Shared authorization in industrial automation systems using threshold cryptography

In modern industrial automation systems each user is assigned a set of authorizations (permissions) to configure and operate the automation system or an automation device. Users are authenticated at log-on, and no further authentication is done on actual access of the objects. It remains possible for an individual insider user to attack the system, once he has been authenticated, e.g. by sending malicious commands. To protect against such insider attacks, it is therefore of interest to introduce some shared authorization scheme, whereby a number of participating users must confirm that the attempted command should be performed. So-called threshold cryptography schemes provide such mechanisms in a simple yet secure manner. This paper discusses the use of threshold cryptography in the industrial automation setting and details the protocol procedures required for its implementation