Release:2017, Vol. 3. №1
About the authors:Alexander A. Zakharov, Dr. Sci (Tech.), Professor, Secure Smart City Information Technologies Department, University of Tyumen; firstname.lastname@example.org
The aim of the work is to build the model of authorization and the access control of the external devices of automated control systems by technological processes in accordance with the concept of the Internet of Things for centralized, distributed and mixed configurations.
The article studies the issue of protection of the automated control systems by technological processes with the help of external devices, sensors that implement the concept of Internet of Things (IoT). Various approaches to the construction of the Internet of Things are considered, problems of the distributed IoT structure and methods for their solution are presented. The main problems in the case of a decentralized system are: registration and authentication mechanisms, authorization and access control models, and the schemes of ontology and the service detection. To implement the access control mechanism, we propose the methods of attribute encryption, the review of which is given in this article. Also, a list of problems associated with the use of Attribute-Based Encryption (ABE) in distributed networks, in particular, in the networks of sensors IoT, is constructed. The scheme for the transfer of secret keys between the centers of issuing attributes and end devices is given. The bottleneck of the encryption based on attributes in a distributed network is the cryptographic keys management. To solve this problem the authors developed the protocol based on the Otway-Rees protocol key distribution scheme with a single trusted center for all nodes. The shared secret key is generated during the registration process on the authentication server. Methods for implementing mechanisms for constructing the ontology of a distributed network are considered, and an example of such ontology is constructed. Also, the problem of the attributes actualization for schemes using ABE is discussed.