Putting Things in Context: Securing Industrial Authentication with Context Information
The development in the area of wireless communication, mobile and embedded computing leads to significant changes in the application of devices. Over the last years, embedded devices were brought into the consumer area creating the Internet of Things. Furthermore, industrial applications increasingly rely on communication through trust boundaries. Networking is cheap and easily applicable while providing the possibility to make everyday life more easy and comfortable and industry more efficient and less time-consuming. One of the crucial parts of this interconnected world is sound and secure authentication of entities. Only entities with valid authorisation should be enabled to act on a resource according to an access control scheme. An overview of challenges and practices of authentication is provided in this work, with a special focus on context information as part of security solutions. It can be used for authentication and security solutions in industrial applications. Additional information about events in networks can aid intrusion detection, especially in combination with security information and event management systems. Finally, an authentication and access control approach, based on context information and - depending on the scenario - multiple factors is presented. The combination of multiple factors with context information makes it secure and at the same time case adaptive, so that the effort always matches, but never exceeds, the security demand. This is a common issue of standard cyber security, entities having to obey strict, inflexible and unhandy policies. This approach has been implemented exemplary based on RADIUS. Different scenarios were considered, showing that this approach is capable of providing flexible and scalable security for authentication processes.
READ FULL TEXT