Secure Data-Centric Access Control for Smart Grid Services Based on Publish/Subscribe Systems

Abstract

The communication systems in existing smart grids mainly take the request/reply interaction model, in which data access is under the direct control of data producers. This tightly controlled interaction model is not scalable to support complex interactions among smart grid services. On the contrary, the publish/subscribe system features a loose coupling communication infrastructure and allows indirect, anonymous and multicast interactions among smart grid services. The publish/subscribe system can thus support scalable and flexible collaboration among smart grid services. However, the access is not under the direct control of data producers, it might not be easy to implement an access control scheme for a publish/subscribe system. In this article, we propose a Data-Centric Access Control Framework (DCACF) to support secure access control in a publish/subscribe model. This framework helps to build scalable smart grid services, while keeping features of service interactions and data confidentiality at the same time. The data published in our DCACF is encrypted with a fully homomorphic encryption scheme, which allows in-grid homomorphic aggregation of the encrypted data. The encrypted data is accompanied by bloom-filter encoded control policies and access credentials to enable indirect access control. We have analyzed the correctness and security of our DCACF and evaluated its performance in a distributed environment.