The concept of Industry 4.0 and Ukraine's Cybersecurity Strategy, in their respective vectors, foresee the development of methodological approaches for the application of secure intelligent technologies, particularly for the functional support of the emergency monitoring segment, including greenhouse gas emissions into the regional ecosystems of Ukraine. This study explores the aspects of developing an intelligent cyber-physical technology (ICPT) for monitoring carbon dioxide parameters in the air ecosystem based on a universal platform: “ICPT architecture-integrated security model-comprehensive security systems.” A multi-level ICPT architecture is proposed, enabling the selection of carbon dioxide concentration under the influence of both anthropogenic and natural factors on the regional air ecosystem within the framework of “control-processing-management.” This architecture serves as the foundation for creating an integrated multi-level security model for ICPT. The functional architecture of the multi-level ICPT is deployed at the technology levels: physical space (PS), communication environment (CE), and cybernetic space (CS). Based on the integrated security model and the “objectthreat-protection” concept, comprehensive security systems (CSS) have been developed for the ICPT levels-PS, CE, and CS-under the impact of both targeted and random threats. A software implementation of cryptographic protection for the ICPT cybernetic space database has been developed using the symmetric block encryption algorithm “Kalyna” in a programming language.
Today, approaches to solving the problem of secure intelligence integration of Ukraine’s
infrastructure objects, particularly critical ones under global challenges, are actively developing.
The relevance of the cybersecurity vector is highlighted in the Industry 4.0 Concept, the COP 29
of advanced science
technologies based on systemic and synergistic principles. An effective tool for addressing the
problem of secure intelligence integration of societal infrastructure objects within the framework
(ICPTs) and their comprehensive security systems (CSSs) [
Cyber-physical technologies, as one of the main tools for monitoring carbon dioxide within
emergency environments in a region, are developing along the vectors of architecture and
cybersecurity. Let us consider some trends in Ukraine and internationally. The application of
intelligent cyber-physical technologies within the Industry 4.0 Concept is an emerging field,
particularly involving artificial intelligence elements in industrial ICPTs for decision-making in
domain-specific societal areas [
Today, the processes of interconnecting the architecture and security of cyber-physical
technologies are unfolding, particularly at the conceptual level in accordance with the paradigm
“multi-level ICPT—multi-level security” [
The objective of this study is to develop a security methodology for intelligent cyber-physical technology (ICPT) for monitoring carbon dioxide levels in the air ecosystem of a region under the influence of technogenic and natural factors. This methodology follows the structure: “ICPT architecture—multi-level security model—comprehensive security systems (CSSs)”, implementing a constructive algorithm for secure functioning based on the “object—threat—protection” concept. 2. Architecture of the Multi-Level ICPT for Monitoring Carbon
Dioxide in the Regional Ecosystem
In the context of the Emergency Monitoring Regulation [
Multi-Level Security of the Intelligent Cyber-Physical Technology for Carbon Dioxide Monitoring In order to ensure the integrity of the security of the three-level ICPT for monitoring carbon dioxide in the region’s ecosystem, the following are proposed: an integrated model of multi-level security of the intelligent cyber-physical technology for monitoring carbon dioxide in the region’s air ecosystem; integrated security systems for the physical space, communication environment, and cyberspace of the ICPT, which provide methods and means of protection in the event of a complex of random and targeted threats. 3.1. Integral Model of the Intelligent Cyber-Physical Technology for Carbon
Dioxide Monitoring The ICPT for CO₂ monitoring adopts a mandatory (multi-level) security policy, which offers a higher level of protection compared to discretionary and role-based security policies. Key Features of the Mandatory Security Policy for ICPT in Emergency Situations: (1) Definiteness of the confidentiality lattice of information; assigning each system object the corresponding level of confidentiality based on the value of information in relation to the object; (2) Satisfaction of identification requirements for all subjects and objects of the system; (3) Implementation of an algorithm to prevent information leakage between objects with different access levels.
Mandatory access control ensures adherence to a set of security rules regulating user/system
access to specific resources. The mandatory security policy of the ICP technology enables:
assessment of threats and risks at the vulnerability identification level; implementation of access
and authentication policies at the level of establishing defined rules, as well as user authentication
mechanisms; data protection at the level of developing security strategies for confidential
information using encryption tools; staff training at the level of conducting relevant training
sessions; monitoring and responding to incidents at the level of implementing event tracking
systems in the system [
Collection Sensors—Threats—Protection Technologies Concentration Monitoring Sensors are installed at locations for monitoring greenhouse gas emissions and are equipped with micro controllers for data processing, batteries, GPS modules, and LTE system antennas for data transmission. The functional process of data collection, processing, and transmission of carbon dioxide monitoring in the air ecosystem is depicted in Figure 2.
In practice, the following models of Infrared (NDIR) analyzers for monitoring carbon dioxide
concentration in the region’s ecosystem are effectively used: RK300-03A (Figure 3a) and RK300-03B
(Figure 3b) CO2 Concentration Sensor [
Let’s consider the integrated security system of the intellectual cyber-physical technology at the physical space level, the components of which are sensors (Table 2).
3.3. Integrated Security System of the Communication Environment of ICTF:
Wireless Communication Technologies—Threats—Protection Technologies In the ICTF monitoring system of carbon dioxide in the region’s ecosystem, several wireless communication technologies are used for data transmission: LTE technology for transmitting monitoring data from sensors to the cybernetic space of ICTF; GPS technology for precise location determination of each sensor; Wi-Fi technology for wireless data transmission within the analytical center, as well as a possible replacement for LTE technology in certain cases.
The advantages of LTE technology include availability, reliability, and the ability to function over long distances. This technology is characterized by high bandwidth and low latency, which is essential for real-time monitoring, such as tracking spikes in carbon dioxide concentration in city ecosystems during peak hours.
GPS is a satellite navigation system that provides information about the location of the carbon dioxide monitoring sensor in the air ecosystem and the time, under any weather conditions, anywhere on Earth where there is an unobstructed line of sight to four or more GPS satellites (the full constellation consists of 24 satellites). GPS system modules are used in carbon dioxide measurement sensors. Recording the exact location of each sensor along with its monitoring data provides a GIS that can automatically generate a 3D map of carbon dioxide concentration in the region’s ecosystem.
Wi-Fi is a standard for wireless local area network (LAN) connections that enables communication between various devices over short distances (up to several dozen meters) based on the IEEE 802.11 standard. Among the main advantages of Wi-Fi technology are mobility, convenience, transmission speed, and energy efficiency. Wi-Fi technology allows network deployment without the need for wiring, simplifying and speeding up the installation and modification process. It also provides Internet access anywhere with coverage, which is especially convenient for mobile devices, and is effectively used to support the operation of Internet of Things devices.
Let’s consider the integrated security system of wireless technologies at the communication environment level of ICTF (Table 3).
available resources into time intervals
Increasing network bandwidth
Conducting periodic checks on operational modes and network configuration Logging failures, malfunctions, system crashes
Functional control of hardware and software in IM (K)
confidential information over unsecured communication channels Modulation, signal manipulation Conduct periodic checks on operational modes, 3.4. Integrated Security System of the Cybernetic Space of ICTF: Geoinformation
System—Threats—Protection Technologies The Geoinformation System for Monitoring Carbon Dioxide in the Air Ecosystem of the Region is the core of the ICTF. It is a complex decision-support system that: consolidates the functions of organizing, storing, analyzing, and visualizing regional geographic data; integrates hardware and software, data, and functions. It physically consists of databases, data storage, and workstations for analysts with specialized software (SW), all connected in a local network. The GIS is built on the basis of professional software packages, such as ArcGIS, and the complete life cycle of processing monitoring data covers the following stages:
The Geoinformation System for Monitoring Carbon Dioxide in the Air Ecosystem of the Region
in the cybernetic space of ICTF operates as follows [
Data Visualization: GIS of ICTF visually represents data through maps, graphs, and 3D models. These visualizations help analysts and users understand spatial relationships and patterns, make informed decisions, and generate reports using interactive or printed maps. Decision Support: The GIS of ICTF for carbon dioxide emission monitoring in the region serves as the main tool for data processing, analysis, and, based on this, supporting decision-making related to managing greenhouse gases, complying with established plans and agreements, and preventing emergencies in the region.
Let’s consider the comprehensive security system of the ICTF at the level of the cybernetic space, the main component of which is the GIS (Table 4).
modification of correction implementing information algorithms. electronic digital during selection, Data hashing. signatures.
transmission, and Data encryption. Firewalls.
Geographic processing. Electronic digital Antivirus Information Loss of signature method. software. System for data information due to Conducting periodic Access control processing, improper storage system configuration and segregation analysis, storage, of archived data. checks. systems. and decision- Errors during Defining Checkpoints. making for system requirements for Key and management: configuration. specialists who electronic locks. Databases, data Failures, configure the Alarm systems. storage malfunctions, and systems. Emergency Cloud crashes of Logging failures, generators. environment hardware and malfunctions, and Uninterruptible Hardware and software systems. crashes. power supplies software (client Incorrect Functional control of (UPS). applications) overlaying of data hardware and Automated attack layers in GIS due software in the detection system to improper information system sensors. formatting. (IS). Tools for creating Unauthorized Data backup. and storing destruction, Automated data backup copies. modification, or format verification Change logs for copying of IP data. before import. configurations Blocking access to Strengthening user and algorithms.
and process authentication mechanisms.
hash tables.
Use of certified antivirus software.
Configuring systems for protection against denial-of-service (DDoS) attacks. Regular scanning of GIS software and information for malicious components.
databases with internal and external implementing malicious secure document electronic digital software. management. signatures. Destruction or Use of backup access Firewalls. damage of channels to Antivirus hardware. information software. Unauthorized resources (IR). Access control access to Expanding and segregation information bandwidth for systems. systems (IS). protection against Checkpoints. Disabling or denial-of-service Key and malfunctioning of attacks. electronic locks. security systems Limiting access to Alarm systems. for IS. IR/connection to the Emergency Interception of Internet. generators. information Use of certified Uninterruptible during different licensed software. power supplies lifecycle stages. Control and (UPS). Use of malicious segregation of Sensors for software or logic access. automated attack bombs during Identification, detection various stages of authentication, and procedures. the information authorization. Tools for creating lifecycle. Database encryption. and storing Violation of Data hashing. backup copies. algorithms, Data backup. Change logs for configuration of Encryption of data configurations hardware and processing processes. and algorithms. software systems. Limiting access to Hash functions, Breach of integrity automated hash tables. or authenticity of information Regular scanning information. processing systems. of GIS software
DDoS attacks disrupting GIS server operation. Disclosure of confidential information.
checks of system configurations and operational modes of hardware and software.
Use of certified antivirus software.
Configuration of systems for protection against denial-of-service (DDoS) attacks.
and information systems for malicious components. 4. Program implementation of database encryption for ICTS: the “Kalyna” algorithm, tools of the C# programming language The symmetric block cipher algorithm “Kalyna”. For cryptographic protection of confidential data in the ICTS monitoring of carbon dioxide in the regional air ecosystem, we apply a database encryption procedure based on the symmetric block cipher algorithm “Kalyna.” The symmetric block cipher algorithm “Kalyna” (DSTU 7624:2014) has the following features: it provides satisfactory, high, and very high security levels (block and key lengths of 128, 256, and 512 bits); a transparent and understandable design; an AES-like structure; four different S-boxes with optimized cryptographic properties; increased MDS matrix size; a single set of lookup tables for ECB encryption in the software implementation (improved encryption and decryption performance for different modes of operation); efficient in both software and hardware implementations, sharing common lookup tables with the “Kupina” hash function (DSTU 7564:2014). The block and key lengths in bits, as well as the corresponding number of algorithm cycles, are provided in Table 5.
The stages of the algorithm, the main ones being byte substitution in the S-boxes, row shifting, and column mixing (linear transformation using the MDS matrix), are shown in Figure 4.
Depending on the key length, “Kalyna” ensures sufficient reliability based on cryptanalysis methods: for a 128-bit block, after the 5th cycle (out of 10 or 14 cycles); for a 256-bit block, after the 6th cycle (out of 14 or 18 cycles); for a 512-bit block, after the 8th cycle (out of 18).
C# Programming Language: A modern object-oriented programming language developed by Microsoft as part of the .NET framework. C#, known for its versatility and performance, is used for creating a wide range of applications, including desktop software, web applications, mobile apps, and games. With features like garbage collection, static typing, and an extensive standard library, C# allows developers to write clean and efficient code.
It is especially suitable for enterprise-level applications due to its seamless integration with the .NET ecosystem and support for cross-platform development. C# is often chosen for working with databases in backend development due to its strong typing, LINQ (Language Integrated Query), and effective support for asynchronous programming. These features enable secure, efficient, and readable code for accessing databases and manipulating data. Additionally, it is used in advanced database management tools such as Entity Framework Core, providing ORM (ObjectRelational Mapping) capabilities that reduce boilerplate code. In combination with ASP.Net Core, a powerful framework for creating scalable and high-performance web applications, C# and Entity Framework Core offer a robust toolkit for developing database-driven systems.
Entity Framework Core (EF Core): A modern and extensible ORM framework for .NET platform
applications, EF Core allows developers to work with databases using C# objects and LINQ. It
supports a wide range of databases, including SQL Server, PostgreSQL, MySQL, and SQLite,
making it a versatile choice for different projects. EF Core offers features such as change tracking
in databases, migrations (database updates based on code changes), and three development
approaches—Code-First (Figure 5 [
The software implementation of database encryption for the ICFT. Using EF Core and the CodeFirst approach, a database was generated in the Microsoft SQL Server DBMS. The database contains entities such as Sensor and Measurement (Figure 6), which respectively track the sensors and store information about the sampling of carbon dioxide concentration in the regional ecosystem. One sensor can conduct multiple measurements of carbon dioxide concentration, but each measurement corresponds to a specific sensor that carried it out. Therefore, the relationship between the entities in the database is one-to-many.
In Figure 6: Measurements stores monitoring records, and Sensors stores the installed sensors. The Measurements entity stores particularly sensitive data that require special protection, specifically the Location (location) and Co2Concentration (the measured carbon dioxide concentration) fields. Other data, such as the sensor ID or the date of the measurement, do not require encryption. This means that database encryption should be done at the field or column level, rather than at the file or table level, in order to preserve the ability to search for relevant records and work with the database without the need for decryption.
The database encryption for IKFT is carried out at the application level, as it preserves the flexibility of working with the DBMS, access to key management, and data security. The cryptographic protection software implements: encryption of selected confidential data just before storing it in the database; decryption of data during reading. The encryption implementation uses the “Kalyna-128/128” configuration, meaning both the block size and the key length are 128 bits, as the data being stored fits into a 16-byte block, and larger blocks would unnecessarily occupy database memory. However, the algorithm configuration can always be changed, for example, by applying “Kalyna-128/256” with a 256-bit key length for improved cryptographic strength.
Figure 7 illustrates the process of recording the carbon dioxide concentration measurement in the database: the sensor ID (already stored in the database), the location of the measurement, and the recorded carbon dioxide concentration value for the regional ecosystem are entered. Figure 8 shows the data stored in the database. Since the data in the columns MeasurementId (measurement ID), SensorId (sensor ID), and DateTime (date and time of recording) are not encrypted, it is possible to work with the database and monitoring data (such as searching) without decryption. However, the data in the Location and Co2 Concentration columns is encrypted.
The work presents the methodological foundations of the security of the intelligent cyber-physical technology in the air ecosystem of the region under the influence of technogenic and natural factors with (1) the architecture of the multi-level IKFT “sensors—wireless communication technologies—geographic information system”; (2) the integral model of multi-level security for IKFT; (3) integrated security systems for multi-level IKFT—physical space, communication environment, and cybernetic space according to the “object—threat—protection” concept; (4) software implementation of cryptographic protection of the IKFT cybernetic space database based on the symmetric block cipher “Kalyna” using C# programming language tools. It enables the application of the IKFT security platform as a result of the transformation of the tools, which represents the development of systemic approaches to the secure monitoring of emergency situations in the region, particularly greenhouse gas emissions for the global challenges of society. Declaration on Generative AI While preparing this work, the authors used the AI programs Grammarly Pro to correct text grammar and Strike Plagiarism to search for possible plagiarism. After using this tool, the authors reviewed and edited the content as needed and took full responsibility for the publication’s content.