On the Design of a Decentralized and Multiauthority Access Control Scheme in Federated and Cloud-Assisted Cyber-Physical Systems

Abstract

While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and experimentally validates a flexible and effective attribute-based access control framework, properly devised to operate in a federated and cloud-assisted cyber-physical system (CPS). Our main novelty stems in the original way we turn a policy-based encryption scheme, customarily used for accessing data, into a cyber-physical resource access control protocol. The proposed design approach is able to address several security issues characterizing the emerging use cases in this context, including the decoupling between authentication and authorization, fine-grained, offline, and time-limited authorization, protection against collusion attacks, access rights revocation, and user privacy. A security analysis and a performance evaluation executed through experimental tests clearly demonstrate the viability of the proposed approach in realistic cloud-assisted CPSs, as well as its ability to overcome the lacks affecting competitive approaches without introducing huge communication and computational requirements.