Secure Access Framework and Mechanism for Zero-Trust Industrial WLAN
In view of the increasingly complex security situation of the industrial wireless LAN,this paper presents a novel zero-trust security access framework and mechanisms for industrial wireless LAN by integrating software-defined perimeter(SDP)secure access and wireless LAN security authentication techniques.First,to support traditional wireless industrial terminals that are difficult to install and update software owing to their relatively closed operating systems,this framework embeds SDP transparent proxies in wireless ac-cess points(APs),and adaptively introduces the SDP gateway and the security controller;then,a unified identity system for the inte-gration of SDP and wireless LAN authentication,and a service security access mechanism based on SDP transparent proxy are de-signed.Additionally,to realize the dynamic identification of abnormal terminal access behaviors and the dynamic adjustment of access strategies,a multi-dimensional trust evaluation model based on the access space,time and frequency of terminal is designed.Finally,the experiments are comprehensively conducted to verify the security and effectiveness of our proposed framework and mechanisms.
industrial internet of thingsWLANsoftware-defined perimeterzero trustsecure access
万方数据
维普
