Construction of the Authorization Model of the External Means of Protection of Automated Management Systems of Technological Processes Based on the Internet of Things

About the authors:

Alexander A. Zakharov, Dr. Sci (Tech.), Professor, Secure Smart City Information Technologies Department, University of Tyumen; a.a.zakharov@utmn.ru

Kirill Yu. Ponomarev, Postgraduate Student, Information Security Department, Tyumen State University; k.y.ponomaryov@utmn.ru

Evgeniy S. Nesgovorov, Postgraduate Student, Information Security Department, Tyumen State University; e.s.nesgovorov@utmn.ru

Olga V. Nissenbaum, Cand. Sci. (Phys.-Math.), Associate Professor, Information Security Department, Tyumen State University; o.v.nissenbaum@utmn.ru

Abstract:

The aim of the work is to build the model of authorization and the access control of the external devices of automated control systems by technological processes in accordance with the concept of the Internet of Things for centralized, distributed and mixed configurations.

The article studies the issue of protection of the automated control systems by technological processes with the help of external devices, sensors that implement the concept of Internet of Things (IoT). Various approaches to the construction of the Internet of Things are considered, problems of the distributed IoT structure and methods for their solution are presented. The main problems in the case of a decentralized system are: registration and authentication mechanisms, authorization and access control models, and the schemes of ontology and the service detection. To implement the access control mechanism, we propose the methods of attribute encryption, the review of which is given in this article. Also, a list of problems associated with the use of Attribute-Based Encryption (ABE) in distributed networks, in particular, in the networks of sensors IoT, is constructed. The scheme for the transfer of secret keys between the centers of issuing attributes and end devices is given. The bottleneck of the encryption based on attributes in a distributed network is the cryptographic keys management. To solve this problem the authors developed the protocol based on the Otway-Rees protocol key distribution scheme with a single trusted center for all nodes. The shared secret key is generated during the registration process on the authentication server. Methods for implementing mechanisms for constructing the ontology of a distributed network are considered, and an example of such ontology is constructed. Also, the problem of the attributes actualization for schemes using ABE is discussed.

References:

1. Kupriyanovskiy V. P., Namiot D. E., Drozhzhinov V. I., Kupriyanovskaya Yu. V., Ivanov M. O. 2016. “Internet Veshchey na promyshlennykh predpriyatiyakh” [Internet of Things in Industrial Enterprises]. International Journal of Open Information Technologies, vol. 4, no 12, pp. 69-78.
2. Chase M. 2007. “Multi-authority Attribute Based Encryption”. Theory of Cryptography Conference, Springer Berlin Heidelberg, pp. 515-534. DOI: 10.1007/978-3-540-70936-7_28
3. Hachem S., Teixeira T., Issarny V. 2011. “Ontologies for the Internet of Things”. Proceedings of the 8th Middleware Doctoral Symposium, ACM, pp. 3. DOI: 10.1145/2093190.2093193
4. Leloglu E. A. 2017. “Review of Security Concerns in Internet of Things”. Journal of Computer and Communications, no 5, pp. 121-136.
5. Lewko A., Waters B. 2011. “Decentralizing attribute-based encryption”. Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer Berlin Heidelberg, pp. 568-588. DOI: 10.1007/978-3-642-20465-4_31
6. Lewko A., Sahai A., Okamoto T., Takashima K., Waters B. 2010. “Fully secure functional encryption: Attribute-based encryption and (hierarchical) inner product encryption”. Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer Berlin Heidelberg, pp. 62-91. DOI: 10.1007/978-3-642-13190-5_4
7. Ostrovsky R., Sahai A., Waters B. 2007. “Attribute-Based Encryption with Non-Monotonic Access Structures”. Proceedings of the 14th ACM Conference on Computer and Communications Security, ACM, pp. 195-203. DOI: 10.1145/1315245.1315270
8. Otway D., Rees O. 1987. “Efficient and Timely Mutual Authentication”. Operating Systems Review, vol. 24, no 1, pp. 8-10. DOI: 10.1145/24592.24594
9. Sahai A., Waters B. 2005. “Fuzzy Identity-Based Encryption”. Advances in Cryptology V Eurocrypt, pp. 457-473. DOI: 10.1007/11426639_27
10. Wang G., Liu Q., Wu J. 2010. “Hierarchical Attribute-Based Encryption for Fine-Grained Access Control in Cloud Storage Services”. Proceedings of the 17th ACM Conference on Computer and Communications Security, ACM, pp. 735-737. DOI: 10.1145/1866307.1866414
11. Wang W., De S., Toenjes R., Reetz E., Moessner K. 2012. “A Comprehensive Ontology for Knowledge Representation in the Internet of Things”. Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, IEEE, pp. 1793-1798. DOI: 10.1109/trustcom.2012.20
12. Wang X., Zhang J., Schooler E. M., Ion M. 2014. “Performance Evaluation of Attribute-Based Encryption: Toward Data Privacy in the IoT”. Communications (ICC), 2014 IEEE International Conference on, IEEE, pp. 725-730. DOI: 10.1109/icc.2014.6883405
13. Waters B. 2011. “Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization”. International Workshop on Public Key Cryptography, Springer Berlin Heidelberg, pp. 53-70. DOI: 10.1007/978-3-642-19379-8_4
14. Yao X., Chen Z., Tian Y. 2015. “A Lightweight Attribute-Based Encryption Scheme for the Internet of Things”. Future Generation Computer Systems, vol. 49, pp. 104-112. DOI: 10.1016/j.future.2014.10.010