论文信息 - An AAA solution for securing industrial IoT devices using next generation access control

An AAA solution for securing industrial IoT devices using next generation access control

Industry 4.0 is advancing the use of Internet of Things (IoT) devices in industrial applications, which enables efficient device-to-device (D2D) communication. However, these devices are often heterogeneous in nature, i.e. from different manufacturers, use different protocols, etc. and adds requirements such as security, interoperability, etc. To address these requirements, the Service-Oriented Architecture-Based (SOA) Arrowhead Framework was previously proposed using the concept of local clouds. These local clouds provide a set of mandatory and support core systems to enable industrial automation applications. One of these mandatory core systems is an Authentication, Authorisation and Accounting (AAA) system, which is used to authenticate and provide access control to the devices in a local cloud. In an industrial context, with multiple stakeholders, the AAA must support fine-grain access control. For example, in a distributed control loop, a controller should only have read access to its sensor such as a flow meter and write access to its actuator, such as a valve. The controller should not have access to any other information besides what is needed to implement the desired functionality. In this work, an NGAC-based AAA solution to achieve fine-grain service level access control between IoT devices has been proposed and implemented. The solution is presented using a district heating use case.

[1] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2002, RFC.

[2] Hajar Mousannif,et al. Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[3] Jerker Delsing. IoT Automation : Arrowhead Framework , 2017 .

[4] David F. Ferraiolo,et al. Exploring the Next Generation of Access Control Methodologies | NIST , 2016 .

[5] Carsten Bormann,et al. The Constrained Application Protocol (CoAP) , 2014, RFC.

[6] David F. Ferraiolo,et al. Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[7] Allan C. Rubens,et al. Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[8] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[9] The Industrial Internet of Things Volume G1: Reference Architecture , 2019 .

[10] OpenSSL. OpenSSL : The open source toolkit for SSL/TSL , 2002 .

[11] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[12] Ramaswamy Chandramouli,et al. A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications , 2015 .

[13] Frantisek Zezulka,et al. Industry 4.0 – An Introduction in the phenomenon , 2016 .