A Case for Practical Configuration Management Using Hardware-based Security Tokens

TL;DR

This paper proposes a practical scheme for configuring industrial security gateways using hardware security tokens, simplifying the process for operators without compromising security.

Contribution

It introduces a hardware token-based configuration scheme that enhances usability and maintains security in industrial networks.

Findings

The scheme is practically feasible.

Configuration complexity is reduced.

Security level remains unchanged.

Abstract

Future industrial networks will consist of a complex mixture of new and legacy components, while new use cases and applications envisioned by Industry 4.0 will demand increased flexibility and dynamics from these networks. Industrial security gateways will become an important building block to tackle new security requirements demanded by these changes. Their introduction will further increase the already high complexity of these networks, demanding more efforts in properly and securely configuring them. Yet, past research showed, that most operators of industrial networks are already today unable to configure industrial networks in a secure fashion. Therefore, we propose a scheme that allows factory operators to configure security gateways in an easy and practical way that is also understandable for staff not trained in the security domain. We employ hardware security tokens that allow to reduce every day configuration to one physical interaction. Our results show the practical feasibility of our proposed scheme and that it does not reduce the security level of industrial security gateways in any way.