Gestão de Identidade e Acesso para dispositivos IoT na Smart Grid
Resumo
Redes elétricas inteligentes (SG, Smart Grid) são compostas por dispositivos da internet das coisas (IoT, Internet of Things) que possuem restrições computacionais que impedem a adoção de protocolos tradicionais de comunicação e segurança. Assim, esse trabalho propõem uma abordagem de segurança fim-a-fim na comunicação entre os elementos da SG, permitindo que um usuário autenticado transporte suas credenciais obtidas na Internet para o contexto de IoT. Essa abordagem tem como principal vantagem a utilização do protocolo multicast na comunicação, sem comprometer a segurança. Apesar dessa proposta prover segurança na comunicação, não é capaz de prover controle fino no acesso aos recursos protegidos da IoT. Dessa maneira, propomos um controle de acesso leve baseado em duas etapas baseado para prover autorizações baseadas em papéis no contexto da IoT. A avaliação do protótipo mostrou-se mais eficiente e flexível do que os trabalhos encontrados na literatura.
Referências
A. Cárdenas, S. Amin, and S. Sastry, “Research Challenges for the Security of Control Systems,” Netw. Secur., p. 6, 2008.
A. Witkovski, A. Santin, V. Abreu, and J. Marynowski, “An IdM and key-based authentication method for providing single sign-on in IoT,” in 2015 IEEE Global Communications Conference, GLOBECOM 2015, 2015.
D. F. Ferraiolo, D. R. Kuhn, and R. Chandramouli, “Role-Based Access Control,” Components, vol. 2002, no. 10, p. 338, 2003.
D. M'Raihi, S. Machani, M. Pei and J. Rydell, "TOTP: Time-Based One-Time Password Algorithm", RFC 6238, DOI 10.17487/RFC6238, 2011.
Hacker News, “Millions of IoT Devices Using Same Hard-Coded CRYPTO Keys,” 2015. [Online]. Disponível em: http://thehackernews.com/2015/11/iot-devicecrypto-keys.html.
IEC Smart Grid Standardization Roadmap. [Online]. Disponível em: https://www.iec.ch/smartgrid/downloads/sg3_roadmap.pdf.
Infoworld, “Millions of embedded devices use the same hard-coded SSH and TLS private keys,” 2015. [Online]. Disponível em: [link].
J. L. Hou and K. H. Yeh, “Novel Authentication Schemes for IoT Based Healthcare Systems,” Int. J. Distrib. Sens. Networks, vol. 2015, 2015.
J. Liu, Y. Xiao, and C. L. P. Chen, “Authentication and Access Control in the Internet of Things,” International Conference on Distributed Computing Systems Workshops, 2012, pp. 588–592.
K. Ammayappan, A. Saxena, and A. Negi, “Mutual authentication and key agreement based on elliptic curve cryptography for GSM,” in Proceedings 2006 14th International Conference on Advanced Computing and Communications, ADCOM 2006, 2006, pp. 183–186.
L. A. R. Shantha Mary Joshitta, “Authentication in IoT Environment: A Survey,” International J. Adv. Res. Comput. Sci. Softw. Eng., vol. 6, no. 10, 2016.
Mallmann, J., Santin, A. O., Viegas, E. K., dos Santos, R. R., and Geremias, J. (2020). PP-Censor: Architecture for real-time pornography detection in video streaming. Future Generation Computer Systems, 112:945–955.
NIST, “Framework for Improving Critical Infrastructure Cybersecurity,” 2014.
O. Garcia-Morchon, S. L. Keoh, S. Kumar, P. Moreno-Sanchez, F. Vidal-Meca, and J. H. Ziegeldorf, “Securing the IP-based internet of things with HIP and DTLS,” in ACM conference on Security and privacy in wireless and mobile networks WiSec, 2013, p. 119.
P. McDaniel and S. McLaughlin. Security and privacy challenges in the smart grid. IEEE Security & Privacy, 7(3):75–77, 2009.
Ramos, F., Viegas, E., Santin, A., Horchulhack, P., dos Santos, R. R., and Espindola, A. (2021). A machine learning model for detection of docker-based APP overbooking on kubernetes. In ICC 2021 IEEE International Conference on Communications. IEEE.
R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Secur. Priv., vol. 9, no. 3, pp. 49–51, 2011.
Tomio, R. L., Viegas, E. K., Santin, A. O., and dos Santos, R. R. (2021). A multi-viewintrusion detection model for reliable and autonomous model updates. In ICC 2021 -IEEE International Conference on Communications. IEEE.
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2018). A machine learning auditing model for detection of multi-tenancy issues within tenant domain. 2018 IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CC-GRID).
Vicentini, C., Santin, A., Viegas, E., and Abreu, V. (2019). SDN-based and multitenant-aware resource provisioning mechanism for cloud-based big data streaming. Journal of Network and Computer Applications, 126:133–149.
Viegas, E., Santin, A. O., and Jr, V. A. (2021). Machine learning intrusion detection in big data era: A multi-objective approach for longer model lifespans. IEEE Transactions on Network Science and Engineering, 8(1):366–376.
V. C. Gungor, B. Lu, and G. P. Hancke. Opportunities and challenges of wireless sensor networks in smart grid. IEEE Trans. Ind. Electron., 57(10):3557–3564, 2010.
V. L. Shivraj, M. A. Rajan, M. Singh, and P. Balamuralidhar, “One time password authentication scheme based on elliptic curves for Internet of Things (IoT),” Natl. Symp. Inf. Technol. Towar. New Smart World, no. c, pp. 1–6, 2015.
W. L. Chin, Y. H. Lin, and H. H. Chen, “A Framework of Machine-to-Machine Authentication in Smart Grid: A Two-Layer Approach,” IEEE Com. Mag., vol. 54, no. 12, pp. 102–107, 2016.
X. Fang, S. Misra, G. Xue, and D. Yang, “Smart grid The new and improved power grid: A survey,” IEEE Communications Surveys and Tutorials, vol. 14, no. 4. pp. 944–980, 2012.
Y. Ashibani and Q. H. Mahmoud, “Cyber physical systems security: Analysis, challenges and solutions,” Comput. Secur., vol. 68, pp. 81–97, 2017.
Y. C. Y. Cao and L. Y. L. Yang, “A survey of Identity Management technology,” 2010 IEEE Int. Conf. Inf. Theory Inf. Secur., pp. 287–293, 2010.
Y. Peng, T. Lu, J. Liu, Y. Gao, X. Guo, and F. Xie, “Cyber-physical system risk assessment,” in Proceedings 2013 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, IIH-MSP 2013, 2013, pp. 442–447.
ZDnet, “Smart meter hacking tool released,” 2021. [Online]. Disponível em: http://www.zdnet.com/article/smart-meter-hacking-tool-released/.