Advertisement

Security by Delegation für Industrie 4.0

  • Markus JungEmail author
Conference paper
First Online:
  • 3.3k Downloads
Part of the Technologien für die intelligente Automation book series (TIA)

Zusammenfassung

Die mit Industrie 4.0 einhergehende Dynamik erfordert flexible Sicherheitskonzepte und Netzwerkarchitekturen. Das Konzept Security by Delegation könnte einen Teil zukünftiger Sicherheitslösungen für Industrie 4.0 darstellen. Die Delegation von Sicherheitsfunktionalität an einen vertrauenswürdigen Stellvertreter reduziert den Ressourcenbedarf für den Einsatz sicherer Kommunikationsprotokolle und ermöglicht eine flexible, zentralisierte, Zugriffskontrolle. In diesem Beitrag wird eine Reihe von Delegationsverfahren vorgestellt und hinsichtlich ihrer konzeptionellen Eigenschaften untersucht. Weiterhin werden mögliche Anwendungsszenarien erörtert.

This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Literatur

  1. 1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The kerberos network authentication service (v5). RFC 4120, RFC Editor (July 2005)Google Scholar
  2. 2. Hardt, D.: The oauth 2.0 authorization framework. RFC 6749, RFC Editor (October 2012)Google Scholar
  3. 3. Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347, RFC Editor (January 2012)Google Scholar
  4. 4. Gerdes, S., Bergmann, O., Bormann, C.: Delegated CoAP Authentication and Authorization Framework (DCAF). Internet-Draft draft-gerdes-ace-dcaf-authorize-04, Internet Engineering Task Force (April 2016) Expired.Google Scholar
  5. 5. Cuellar, J., Kasinathan, P., Calvo, D.: Privacy-Enhanced Tokens for Authorization in ACE. Internet-Draft draft-cuellar-ace-pat-priv-enhanced-authz-tokens-03, Internet Engineering Task Force (June 2016) Work in Progress.Google Scholar
  6. 6. Hardjono, T., Smith, N.: Fluffy: Simplified key exchange for constrained environments. Internet-Draft draft-hardjono-ace-fluffy-03, IETF Secretariat (July 2016)Google Scholar
  7. 7. Wahlstroem, E., Selander, G., Seitz, L., Tschofenig, H., Erdtman, S.: Authentication and Authorization for Constrained Environments (ACE). Internet-Draft draft-ietface- oauth-authz-02, Internet Engineering Task Force (June 2016) Work in Progress.Google Scholar
  8. 8. Kang, N., Park, J., Kwon, H., Jung, S.: Esse: Efficient secure session establishment for internet-integrated wireless sensor networks. Int. J. Distrib. Sen. Netw. 2015 (January 2015) 7:7–7:7Google Scholar
  9. 9. Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the ip-based internet of things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). (June 2014) 284–292Google Scholar
  10. 10. Moosavi, S.R., Gia, T.N., Nigussie, E., Rahmani, A.M., Virtanen, S., Tenhunen, H., Isoaho, J.: Session resumption-based end-to-end security for healthcare internet-ofthings. In: Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. (October 2015) 581–588Google Scholar
  11. 11. Fouladgar, S., Mainaud, B., Masmoudi, K., Afifi, H.: Tiny 3-tls: A trust delegation protocol for wireless sensor networks. In Butty´an, L., Gligor, V.D., Westhoff, D., eds.: Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Hamburg, Germany, September 20-21, 2006, Revised Selected Papers. Springer Berlin Heidelberg, Berlin, Heidelberg (2006) 32–42Google Scholar
  12. 12. dos Santos, G.L., Guimarães, V.T., da Cunha Rodrigues, G., Granville, L.Z., Tarouco, L.M.R.: A dtls-based security architecture for the internet of things. In: 2015 IEEE Symposium on Computers and Communication (ISCC). (July 2015) 809–815Google Scholar
  13. 13. Granjal, J., Monteiro, E., Silva, J.S.: End-to-end transport-layer security for internetintegrated sensing applications with mutual and delegated ecc public-key authentication. In: IFIP Networking Conference, 2013. (May 2013) 1–9Google Scholar
  14. 14. Yu, H., He, J., Zhang, T., Xiao, P., Zhang, Y.: Enabling end-to-end secure communication between wireless sensor networks and the internet. World Wide Web 16(4) (2013) 515–540Google Scholar
  15. 15. Bormann, C., Hartke, K., Shelby, Z.: The Constrained Application Protocol (CoAP). RFC 7252, RFC Editor (October 2015)Google Scholar
  16. 16. Salowey, J., Zhou, H., Eronen, P., Tschofenig, H.: Transport layer security (tls) session resumption without server-side state. RFC 5077, RFC Editor (January 2008)Google Scholar
  17. 17. Bormann, C., Hoffman, P.: Concise binary object representation (cbor). RFC 7049, RFC Editor (October 2013)Google Scholar
  18. 18. Schaad, J.: CBOR Object Signing and Encryption (COSE). Internet-Draft draft-ietfcose- msg-19, Internet Engineering Task Force (September 2016) Work in Progress.Google Scholar
  19. 19. Jones, M., Tschofenig, H., Wahlstroem, E., Erdtman, S.: CBOR Web Token (CWT). Internet-Draft draft-ietf-ace-cbor-web-token-01, Internet Engineering Task Force (July 2016) Work in Progress.Google Scholar
  20. 20. Selander, G., Mattsson, J., Seitz, L., Palombini, F.: Object Security of CoAP (OSCOAP). Internet-Draft draft-selander-ace-object-security-05, Internet Engineering Task Force (July 2016) Work in Progress.Google Scholar
  21. 21. Saltzer, J.H., Reed, D.P., Clark, D.D.: End-to-end arguments in system design. ACM Trans. Comput. Syst. 2(4) (November 1984) 277–288Google Scholar

Copyright information

© Springer-Verlag GmbH Deutschland 2018

Authors and Affiliations

  1. 1.Institut für TelematikKarlsruher Institut für TechnologieKarlsruheDeutschland

Personalised recommendations

Cite paper

Buy options