An AAA solution for securing industrial IoT devices using next generation access control

摘要

Industry 4.0 is advancing the use of Internet of Things (IoT) devices in industrial applications, which enables efficient device-to-device (D2D) communication. However, these devices are often heterogeneous in nature, i.e. from different manufacturers, use different protocols, etc. and adds requirements such as security, interoperability, etc. To address these requirements, the Service-Oriented Architecture-Based (SOA) Arrowhead Framework was previously proposed using the concept of local clouds. These local clouds provide a set of mandatory and support core systems to enable industrial automation applications. One of these mandatory core systems is an Authentication, Authorisation and Accounting (AAA) system, which is used to authenticate and provide access control to the devices in a local cloud. In an industrial context, with multiple stakeholders, the AAA must support fine-grain access control. For example, in a distributed control loop, a controller should only have read access to its sensor such as a flow meter and write access to its actuator, such as a valve. The controller should not have access to any other information besides what is needed to implement the desired functionality. In this work, an NGAC-based AAA solution to achieve fine-grain service level access control between IoT devices has been proposed and implemented. The solution is presented using a district heating use case.