Electronic signature based authentication and access control implementation on a mobile transport network device

OData support
Supervisor:
Szalay Zoltán Attila
Department of Broadband Infocommunications and Electromagnetic Theory

The evolution, and growth of the digital world makes it unavoidable to protect an electric device from undesired attacks. An unauthorized access can be problematic for both the manufacturer and the user.

Nowadays there are more sophisticated methods for user verification than the traditional password based authentication. Digital or electrical signature is one of these new solutions, which is based on asymmetric key encryption. One of the greatest advantage of the method is that it can be used not only for authentication, but also to transfer information between two endpoints. This means, that during the verification, user data information can be asked for. This additional information can be used at the receiving side for further filtering of the authenticated users, without the use of complicated registrations.

The command line access is an integral part of the MINI LINK Traffic Node, which includes a development interface. This can be accessed with a common username, but with a unique password for each individual user. With this it is possible to access the hidden part of the equipment for anyone who has knowledge on the password.

Because of these problems it is strongly recommended to change this access method to one that is based on digital signature. With this, authentication can be protected, and a hierarchy among authenticated users can be created.

The new solution makes the authentication possible in the network element. The user could choose how he or she would like to guarantee the information for the login. They can be inserted through the CLI window, or they can be stored in description file. If he or she chooses this last option, there is a possibility to store information for multiple access levels in the same time. After the authentication the development interface can be accessed with multiple rights, which are based on the mentioned levels.

The generation of the certified information is made by an authentication server, which can create and sign the information as well.

Downloads

Please sign in to download the files of this thesis.