Abstract
Authentication, authorization, and digital identity management are core features required by secure digital systems. In this, authorization is a key component for regulating the detailed access credentials with respect to required service resources. Authorization, therefore, plays a significant role in the trust management of autonomous devices and services. Due to the heterogeneous nature of cyber-physical systems and the Internet of Things, several authorization techniques using different access control models, accounts, groups, tokens, and delegations have both strengths and weaknesses. Many studies exist in the literature that focus on other main security requirements, such as authentication, identity management, and confidentiality. However, there is a need for a comprehensive review of different authorization techniques in cyber-physical systems and the Internet of Things. A specific target of this paper is authorization in the cyber-physical system and Internet of Things networks with non-constrained devices in an industrial context with mobility, subcontractors, and autonomous machines that are able to carry out advanced tasks on behalf of others. We study the different authorization techniques using our three-dimensional classification, including access control models, subgranting models, and authorization governance. We focus on the state of the art of authorization subgranting, including delegation techniques by access control/authorization server and self-contained authorization using a new concept of power of attorney. Comparisons are performed with respect to several parameters, such as type of communication, method of authorization, control of expiration, and use of techniques such as public key certificate, encryption techniques, and tokens. The results show the differences and similarities of server-based and power of attorney-based authorization subgranting. The most common standards are also analyzed in light of those classifications.
Highlights
The wider implementation of connected devices yields a significant increase in business revenue
We survey different authorization techniques in cyber physical systems (CPSs) and Internet of Things (IoT) with such non-resource constrained devices based on our three-dimensional classification, including access control models, subgranting models, and authorization governance
We provide a high-level evaluation of access control models, including an analysis of the strengths and weaknesses of different approaches and access management standards based on our three-dimensional classification
Summary
The wider implementation of connected devices yields a significant increase in business revenue. This introduces the need for subgranting systems that are used to grant the power or privileges from the main industry owner to trusted contractors and further on to their trusted IoT and CPS devices to perform tasks on their behalf This area of subgranting techniques poses several challenges and open research questions. D. SCOPE In contrast to the abovementioned surveys, which mainly address CPS and IoT security based on different authentication techniques and access control models, the scope of this paper is primarily authorization. The classes of subgranting models include identity delegation at the authentication level, delegation by access control/authorization server, and self-contained PoA-based authorization. After the discussion of traditional authorization techniques using access control models, section III defines and compares different subgranting models: A) identity delegation at the authentication level, B) delegation by access control/authorization server, and C) PoA-based authorization.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
