Sage Journals: Discover world-class research

Abstract

In the next-generation intelligent power grid, known as the smart grid, various objects can access systems in several network environments, and, accordingly, access control security becomes critical. Thus, to provide users with secure services in the smart grid, a new access control security model is needed. This paper proposes a dynamic access model for secure user services in the smart grid environment. The proposed model analyzes the user's various access contexts and chooses an appropriate context type among the predefined context types. And then it applies the context-based user security policy to allow the user's access to services dynamically. Therefore, it provides stronger security services by permitting context information-applied security services and flexible access control in various network environments. It is expected that this study will be used to solve important access control issues when establishing the smart grid.

1. Introduction

Recently, with the development of renewable energy, interest in efficient energy management has increased. The next-generation intelligent power grid, smart grid, unlike existing provider-centered one-way energy operation systems, is a two-way operating system in which consumers participate in energy use and operation [1–3]. In addition, smart grid technology, interlocked with home networks, allows the control of information appliances no matter when or where the user is. However, to securely provide these and other services, it is important to secure home network security, protect private information, and restrict access to home devices.

For example, if a user requesting services receives authorization with his or her user information and receives the same services regardless of location, time, or access device, a severe security issue may occur if the user's authority is stolen or the device is lost.

In the infrastructure of existing services, access rights to a resource are granted only after the execution of a user authorization phase. In contrast, for the resources or services executed in various network environments like the smart grid, the user's accessibility should change depending on the ambient context information.

Currently, the smart grid has a variety of security vulnerabilities. In particular, security measures for various network environments and corresponding new services are lacking [4–6].

Therefore, to provide secure user services according to ambient context, it is also necessary to provide dynamic, context-adaptive services. To this end, various sensors and computers should collect and effectively share environment information, find the contexts of the user and macroenvironment, and provide appropriate services for them.

Context refers to the information that characterizes and defines the state of entities in the real world. Context awareness is a technical method of interacting with this context and characterizing a human's current context [7]. Context awareness computing application technology includes methods based on the correlation between the user and services. Its implementation and application technologies can be devised in various forms [8–10]. Recently, security-related areas that consider context awareness have received attention, and various studies on several security models have been actively carried out [11–13]. It is necessary to study a new access control security model, applying this to the smart grid environment to provide security services according to time, space, and user context.

Access control is a well-known security mechanism to give access permission or denial message to an access request according to the predefined access policies, in which the system monitors and controls who can access the specific data and also what they can do onto that data. Unlike general access control, dynamic access control uses place (where), time (when), and purpose (why) according to context information as the conditions for access permission [14].

This paper proposes a dynamic access control model to provide users with secure services in the smart grid environment. The model proposed in this paper analyzes ambient context information according to context type and, accordingly, dynamically manages service authority for the users. In addition, the security levels are applied differently depending on the users’ context information, even to users with service authority. Thus, the proposed model provides context-adaptive security services and flexible access controls in the various network environments of the smart grid. In addition, it inspects ambient conditions in real time, dynamically grants access right differently depending on them, and provides more powerful security services than existing resource security services.

This study is organized as follows. Section 2 examines two related models from among the existing access control security models. Section 3 proposes a model limiting dynamic access rights depending on changes in the ambient context information. Section 4 describes an application of the proposed model to the smart grid environment. Lastly, Section 5 concludes the paper and proposes future research topics.

2. Related Work

This section examines two related areas of research: role-based access control (RBAC) and the context awareness access control (CAAC) model. Additionally, it describes the necessity of a security model providing dynamic security services according to context in the smart grid environment.

2.1. Role-Based Access Control (RBAC)

The RBAC model is a technology that does not give access rights to system resources by user or predefined access control rules, but by the group to which the user belongs, that is, the user's role [15–19]. This model classifies rights not to the user unit but to the user's role. In addition, the roles have a hierarchical structure, and through the structure ancestor's access rights can be inherited to its descendants easily, and hence, access rights can be more effectively managed in this hierarchical structure. Figure 1 shows the characteristics of a general role-based control model. Sandhu et al. proposed role-based access control by classifying models into the following four kinds [20].

(i)

RBAC₀: role-based access control basic model.

(ii)

RBAC₁: basic model with the addition of role hierarchy, an inheritance concept.

(iii)

RBAC₂: basic model with the addition of context constraint conditions.

(iv)

RBAC₃: model integrating RBAC₁ and RBAC₂

Figure 1

Role-based access control model.

The RBAC model classifies access rights by role and grants the responsibilities and rights of the individual user accordingly. Thus, by providing security services through the access control of the user for resources, it maximizes the efficiency of security management. However, the RBAC model cannot perform dynamic access control based on contexts such as time and space.

Neumann and Strembeck proposed the xoRBAC model that limits role-based access control to use context information in access control decisions [21]. A context constraint describes the condition that satisfies a context information attribute to permit a specific calculation by limiting role-based access control. Access control is limited by comparing the real value of the context information attributes with predefined conditions. The context constraints are formed of a tuple of context attribute, function, and condition. The decision regarding rights is made according to the rights of a specific subject or role. Thus, as in Figure 2, the context is a condition that limits the granting of rights. Rights relate to several context constraints, and, when all context constraints have true values, access is permitted.

Figure 2

xoRBAC model.

2.2. Context Aware Access Control (CAAC)

The CAAC model is an access control technology that uses context awareness by dynamically measuring the current context of the user's access demand and evaluating it. In other words, it is a model that decides rights by adding context information to the existing RBAC model [22]. The CAAC model access control methods are given by the following four definitions [23, 24].

(i)

Context type (CT): an element of context constraint that defines context information.

(1)

Context set (CS): a set of all context types in an application

\begin{matrix} CS = {{CT}_{1}, {CT}_{2} \dots C T_{n}}, 1 \leq i \leq n . \end{matrix}

(1)

(2)

Context implementation (CI): a function of context types defined by

\begin{matrix} CI : C T_{1} \times C T_{2} \times \dots \times C T_{n} ⟶ CT, n \geq 0 . \end{matrix}

(2)

(ii)

Context constraint (CC): the definition of context information using CT in a formulaic form.

(1)

$CC ∶ = {Clause}_{1} \cup {Clause}_{2} \cup \dots \cup {Clause}_{n}$ .

(2)

$Clause ∶ = {Condition}_{1} \cap {Condition}_{2} \cap \dots \cap {Condition}_{i}$ .

(3)

Condition $∶ =$ <CT><OP><VALUE>.

(4)

CT is an element of CS.

(5)

OP is a logical operator in set ${>, \geq, <, \leq, \neq, =}$ .

(6)

VALUE is a specific value of CT.

(iii)

Authorization policy (AP): a policy providing access rights (R) to resources for the user or role (P) according to context constraint (C).

(1)

An authorization policy as a triple, AP = (R, P, C), where

(2)

R is the subject in this policy, which could be a user or a role,

(3)

P is the permission in this policy, which is defined as a pair <M, O>, where M is an operation mode defined in ${READ, APPEND, DELETE, UPDATE}$ and O is a data object or data type,

(4)

C is a context constraint in this policy.

(iv)

Data access (DA): an attempt to access specific information using the user's role and context information.

(1)

DA = (U, P, RC) where

(2)

U is a user in the user set that issues this data access,

(3)

P is the permission this user wants to acquire,

(4)

Runtime context (RC) is a set of values for every context type in the context set.

DA (U, P, RC) is granted if there exists an AP ( $R, P^{'}, C$ ),

(1)

$U \in R$ and

(2)

$P = P^{'}$ and

(3)

C is evaluated as true under RC.

Figure 3 shows the CAAC model's policy decision process. This is similar to the RBAC model, but, by adding a context constraint element, it decides whether to grant rights according to a context value.

Figure 3

CAAC authorization policy structure.

2.3. Demands for Dynamic Access Controlling

Recently published access control schemes have various characteristics for providing flexibility and security. Generalized temporal role-based access control (GTRBAC) can give access rights under the time constraints and the periodical configuration [25, 26], Privacy role-based access control (PRABAC) can provide stronger privacy policy to the access time [27, 28]. And Geo-RBAC model is considering the user location information before giving the access permission [29]. Nonetheless, the smart grid is not a simple architecture and it has many kinds of context and circumstances, the existing access control models can cover all aspects of the smart grid environment.

In the smart grid environment, each model is distributed and arranged for cooperative performance and various objects may access the systems. This access control management for each object is very closely related to security issues. Thus, for efficient access control of smart grid, it is necessary to systematically analyze security requirements and a policy to solve them is needed. In addition, to apply access control policy more efficiently and consistently, an access control mechanism is necessary.

3. Dynamic Access Control Modeling (DACM)

This section describes a dynamic access control model that can be applied to the smart grid environment for secure user services. Access control in the smart grid environment should consider scalability, accessibility for many users, and distinctiveness of two-way communication through a variety of equipment. The existing RBAC model controls access based on many roles in various contexts, so it has been difficult to prevent dynamic access. Therefore, this proposed model provides a dynamic access control for each context-based CAAC model.

3.1. Proposed DACM Structure

The proposed DACM model collects context information in the user authentication phase via the context awareness manager. In each domain, it performs mapping and follows the policy of the relevant DB. In the access right decision phase, it maps each domain, classifies the task, tags the roles, and applies the role in context.

Context information type for dynamic access control in the proposed model is defined as follows. Context information is obtained by the user by scanning for environment information at the time of services access.

Source context data types are listed below:

(i)

Regular_Role_ID,

(ii)

Password,

(iii)

Time_Stamp_Value,

(iv)

Location Type,

(v)

Location Value,

(vi)

Access_Device,

(vii)

Access_Format,

(viii)

Access_Network_type,

(ix)

Task_Attribute.

Figure 4 shows the structure of the proposed dynamic access control model. The model performs access control by real time context information as follows.

Figure 4

Overview of dynamic access control model.

Step 1.

The user attempts access to a certain data entity using an already issued authentication key. For providing dynamic access, Access Ticket is issued with UserID, Session Key for runtime context (RC), and Share Key. Session Key can be created using the user's current runtime context and its mapped information. Share Key is calculated from the user access key value.

Access Ticket = {UserID ∥ Session_Key for RC ∥ Share Key}

Step 2.

The use of public services does not require an access license. For services for which different access license levels have been assigned, the user asks for an access right to the management server and waits for a response.

Step 3.

The system applies the metadata value entered in the basic role to grant a new Role_ID.

Role_ID = {Regular_Role_ID, Time_Stamp_Value, Location Type, Access_Device or Access_Format, Task_Attribute}

Step 4.

The granted Role_ID forms a tuple in which the metadata are stored, and role tagging is carried out.

Step 5.

The tuple relevant to the tag-granted Role_ID satisfies the condition specified in the relevant domain and the user receives the access license. In this case, even for already licensed Role_IDs, the DB domain is decided by a Role_new_ID and regenerated according to the metadata value generated in the access and authorization is checked.

Tuple format is

(i)

Role_ID,

(ii)

Service Name,

(iii)

Data,

(iv)

Access Permission Check Value,

(v)

Rule Domain

3.2. Policy Management for a Secure Client Service

The constraint conditions for the policy management of the proposed model are as follows. The regular ID and the Domian ID of the user are verified, and then the user password is also verified. If the two values are correctly verified, access is granted.

After the access is made, the data necessary for the user's context awareness is scanned. The input values include Time_Stamp_Value, Location Type, Location Value, Access_Device, Access_Format, Access_Network_Type, and Task_Attribute.

First, Time_Stamp_Value checks if the time for the user access is authorized. Regarding the user's Location Type, the user's access network type is checked. Different security levels can be granted by network type. The Access_Device has a limited range of available services according to device, so the access of the services and the results are decided by Access_Format. In addition, the user's basic right regarding the Task_Attribute access services is checked.

Definition of user's context data constraint:

(i)

Role_ID = if (DB_Domain_1 ∥ DB_Domain_2 ∥ DB_Domain_n)

(ii)

Password = if ((Password_input = Trust_Password) = TRUE)

(iii)

Time Constraint = if (Time_Stamp_input > Time $C_{low}$ && Time_Stamp_input < Time $C_{high}$ )

(iv)

Location Type = Switch (case 1 (in HAN), case 2 (in LAN), case 3 (in WAN), etc.)

(v)

Network Type = Switch (case 1 (use Zigbee), case 2 (use WCDMA), case 3 (use WiFi), case 4 (use Wibro), etc.)

(vi)

Access Device = Switch (case 1 (use Remot Contorller), case 2 (use Cellular Phone), case 3 (use Pc & Mobile), etc.)

(vii)

Access Format = if (Type_input = (Type_1 ∥ Type_2 ∥ ⋯ Type_n))

(viii)

Task_Atribute = ServiceRequest_Task_Type (Public ∥ Private ∥ Administrate)

Figure 5 shows the policy management process of the proposed model.

(i)

Sub, Domain: sets subject a and domains.

(ii)

$Rol e_{i}$ , $Permissio n_{i}$ : sets of Role, Permissions, Constraints and Actions in the ith domain for each i member of Domain.

(iii)

$Use r_{i}$ : a function that determines the set of users in the ith domain for each i member of Domain.

(iv)

$RP A_{i}$ : Roles X Permissions, a many-to-many role-to-permission assignment relation.

(v)

$UA C_{i}$ : a function mapping each user in the ith domain to a set of Actions.

(vi)

$AC T_{i}$ : Actions X Roles, a many-to-many Action to permission assignment relation.

Figure 5

Overview of policy for access control model.

4. DACM for a Secure Client Service in the Smart Grid

This section shows how to apply the suggested dynamic access control model to the smart grid environment specifically. The general existing access control model is designed properly for a single system, so some parts must be modified to handle the complexity of the smart grid. A proper access control model for the smart grid should efficiently manage many users, devices, and systems and should be able to conduct subtle control. The DACM flow suggested for the smart grid environment is shown in Figure 6.

Figure 6

A control flow with the proposed DACM in smart grid.

Role A can be defined as the user with upper network access rights in the smart grid environment. If the user requests services remotely to the home or office, the user's access rights change dynamically with context.

If the user requests services, then context information collection can be conducted at the same time as user certification. The user's context information is collected by the context aware manager, and the context information follows the constraint rule of the context aware policy described in Section 3. After that, role tagging is conducted by the policy manager, and the rights for Role A are decided. The mapping of policy DB about Role A is conducted by tagging Role A. Through this process, the relevant defined services and information regarding each role can be accessed in the policy DB.

This results in an increase of the security of services for remote access or control services by the user in the smart grid. In addition, the user with a manager role in a home or enterprise network can provide proper services in a dynamic way by setting the various roles for service access or providing information about a variety of contexts.

When the user requests remote services, the entered metadata value and the user's context data are scanned for services access. The user can access to the data entities in various roles such as a general manager or system control manager in a home network or as a service provider in the smart grid environment. General-share services can be provided through a direct policy repository. When the home network user remotely accesses the smart grid environment by a basic Role ID, the rights policy limits the access to dynamic services according to the access context information.

5. Conclusions

This paper proposes a novel dynamic access control model which provides security-enhanced data access services in the smart grid environment. The proposed model identifies each user's role and current context. The user's context can be mapped to a certain predefined context type of the proposed model, and that context type is associated with an access policy which can control the user's access privilege. The context-aware manager can manage this mapping process, collecting information about the user role, context, and requested service, and mapping the proper context type and access policy to the user. And the policy manager controls the role-tagging process for the user and applies the exact roles to the user finally. Consequently, the proposed access control model can control dynamically the user's data access permissions.

The proposed model applies different access security policies depending on context information even for the same user by judging whether to provide authority management and services dynamically according to the user's context information. This provides security enhancements for overall smart grid services and resource access. Unlike the existing power grids, in the smart grid, various access objects such as users, devices, and systems can access systems along with two-way communication, and, accordingly, issues of access control and relevant security become important.

Recently, various security models have been studied with respect to access control using context awareness, but the various services provided in a smart grid and access control in such an environment still have serious vulnerabilities. In consideration of the lack of studies on smart grid access control, it is expected that the model proposed in this study will be used to solve important access control issues when establishing the smart grid in the future.

Footnotes

Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

Acknowledgment

This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT and Future Planning (no. 2014R1A1A1A05008391).

References

Vaidya

Yeo

S. S.

Choi

D. Y.

Han

Robust and secure routing scheme for wireless multihop network

Personal and Ubiquitous Computing 2009 13 7 457 469

2-s2.0-69949188858

10.1007/s00779-009-0220-0

Shen

Cheng

A semantic-aware context-based access control framework for mobile web Services

Applied Mechanics and Materials 2012 195-196 498 503

2-s2.0-84867242389

10.4028/www.scientific.net/AMM.195-196.498

ben Ayed

Teraoka

Collaborative access control for multi-domain cloud computing

IEICE Transactions on Information and Systems 2012 95 10 2401 2414

2-s2.0-84867208137

10.1587/transinf.E95.D.2401

Yeo

S.-S.

Kang

D.-J.

Park

J. H.

Intelligent decision-making system with green pervasive computing for renewable energy business in electricity markets on smart grid

Eurasip Journal on Wireless Communications and Networking 2009 2009 12

2-s2.0-70349210389

10.1155/2009/247483

247483

NIST Smart Grid Cyber Security Strategy and Requirements, CSCTG (Cyber Security Coordination Task Group), 2009

Cisco White Paper, Security for the Smart Grid, 2009

Cho

D. E.

Koh

B. S.

Yeo

S. S.

Secure D-CAS system for digital contents downloading services

Journal of Supercomputing 2013 64 2 477 491

2-s2.0-81855183435

10.1007/s11227-011-0719-9

Younas

Awan

Mobility management scheme for context-aware transactions in pervasive and mobile cyberspace

IEEE Transactions on Industrial Electronics 2013 60 3 1108 1115

2-s2.0-84868088485

10.1109/TIE.2012.2198032

Tan

Zhong

Chen

Metadata management of context resources in context-aware middleware system

Web Information Systems and Mining 2012 7529

Berlin, Germany

Springer

350 357 Lecture Notes in Computer Science

10.

Zhou

Xiong

Shu

Vasilakos

Yeo

S. S.

Context-aware middleware for multimedia services in heterogeneous networks

IEEE Intelligent Systems 2010 25 2 40 47

2-s2.0-77954803204

10.1109/MIS.2010.48

11.

Tong

Niu

Tang

Zhao

Reasoning-based context-aware workflow management in wireless sensor network

Service-Oriented Computing - ICSOC 2011 Workshops 2012 7221

Berlin, Germany

Springer

270 282 Lecture Notes in Computer Science

2-s2.0-84865517384

10.1007/978-3-642-31875-7_38

12.

Xue

D. J.

Zhang

W. X.

Design and implement of dynamic context-aware monitoring system based on OWL

Advanced Materials Research 2012 532 1022 6680

13.

Netter

Hassan

Pernul

An autonomous social web privacy infrastructure with context-aware access control

Trust, Privacy and Security in Digital Business 2012 7449

Berlin, Germany

Springer

65 78 Lecture Notes in Computer Science

2-s2.0-84866030334

10.1007/978-3-642-32287-7_6

14.

Nakamura

Matsuo

Matsumoto

Supporting end-user development of context-aware services in home network system

Studies in Computational Intelligence 2013 443 159 170

2-s2.0-84867652853

10.1007/978-3-642-32172-6-13

15.

Ferraiolo

D. F.

Cugini

J. A.

Kuhn

D. R.

Role-Based Access Control (RABC): features and motivations

Proceedings of the 11th Annual Computer Security Applications Conferences

1995

241 248

16.

Moyer

M. J.

Ahamad

Generalized role-based access control

Proceedings of the 21st IEEE International Conference on Distributed Computing Systems (ICDCS ′01)

April 2001

391 398

2-s2.0-0035006262

17.

Barkley

Beznosov

Uppal

Supporting relationships in access control using role based access control

Proceedings of the 4th ACM Workshop on Role Based Access Control

1999

55 65

18.

Sandhu

Ferraiolo

Kuhn

NIST model for role-based access control: towards a unified standard

Proceedings of the 5th ACM Workshop on Role-Based Access Control

July 2000

Berlin, Germany

47 63

2-s2.0-0033652039

19.

Ferraiolo

D. F.

Barkley

J. F.

Kuhn

D. R.

A role based access control model and reference implementation within a corporate intranet

ACM Transactions on Information and System Security 1999 2 1 34 64

20.

Sandhu

R. S.

Coyne

E. J.

Feinstein

H. L.

Youman

C. E.

Computer role-based access control models

Computer 1996 29 2 38 47

2-s2.0-0030086382

10.1109/2.485845

21.

Neumann

Strembeck

An approach to engineer and enforce context constraints in an RBAC environment

Proceedings of 8th ACM Symposium on Access Control Models and Technologies (SACMAT ′03)

June 2003

Como, Italy

65 79

2-s2.0-0242625198

22.

Ahang

Parashar

Dynamic context-aware access control for grid application

The 4th International Workshop on Grid computing

2003

101 108

23.

Kim

D. M.

Kim

J. O.

Design of emergency demand response program using analytic hierarchy process

IEEE Transactions on Smart Grid 2012 3 2 635 644

2-s2.0-84861872774

10.1109/TSG.2012.2188653

24.

Weaver

A. C.

A dynamic, context-aware security infrastructure for distributed healthcare applications

Proceedings of the 1st Workshop on Pervasive Privacy Security, Privacy, and Trust

2004

25.

Joshi

J. B. D.

Bertino

Ghafoor

Hybrid role hierarchy for generalized temporal role based access control model

Proceedings of the 26th Annual International Computer Software and Applications Conference

August 2002

951 956

2-s2.0-0036387050

10.1109/CMPSAC.2002.1045128

26.

Joshi

J. B. D.

Bertino

Latif

Ghafoor

A generalized temporal role-based access control model

IEEE Transactions on Knowledge and Data Engineering 2005 17 1 4 23

2-s2.0-17444406680

10.1109/TKDE.2005.1

27.

Dafa-Alla

A. F. A.

Kim

E. H.

Ryu

K. H.

Heo

Y. J.

PRBAC: An extended role based access control for privacy preserving data mining

Proceedings of the 4th Annual ACIS International Conference on Computer and Information Science (ICIS ′05)

July 2006

68 73

2-s2.0-33746771089

10.1109/ICIS.2005.103

28.

Bertino

Lobo

Calo

S. B.

Privacy-aware role-based access control

IEEE Security and Privacy 2009 7 4 35 43

2-s2.0-70349333899

10.1109/MSP.2009.102

29.

Bertino

Catania

Damiani

M. L.

Perlasca

GEO-RBAC: a spatially aware RBAC

Proceedings of 10th ACM Symposium on Access Control Models and Technologies (SACMAT ′05)

June 2005

swe

29 37

2-s2.0-30644474741

10.1145/1063979.1063985

Dynamic Access Control Model for Security Client Services in Smart Grid

Abstract

1. Introduction

2. Related Work

2.1. Role-Based Access Control (RBAC)

2.2. Context Aware Access Control (CAAC)

2.3. Demands for Dynamic Access Controlling

3. Dynamic Access Control Modeling (DACM)

3.1. Proposed DACM Structure

Step 1.

Step 2.

Step 3.

Step 4.

Step 5.

3.2. Policy Management for a Secure Client Service

4. DACM for a Secure Client Service in the Smart Grid

5. Conclusions

Footnotes

Conflict of Interests

Acknowledgment

References