Prioritized access control enabling weighted, fine-grained protection in cyber-physical systems

This article investigates access control in cyber-physical systems, making a decision to permit or deny a user’s request for access operations on a system. Access operations in cyber-physical system result in diverse impacts on human beings and are perceived with different importance. Say, controlling a nuclear plant and reading data from it must be given different priorities. Access requests for these operations must be authorized distinctively with different protection levels, named prioritization issue. Existing solutions, however, do not either satisfy the prioritization requirement efficiently or work well in cyber-physical system environment. To solve the prioritization problem, we propose a new access control mechanism, named multi-factor access control, that employs a multi-factoring technique. In multi-factor access control, a user is granted multiple secret keys (i.e. factors) from independent authorities. When accessing a highly prioritized object, the user must present more than two factors, each of which is issued from different authorities. This decreases the probability that it presents false evidence of qualification, increasing protection level. To demonstrate the feasibility, we implement the proposed scheme and apply it to our smart building testbed. Throughout real-world experiments, we evaluate the performance of computation cost and illustrate automated, prioritized smart building controls.

[1]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[2]  Mario Gerla,et al.  Resource Centric Security to protect customer energy information in the smart grid , 2012, 2012 IEEE Third International Conference on Smart Grid Communications (SmartGridComm).

[3]  Heejo Lee,et al.  This article has been accepted for inclusion in a future issue of this journal. Content is final as presented, with the exception of pagination. INVITED PAPER Cyber–Physical Security of a Smart Grid Infrastructure , 2022 .

[4]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[5]  P. MuraliKrishna,et al.  SECURE SCHEMES FOR SECRET SHARING AND KEY DISTRIBUTION USING PELL'S EQUATION , 2013 .

[6]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[7]  Nei Kato,et al.  Toward secure targeted broadcast in smart grid , 2012, IEEE Commun. Mag..

[8]  Eric C. Larson,et al.  Disaggregated End-Use Energy Sensing for the Smart Grid , 2011, IEEE Pervasive Computing.

[9]  Manachai Toahchoodee,et al.  Ensuring spatio-temporal access control for real-world applications , 2009, SACMAT '09.

[10]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[11]  Randy L. Ekl,et al.  Security Technology for Smart Grid Networks , 2010, IEEE Transactions on Smart Grid.

[12]  Siddharth Sridhar,et al.  Cyber–Physical System Security for the Electric Power Grid , 2012, Proceedings of the IEEE.

[13]  Fangxing Li,et al.  $S^{3}A$ : A Secure Data Sharing Mechanism for Situational Awareness in The Power Grid , 2013, IEEE Transactions on Smart Grid.

[14]  Mario Gerla,et al.  Energy Service Interface: Accessing to Customer Energy Resources for Smart Grid Interoperation , 2013, IEEE Journal on Selected Areas in Communications.

[15]  Sushmita Ruj,et al.  A Decentralized Security Framework for Data Aggregation and Access Control in Smart Grids , 2013, IEEE Transactions on Smart Grid.

[16]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[17]  Aaron Elliott,et al.  Role Explosion: Acknowledging the Problem , 2010, Software Engineering Research and Practice.

[18]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .