Authorization for Industrial Control Systems

Sammanfattning: Every day more and more devices are getting connected to the Internet, a phenomenon commonly referred to as the Internet of Things. Since security and privacy are more important than ever before this presents an interesting problem. Suddenly devices with not even near as much computing power as a desktop computer are tasked with performing heavy security computations designed to be used in powerful systems with little resource and power limitations. This thesis presents a solution for performing authorization for a resource limited system using a trusted third party, thus transferring the usually quite heavy authorization computations from a resource constrained device to another device where no such restrictions exists. When a client wishes to request a resource on the constrained device it must first retrieve authorization information from the third party and include this in the request. The authorization information is then validated by confirming that it originates from the trusted third party using a shared secret. In this thesis the constrained system is represented by an ABB control system of model 800xA and by transferring the authorization cost to another system the increased amount of resource usage on this device is kept to a minimum. It is also shown that this increase is negligible compared to the increase in resource usage when authentication and message protection in the form of TLS was implemented.