Identity and Access Management in Smart Grid for Internet-of-Things Devices
Abstract
The smart grid (SG) is composed of IoT devices, that are resource constrained devices that restrict the use of traditional communication and security protocols. In the light of this, this work proposes an end-to-end secure communication between the elements in the SG, allowing an authenticated user to transport her credentials obtained on the Internet to the IoT context. This approach has as its main advantage the higher efficiency in the message exchanges, by adopting the multicast communication, without compromising the security. Even though this process provides secure communication, it is not capable of enforcing fine-grained access control on protected resources. Therefore, we propose a two-step lightweight access control that builds upon the established configuration to provide role-based authorization in IoT context. The prototype evaluation was more efficient and flexible than those found in the literature.
Keywords:
Identity and Access Management, Smart Grid, IoT
References
A. A. Chavan and M. K. Nighot, “Secure and Cost-effective Application Layer Protocol with Authentication Interoperability for IOT,” in Physics Procedia, 2016, vol. 78, pp. 646–651.
A. Cárdenas, S. Amin, and S. Sastry, “Research Challenges for the Security of Control Systems,” Netw. Secur., p. 6, 2008.
A. Witkovski, A. Santin, V. Abreu, and J. Marynowski, “An IdM and key-based authentication method for providing single sign-on in IoT,” in 2015 IEEE Global Communications Conference, GLOBECOM 2015, 2015.
D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli, “Role-Based Access Control,” Components, vol. 2002, no. 10, p. 338, 2003.
D. M'Raihi, S. Machani, M. Pei and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, DOI 10.17487/RFC6238, 2011.
Hacker News, “Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys,” 2015. [Online]. Disponível em: http://thehackernews.com/2015/11/iot-devicecrypto-keys.html.
IEC Smart Grid Standardization Roadmap. [Online]. Disponível em: https://www.iec.ch/smartgrid/downloads/sg3_roadmap.pdf.
Infoworld, “Millions of embedded devices use the same hard-coded SSH and TLS private keys,” 2015. [Online]. Disponível em: [link].
J. L. Hou and K. H. Yeh, “Novel Authentication Schemes for IoT Based Healthcare Systems,” Int. J. Distrib. Sens. Networks, vol. 2015, 2015.
J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and Access Control in the Internet of Things,” International Conference on Distributed Computing Systems Workshops, 2012, pp. 588–592.
K. Ammayappan, A. Saxena, and A. Negi, “Mutual authentication and key agreement based on elliptic curve cryptography for GSM,” in Proceedings 2006 14th International Conference on Advanced Computing and Communications, ADCOM 2006, 2006, pp. 183–186.
L. A. R. Shantha Mary Joshitta, “Authentication in IoT Environment: A Survey,” International J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 10, 2016.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PP-Censor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
NIST, “Framework for Improving Critical Infrastructure Cybersecurity,” 2014.
O. Garcia-Morchon, S. L. Keoh, S. Kumar, P. Moreno-Sanchez, F. Vidal-Meca, and J. H. Ziegeldorf, “Securing the IP-based internet of things with HIP and DTLS,” in ACM conference on Security and privacy in wireless and mobile networks WiSec, 2013, p. 119.
P. McDaniel and S. McLaughlin. Security and privacy challenges in the smart grid. IEEE Security & Privacy, 7(3):75–77, 2009.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Secur. Priv., vol. 9, no. 3, pp. 49–51, 2011.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-viewintrusion detection model for reliable and autonomous model updates. In ICC 2021 -IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. 2018 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CC-GRID).
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
V. C. Gungor, B. Lu, and G. P. Hancke. Opportunities and challenges of wireless sensor networks in smart grid. IEEE Trans. Ind. Electron., 57(10):3557–3564, 2010.
V. L. Shivraj, M. A. Rajan, M. Singh, and P. Balamuralidhar, “One time password authentication scheme based on elliptic curves for Internet of Things (IoT),” Natl. Symp. Inf. Technol. Towar. New Smart World, no. c, pp. 1–6, 2015.
W. L. Chin, Y. H. Lin, and H. H. Chen, “A Framework of Machine-to-Machine Authentication in Smart Grid: A Two-Layer Approach,” IEEE Com. Mag., vol. 54, no. 12, pp. 102–107, 2016.
X. Fang, S. Misra, G. Xue, and D. Yang, “Smart grid The new and improved power grid: A survey,” IEEE Communications Surveys and Tutorials, vol. 14, no. 4. pp. 944–980, 2012.
Y. Ashibani and Q. H. Mahmoud, “Cyber physical systems security: Analysis, challenges and solutions,” Comput. Secur., vol. 68, pp. 81–97, 2017.
Y. C. Y. Cao and L. Y. L. Yang, “A survey of Identity Management technology,” 2010 IEEE Int. Conf. Inf. Theory Inf. Secur., pp. 287–293, 2010.
Y. Peng, T. Lu, J. Liu, Y. Gao, X. Guo, and F. Xie, “Cyber-physical system risk assessment,” in Proceedings 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2013, 2013, pp. 442–447.
ZDnet, “Smart meter hacking tool released,” 2021. [Online]. Disponível em: http://www.zdnet.com/article/smart-meter-hacking-tool-released/.
A. Cárdenas, S. Amin, and S. Sastry, “Research Challenges for the Security of Control Systems,” Netw. Secur., p. 6, 2008.
A. Witkovski, A. Santin, V. Abreu, and J. Marynowski, “An IdM and key-based authentication method for providing single sign-on in IoT,” in 2015 IEEE Global Communications Conference, GLOBECOM 2015, 2015.
D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli, “Role-Based Access Control,” Components, vol. 2002, no. 10, p. 338, 2003.
D. M'Raihi, S. Machani, M. Pei and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, DOI 10.17487/RFC6238, 2011.
Hacker News, “Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys,” 2015. [Online]. Disponível em: http://thehackernews.com/2015/11/iot-devicecrypto-keys.html.
IEC Smart Grid Standardization Roadmap. [Online]. Disponível em: https://www.iec.ch/smartgrid/downloads/sg3_roadmap.pdf.
Infoworld, “Millions of embedded devices use the same hard-coded SSH and TLS private keys,” 2015. [Online]. Disponível em: [link].
J. L. Hou and K. H. Yeh, “Novel Authentication Schemes for IoT Based Healthcare Systems,” Int. J. Distrib. Sens. Networks, vol. 2015, 2015.
J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and Access Control in the Internet of Things,” International Conference on Distributed Computing Systems Workshops, 2012, pp. 588–592.
K. Ammayappan, A. Saxena, and A. Negi, “Mutual authentication and key agreement based on elliptic curve cryptography for GSM,” in Proceedings 2006 14th International Conference on Advanced Computing and Communications, ADCOM 2006, 2006, pp. 183–186.
L. A. R. Shantha Mary Joshitta, “Authentication in IoT Environment: A Survey,” International J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 10, 2016.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PP-Censor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
NIST, “Framework for Improving Critical Infrastructure Cybersecurity,” 2014.
O. Garcia-Morchon, S. L. Keoh, S. Kumar, P. Moreno-Sanchez, F. Vidal-Meca, and J. H. Ziegeldorf, “Securing the IP-based internet of things with HIP and DTLS,” in ACM conference on Security and privacy in wireless and mobile networks WiSec, 2013, p. 119.
P. McDaniel and S. McLaughlin. Security and privacy challenges in the smart grid. IEEE Security & Privacy, 7(3):75–77, 2009.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Secur. Priv., vol. 9, no. 3, pp. 49–51, 2011.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-viewintrusion detection model for reliable and autonomous model updates. In ICC 2021 -IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. 2018 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CC-GRID).
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
V. C. Gungor, B. Lu, and G. P. Hancke. Opportunities and challenges of wireless sensor networks in smart grid. IEEE Trans. Ind. Electron., 57(10):3557–3564, 2010.
V. L. Shivraj, M. A. Rajan, M. Singh, and P. Balamuralidhar, “One time password authentication scheme based on elliptic curves for Internet of Things (IoT),” Natl. Symp. Inf. Technol. Towar. New Smart World, no. c, pp. 1–6, 2015.
W. L. Chin, Y. H. Lin, and H. H. Chen, “A Framework of Machine-to-Machine Authentication in Smart Grid: A Two-Layer Approach,” IEEE Com. Mag., vol. 54, no. 12, pp. 102–107, 2016.
X. Fang, S. Misra, G. Xue, and D. Yang, “Smart grid The new and improved power grid: A survey,” IEEE Communications Surveys and Tutorials, vol. 14, no. 4. pp. 944–980, 2012.
Y. Ashibani and Q. H. Mahmoud, “Cyber physical systems security: Analysis, challenges and solutions,” Comput. Secur., vol. 68, pp. 81–97, 2017.
Y. C. Y. Cao and L. Y. L. Yang, “A survey of Identity Management technology,” 2010 IEEE Int. Conf. Inf. Theory Inf. Secur., pp. 287–293, 2010.
Y. Peng, T. Lu, J. Liu, Y. Gao, X. Guo, and F. Xie, “Cyber-physical system risk assessment,” in Proceedings 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2013, 2013, pp. 442–447.
ZDnet, “Smart meter hacking tool released,” 2021. [Online]. Disponível em: http://www.zdnet.com/article/smart-meter-hacking-tool-released/.
Published
2021-10-04
How to Cite
ABREU JR., Vilmar; SANTIN, Altair O.; VIEGAS, Eduardo K.; VICENTINI, Cleverton J. A.; DA SILVA, Mateus N..
Identity and Access Management in Smart Grid for Internet-of-Things Devices. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Belém.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 1-14.
DOI: https://doi.org/10.5753/sbseg.2021.17302.
