User authorization and authentication schemes in industrial control systems (ICS) and industrial internet of things (IIoT)
User authorization and authentication is a key and basic security measure in every system. This can be handled quite well in normal IT, even though it might not be implemented or handled in a good way. In industrial control systems (ICS) this might not be the case. ICSs are often large and diverse systems with combinations of both completely new and very old hardware and software. In ICS there is common to see multiple OS, embedded systems, insecure legacy systems and large geographic spread which all complicates the matter. The introduction of IoT into ICS, so-called industrial internet of things (IIoT) or Industry 4.0, is another complication.
The task of this thesis is to analyse the current use of authorization and authentication in ICS and IIoT, evaluate efficient and practical solutions and propose guidelines for implementing these solutions.