International Journal On Cyber Situational Awareness (IJCSA)
ISSN: (Print) 2057-2182 ISSN: (Online) 2057-2182
Published Semi-annually. Est. 2014
Dr Cyril Onwubiko, Chair – Cyber Security & Intelligence, E-Security Group, Research Series, London, UK; IEEE UK & Ireland Section Secretary
Professor Frank Wang, Head of School / Professor of Future Computing, Chair IEEE Computer Society, UK&RI, School of Computing, University of Kent, Canterbury, UK
Professor Karen Renaud, Professor of Cyber Security, University of Abertay, Dundee, Scotland, UK
Putting Things in Context: Securing Industrial Authentication with Context Information
Simon Duque Anton, Daniel Fraunholz, Christoph Lipps, Khurshid Alam, and Hans Dieter Schotten
The development in the area of wireless communication, mobile and embedded computing leads to significant changes in the application of devices. Over the last years, embedded devices were brought into the consumer area creating the Internet of Things. Furthermore, industrial applications increasingly rely on communication through trust boundaries. Networking is cheap and easily applicable while providing the possibility to make everyday life more easy and comfortable and industry more efficient and less time-consuming. One of the crucial parts of this interconnected world is sound and secure authentication of entities. Only entities with valid authorisation should be enabled to act on a resource according to an access control scheme. An overview of challenges and practices of authentication is provided in this work, with a special focus on context information as part of security solutions. It can be used for authentication and security solutions in industrial applications. Additional information about events in networks can aid intrusion detection, especially in combination with security information and event management systems. Finally, an authentication and access control approach, based on context information and – depending on the scenario – multiple factors is presented. The combination of multiple factors with context information makes it secure and at the same time case adaptive, so that the effort always matches, but never exceeds, the security demand. This is a common issue of standard cyber security, entities having to obey strict, inflexible and unhandy policies. This approach has been implemented exemplary based on RADIUS. Different scenarios were considered, showing that this approach is capable of providing flexible and scalable security for authentication processes.
Keyword: Authentication, Context awareness, Industrial Internet of Things, Multi-factor authentication, Computer network
Volume 3. No. 1
Date: Dec. 2018
Reference to this paper should be made as follows: Duque Anton, S., Fraunholz, D.; Lipps, C., Alam, K., Schotten, H. D. (2018). Putting Things in Context: Securing Industrial Authentication and Intrusion Detection with Context Information. International Journal on Cyber Situational Awareness, Vol. 3, No. 1, pp. 98 – 120.