{"title":"基于OPC UA的应用程序使用属性证书增强授权机制","authors":"G. Karthikeyan, S. Heiss","doi":"10.1109/INDIN41052.2019.8972148","DOIUrl":null,"url":null,"abstract":"In the context of Industrie 4.0, integrity of data is considered as the core of networking and digitalisation. End-to-end security of the communicating entities within and across organizational boundaries is enabled by authentication and authorization methods. In order to ensure authorized access or modification to data, an access control system is used. Such an access control system based on the role of an entity is a Role Based Access Control (RBAC) system. In case of distributed networks, the authorization permissions of the communicating entities is determined both within and across organizational boundaries. For example, each organization defines the authorization permissions for each of its resources for both internal and external access. In case of external access, an organization can determine permissions based on a role assigned to an external entity trying to communicate across its organizational boundaries. Here, trusted association between the role and the identities need to be determined. Thus, the role/roles assigned to the external entity can be determined using an Attribute Certificate (AC). An AC contains the attribute/attributes that determines the characteristics associated with an entity. An Attribute Authority (AA) of an organization that assigns a role attribute to the AC of an entity, issues each AC. Such an AA is created and managed using Public Key Infrastructure (PKI). The OPC UA (Open Platform Communication Unified Architecture) framework has different options for user authentication and one of the options is using X509IdentityToken. Integrating ACs in order to enhance authorization mechanism in the context of Industrie 4.0 is considered in this work. A multilevel PKI is designed in order to demonstrate the feasibility of the approach through a proof of concept implementation that establishes end-to-end secure communication between OPC UA based applications. The advantages and challenges in creating such an infrastructure and further areas of research are discussed briefly.","PeriodicalId":260220,"journal":{"name":"2019 IEEE 17th International Conference on Industrial Informatics (INDIN)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing Authorization Mechanisms using Attribute Certificates for OPC UA based Applications\",\"authors\":\"G. Karthikeyan, S. Heiss\",\"doi\":\"10.1109/INDIN41052.2019.8972148\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In the context of Industrie 4.0, integrity of data is considered as the core of networking and digitalisation. End-to-end security of the communicating entities within and across organizational boundaries is enabled by authentication and authorization methods. In order to ensure authorized access or modification to data, an access control system is used. Such an access control system based on the role of an entity is a Role Based Access Control (RBAC) system. In case of distributed networks, the authorization permissions of the communicating entities is determined both within and across organizational boundaries. For example, each organization defines the authorization permissions for each of its resources for both internal and external access. In case of external access, an organization can determine permissions based on a role assigned to an external entity trying to communicate across its organizational boundaries. Here, trusted association between the role and the identities need to be determined. Thus, the role/roles assigned to the external entity can be determined using an Attribute Certificate (AC). An AC contains the attribute/attributes that determines the characteristics associated with an entity. An Attribute Authority (AA) of an organization that assigns a role attribute to the AC of an entity, issues each AC. Such an AA is created and managed using Public Key Infrastructure (PKI). The OPC UA (Open Platform Communication Unified Architecture) framework has different options for user authentication and one of the options is using X509IdentityToken. Integrating ACs in order to enhance authorization mechanism in the context of Industrie 4.0 is considered in this work. A multilevel PKI is designed in order to demonstrate the feasibility of the approach through a proof of concept implementation that establishes end-to-end secure communication between OPC UA based applications. The advantages and challenges in creating such an infrastructure and further areas of research are discussed briefly.\",\"PeriodicalId\":260220,\"journal\":{\"name\":\"2019 IEEE 17th International Conference on Industrial Informatics (INDIN)\",\"volume\":\"14 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE 17th International Conference on Industrial Informatics (INDIN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDIN41052.2019.8972148\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 17th International Conference on Industrial Informatics (INDIN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDIN41052.2019.8972148","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhancing Authorization Mechanisms using Attribute Certificates for OPC UA based Applications
In the context of Industrie 4.0, integrity of data is considered as the core of networking and digitalisation. End-to-end security of the communicating entities within and across organizational boundaries is enabled by authentication and authorization methods. In order to ensure authorized access or modification to data, an access control system is used. Such an access control system based on the role of an entity is a Role Based Access Control (RBAC) system. In case of distributed networks, the authorization permissions of the communicating entities is determined both within and across organizational boundaries. For example, each organization defines the authorization permissions for each of its resources for both internal and external access. In case of external access, an organization can determine permissions based on a role assigned to an external entity trying to communicate across its organizational boundaries. Here, trusted association between the role and the identities need to be determined. Thus, the role/roles assigned to the external entity can be determined using an Attribute Certificate (AC). An AC contains the attribute/attributes that determines the characteristics associated with an entity. An Attribute Authority (AA) of an organization that assigns a role attribute to the AC of an entity, issues each AC. Such an AA is created and managed using Public Key Infrastructure (PKI). The OPC UA (Open Platform Communication Unified Architecture) framework has different options for user authentication and one of the options is using X509IdentityToken. Integrating ACs in order to enhance authorization mechanism in the context of Industrie 4.0 is considered in this work. A multilevel PKI is designed in order to demonstrate the feasibility of the approach through a proof of concept implementation that establishes end-to-end secure communication between OPC UA based applications. The advantages and challenges in creating such an infrastructure and further areas of research are discussed briefly.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
