Security by Delegation für Industrie 4.0
Conference paper
First Online:
Zusammenfassung
Die mit Industrie 4.0 einhergehende Dynamik erfordert flexible Sicherheitskonzepte und Netzwerkarchitekturen. Das Konzept Security by Delegation könnte einen Teil zukünftiger Sicherheitslösungen für Industrie 4.0 darstellen. Die Delegation von Sicherheitsfunktionalität an einen vertrauenswürdigen Stellvertreter reduziert den Ressourcenbedarf für den Einsatz sicherer Kommunikationsprotokolle und ermöglicht eine flexible, zentralisierte, Zugriffskontrolle. In diesem Beitrag wird eine Reihe von Delegationsverfahren vorgestellt und hinsichtlich ihrer konzeptionellen Eigenschaften untersucht. Weiterhin werden mögliche Anwendungsszenarien erörtert.
Preview
Unable to display preview. Download preview PDF.
Literatur
- 1. Neuman, C., Yu, T., Hartman, S., Raeburn, K.: The kerberos network authentication service (v5). RFC 4120, RFC Editor (July 2005)Google Scholar
- 2. Hardt, D.: The oauth 2.0 authorization framework. RFC 6749, RFC Editor (October 2012)Google Scholar
- 3. Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347, RFC Editor (January 2012)Google Scholar
- 4. Gerdes, S., Bergmann, O., Bormann, C.: Delegated CoAP Authentication and Authorization Framework (DCAF). Internet-Draft draft-gerdes-ace-dcaf-authorize-04, Internet Engineering Task Force (April 2016) Expired.Google Scholar
- 5. Cuellar, J., Kasinathan, P., Calvo, D.: Privacy-Enhanced Tokens for Authorization in ACE. Internet-Draft draft-cuellar-ace-pat-priv-enhanced-authz-tokens-03, Internet Engineering Task Force (June 2016) Work in Progress.Google Scholar
- 6. Hardjono, T., Smith, N.: Fluffy: Simplified key exchange for constrained environments. Internet-Draft draft-hardjono-ace-fluffy-03, IETF Secretariat (July 2016)Google Scholar
- 7. Wahlstroem, E., Selander, G., Seitz, L., Tschofenig, H., Erdtman, S.: Authentication and Authorization for Constrained Environments (ACE). Internet-Draft draft-ietface- oauth-authz-02, Internet Engineering Task Force (June 2016) Work in Progress.Google Scholar
- 8. Kang, N., Park, J., Kwon, H., Jung, S.: Esse: Efficient secure session establishment for internet-integrated wireless sensor networks. Int. J. Distrib. Sen. Netw. 2015 (January 2015) 7:7–7:7Google Scholar
- 9. Hummen, R., Shafagh, H., Raza, S., Voig, T., Wehrle, K.: Delegation-based authentication and authorization for the ip-based internet of things. In: 2014 Eleventh Annual IEEE International Conference on Sensing, Communication, and Networking (SECON). (June 2014) 284–292Google Scholar
- 10. Moosavi, S.R., Gia, T.N., Nigussie, E., Rahmani, A.M., Virtanen, S., Tenhunen, H., Isoaho, J.: Session resumption-based end-to-end security for healthcare internet-ofthings. In: Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. (October 2015) 581–588Google Scholar
- 11. Fouladgar, S., Mainaud, B., Masmoudi, K., Afifi, H.: Tiny 3-tls: A trust delegation protocol for wireless sensor networks. In Butty´an, L., Gligor, V.D., Westhoff, D., eds.: Security and Privacy in Ad-Hoc and Sensor Networks: Third European Workshop, ESAS 2006, Hamburg, Germany, September 20-21, 2006, Revised Selected Papers. Springer Berlin Heidelberg, Berlin, Heidelberg (2006) 32–42Google Scholar
- 12. dos Santos, G.L., Guimarães, V.T., da Cunha Rodrigues, G., Granville, L.Z., Tarouco, L.M.R.: A dtls-based security architecture for the internet of things. In: 2015 IEEE Symposium on Computers and Communication (ISCC). (July 2015) 809–815Google Scholar
- 13. Granjal, J., Monteiro, E., Silva, J.S.: End-to-end transport-layer security for internetintegrated sensing applications with mutual and delegated ecc public-key authentication. In: IFIP Networking Conference, 2013. (May 2013) 1–9Google Scholar
- 14. Yu, H., He, J., Zhang, T., Xiao, P., Zhang, Y.: Enabling end-to-end secure communication between wireless sensor networks and the internet. World Wide Web 16(4) (2013) 515–540Google Scholar
- 15. Bormann, C., Hartke, K., Shelby, Z.: The Constrained Application Protocol (CoAP). RFC 7252, RFC Editor (October 2015)Google Scholar
- 16. Salowey, J., Zhou, H., Eronen, P., Tschofenig, H.: Transport layer security (tls) session resumption without server-side state. RFC 5077, RFC Editor (January 2008)Google Scholar
- 17. Bormann, C., Hoffman, P.: Concise binary object representation (cbor). RFC 7049, RFC Editor (October 2013)Google Scholar
- 18. Schaad, J.: CBOR Object Signing and Encryption (COSE). Internet-Draft draft-ietfcose- msg-19, Internet Engineering Task Force (September 2016) Work in Progress.Google Scholar
- 19. Jones, M., Tschofenig, H., Wahlstroem, E., Erdtman, S.: CBOR Web Token (CWT). Internet-Draft draft-ietf-ace-cbor-web-token-01, Internet Engineering Task Force (July 2016) Work in Progress.Google Scholar
- 20. Selander, G., Mattsson, J., Seitz, L., Palombini, F.: Object Security of CoAP (OSCOAP). Internet-Draft draft-selander-ace-object-security-05, Internet Engineering Task Force (July 2016) Work in Progress.Google Scholar
- 21. Saltzer, J.H., Reed, D.P., Clark, D.D.: End-to-end arguments in system design. ACM Trans. Comput. Syst. 2(4) (November 1984) 277–288Google Scholar
Copyright information
© Springer-Verlag GmbH Deutschland 2018