# Putting Things in Context: Securing Industrial Authentication with   Context Information

**Authors:** Simon Duque Anton, Daniel Fraunholz, Christoph Lipps, Khurshid Alam,, and Hans Dieter Schotten

arXiv: 1905.12239 · 2019-05-30

## TL;DR

This paper explores the use of context information in industrial authentication, proposing a flexible, multi-factor approach based on RADIUS to enhance security and adaptability in industrial networks.

## Contribution

It introduces a novel authentication method combining context data and multiple factors, tailored for industrial applications, improving flexibility and scalability.

## Key findings

- Effective use of context information for authentication.
- Multi-factor approach enhances security and adaptability.
- Implementation demonstrates scalability in industrial scenarios.

## Abstract

The development in the area of wireless communication, mobile and embedded computing leads to significant changes in the application of devices. Over the last years, embedded devices were brought into the consumer area creating the Internet of Things. Furthermore, industrial applications increasingly rely on communication through trust boundaries. Networking is cheap and easily applicable while providing the possibility to make everyday life more easy and comfortable and industry more efficient and less time-consuming. One of the crucial parts of this interconnected world is sound and secure authentication of entities. Only entities with valid authorisation should be enabled to act on a resource according to an access control scheme. An overview of challenges and practices of authentication is provided in this work, with a special focus on context information as part of security solutions. It can be used for authentication and security solutions in industrial applications. Additional information about events in networks can aid intrusion detection, especially in combination with security information and event management systems. Finally, an authentication and access control approach, based on context information and - depending on the scenario - multiple factors is presented. The combination of multiple factors with context information makes it secure and at the same time case adaptive, so that the effort always matches, but never exceeds, the security demand. This is a common issue of standard cyber security, entities having to obey strict, inflexible and unhandy policies. This approach has been implemented exemplary based on RADIUS. Different scenarios were considered, showing that this approach is capable of providing flexible and scalable security for authentication processes.

---
Source: https://tomesphere.com/paper/1905.12239