Home // International Journal On Advances in Security, volume 8, numbers 1 and 2, 2015 // View article


Using Managed Certificate Whitelisting as a Basis for Internet of Things Security in Industrial Automation Applications

Authors:
Rainer Falk
Steffen Fries

Keywords: Digital certificate; certificate whitelisting; credential management; PKI; device authentication; Internet of Things.

Abstract:
Device authentication is a basic security feature for automation systems, and for the future Internet of Things. The design, setup, and operation of a practically usable security infrastructure for the management of required device credentials - as cryptographic device keys, and device certificates - is a huge challenge. Also, access permissions defining authorized communication peers have to be configured on devices. The setup, and operation of a public key infrastructure PKI with registration authority (RA), and certification authority (CA), as well as the management of device permissions has shown to be burdensome for industrial application domains. A recent approach is based on certificate whitelisting. It is currently standardized for field device communication within energy automation systems by IEC 62351 in alignment with ITU-T X.509. This new approach changes the way how digital certificates are used, and managed significantly. After describing the new approach of managed certificate whitelisting, and giving a summary of ongoing standardization activities, an example for the application in a real-world application domain is described. Needs for further technical work are derived, and solution options are presented.

Pages: 89 to 98

Copyright: Copyright (c) to authors, 2015. Used with permission.

Publication date: June 30, 2015

Published in: journal

ISSN: 1942-2636