring threat analysis for digital twins right up to date. We are firstly defining the threat modelling approach, drawing on extant frameworks, e.g. MIT's ATAK and also the 5D IoT model. We are investigating possible tool support for using the technique. This is not yet certain. The primary goal short term will be to publish the threat model and analysis approach. If developing tool support looks feasible in the period then we will leave it as infrastructure enhancement and report it fully here. Otherwise, the work will be primarily reported under research outputs. [Is 120000 char limit an error?] 
Type Of Material Improvements to research infrastructure 
Year Produced 2023 
Provided To Others? No  
Impact None as yet. We are still refinng and writing up.