Identity and Access Management for IoT in Smart Grid

A smart grid (SG) is a complex system that comprises distributed servers and Internet-of-Things (IoT) devices. IoT devices are resource-constrained and are unable to cope with traditional communication and security protocols. In light of this limitation, this work proposes a novel method for end-to-end secure communication between the elements in the SG. Our proposal enables an authenticated user to transport her Internet credentials to the IoT context. We provide high efficiency in the message exchanges by adopting multicast communication without compromising the SG security. However, even though this process provides secure communication, it cannot enforce fine-grained access control over protected resources. Therefore, we propose a new two-step lightweight access control mechanism that leverages the established configuration to provide role-based authorization in the IoT context. The prototype evaluation shows that our proposal is more flexible, demanding less manual configuration, while also requires only 23% of message exchanges compared to other approaches in the literature.

[1]  Luiz Eduardo Soares de Oliveira,et al.  Enabling Anomaly-based Intrusion Detection Through Model Generalization , 2018, 2018 IEEE Symposium on Computers and Communications (ISCC).

[2]  Lisandro Zambenedetti Granville,et al.  A Smart Meter and Smart House Integrated to an IdM and Key-based Scheme for Providing Integral Security for a Smart Grid ICT , 2018, Mob. Networks Appl..

[3]  Rafael Ribeiro,et al.  Providing security and privacy in smart house through mobile cloud computing , 2016, 2016 8th IEEE Latin-American Conference on Communications (LATINCOM).

[4]  Tianbo Lu,et al.  Cyber-physical System Risk Assessment , 2013, 2013 Ninth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[5]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[6]  Altair Olivo Santin,et al.  An IdM and Key-Based Authentication Method for Providing Single Sign-On in IoT , 2014, GLOBECOM 2014.

[7]  Altair Olivo Santin,et al.  SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming , 2019, J. Netw. Comput. Appl..

[8]  Mininath K. Nighot,et al.  Secure and Cost-effective Application Layer Protocol with Authentication Interoperability for IOT , 2016 .

[9]  S. Shankar Sastry,et al.  Research Challenges for the Security of Control Systems , 2008, HotSec.

[10]  K. Ammayappan,et al.  Mutual Authentication and Key Agreement based on Elliptic Curve Cryptography for GSM , 2006, 2006 International Conference on Advanced Computing and Communications.

[11]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[12]  Wen-Long Chin,et al.  A Framework of Machine-to-Machine Authentication in Smart Grid: A Two-Layer Approach , 2016, IEEE Communications Magazine.

[13]  Luiz Eduardo Soares de Oliveira,et al.  Towards an Energy-Efficient Anomaly-Based Intrusion Detection Engine for Embedded Systems , 2017, IEEE Transactions on Computers.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  H MahmoudQusay,et al.  Cyber physical systems security , 2017 .

[16]  Ralph Langner,et al.  Stuxnet: Dissecting a Cyberwarfare Weapon , 2011, IEEE Security & Privacy.

[17]  Altair Olivo Santin,et al.  A multi-domain role activation model , 2017, 2017 IEEE International Conference on Communications (ICC).

[18]  P. Balamuralidhar,et al.  One time password authentication scheme based on elliptic curves for Internet of Things (IoT) , 2015, 2015 5th National Symposium on Information Technology: Towards New Smart World (NSITNSW).

[19]  Qusay H. Mahmoud,et al.  Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[20]  Altair Olivo Santin,et al.  A reliable and energy-efficient classifier combination scheme for intrusion detection in embedded systems , 2018, Comput. Secur..

[21]  Kuo-Hui Yeh,et al.  Novel Authentication Schemes for IoT Based Healthcare Systems , 2015, Int. J. Distributed Sens. Networks.

[22]  Xi Fang,et al.  3. Full Four-channel 6.3-gb/s 60-ghz Cmos Transceiver with Low-power Analog and Digital Baseband Circuitry 7. Smart Grid — the New and Improved Power Grid: a Survey , 2022 .