Authentication, authorization and digital identity management are core features required by secure digital systems. Therein, authorization is the key component for regulating the detailed access credentials to required service resources. Authorization, therefore, plays a significant role in the trust management of autonomous devices and services. Due to the heterogeneous nature of Cyber-Physical Systems and the Internet of Things, several authorization techniques using different access control models, accounts, groups, tokens, and delegations have both strengths and weaknesses. There exists many literature studies on other main security requirements such as authentication, identity management and confidentiality. However, there is a need for a comprehensive review on different authorization techniques in Cyber Physical systems and Internet of Things. A specific target of this paper is authorization in the Cyber Physical system and Internet of Things networks with non-constrained devices in industrial context with mobility, subcontractors, and autonomous machines that are able to carry out advanced tasks on behalf of others. We study the different authorization techniques using our three-dimensional classification including access control models, sub-granting models and authorization governance. We focus on the state of the art on authorization sub-granting, including delegation techniques by access control/authorization server and self-contained authorization using a new concept of Power of Attorney. Comparison is performed on several parameters such as type of communication, method of authorization, control of expiration, and use of techniques such as public-key certificate, encryption techniques, and tokens. The results show the differences and similarities of server-based and Power of Attorney based authorization sub-granting. The most common standards are also analyzed in light of those classifications. INDEX TERMSAuthorization, access control models, Cyber Physical Systems (CPS), Internet of Things (IoT), sub-granting, delegation, Power of Attorney (PoA), OAuth I. INTRODUCTION T HE wider implementation of connected devices makes a significant increase in business revenue. Nowadays, enterprises invest in machine to machine (M2M) communication, Internet of Things (IoT) and Cyber Physical Systems (CPS) to increase competitiveness in different domain areas such as vehicular communication [1] [2], healthcare [3], smart homes [4] [5] and smart grids [6]. The IoT technology connects things and smart objects, that can sense and monitor the surrounding environments, process and transmit the collected sensor data. Currently, the number of connected things have reached to billions or trillions in the world. Industrial IoT (IIoT) is a subset of IoT, which is used in automated M2M and industrial communications to connect all industrial assets. A CPS system integrates internet technology and advanced electronic/mechanic devices so that they can communicate with each other through data 17 exchanges. The CPS uses computer-b...
Distributed Internet of Things and cyber-physical systems can potentially be used as agents to automatically sign events and transactions on behalf of users. To accomplish this, there is a need for a model that can represent the relationships, credentials and organizational hierarchies of people and devices, facilitating agents acting as signatories in a controlled way. This paper proposes such a model, where people in different positions are entitled to sign on behalf of organizations or departments therein and extend that to representing machines. Central in this model is the Power of Attorney (PoA), which is a self-contained and signed digital document that for a limited time and in a defined context, authorizes a particular agent (whether a person or device) to sign on behalf of a principal. Although such selfcontained PoAs can be stored anywhere, we propose a conceptual architecture based on PoAs and include a signatory registry that keeps track of organizational hierarchies in terms of people and devices according to the defined model and stored PoAs in that context.
Many Cyber-Physical Systems are today semiautonomous and powerful enough to perform advanced tasks on their own. This means they can also act as representatives of people or devices that have given them an order.However, traditional access control policies and delegation models do not meet industrial requirements such as support for letting autonomous CPS devices act on their own with certified credentials under the sub authorization by subcontractors, without the need for a separate account per device.In this paper, we analyze and compare power of attorney, proxy signature by warrant, and OAuth to identify the strengths and challenges of each. Based on the comparison, we propose an OAuth grant type based on the power of attorney and inspired by the concept of proxy signature by warrant. Power of Attorney is a generic and self-contained document that a principal signs and directs to an agent, thereby providing it the power to execute actions on behalf of the principal for a predefined time, even if it is offline. One key advantage of the power of attorney is that it can support effective sub-granting on several levels to support industrial scenarios where resource owners bring in authorized contractors that can in their turn authorize and bring in several devices without incurring management overhead to the resource owner. A proof-of-concept and performance evaluation of the proposed model is presented using an industrial use-case scenario with multi-level authorization.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.