Industrial Control Systems (ICS) and Building Automation and Control Systems (BACS) are being deployed to enable monitoring and control of various intelligent systems like Heating, Ventilation and Air Conditioning (HVAC), safety, access and lighting systems. Each system is an integral part of the ICS and BACS, allowing for optimized industrial operations where devices interact with each other, with users and with other third party systems such as energy management. A key need when interacting is the controlled and trustworthy disclosure of information so that only authenticated and authorized entities can have access and control the resources of a device. However, secure authentication and authorization is not easy due to the combined distributed/centralized operation of ICS and BACS, its large scale deployment, as well as the resource-constrained nature of sensors and actuators. This paper analyzes the security requirements and constraints in ICS/BACS and proposes the Hybrid Access Decision Architecture (HADA) to allow for interoperability between centralized and distributed access control methods. While a central party is in control of policy specification, the system also allows for the deployment of lightweight and compact access control policies to the target devices so that access control decisions can take place in a distributed manner. Our prototype that is based on 6LoWPAN/CoAP IP protocols and binary JSON access control policies shows the feasibility of our approach.
Content
Author and article information
Contributors
Amit Soni
Sye Loong Keoh
Sandeep S. Kumar
Oscar Garcia-Morchon
Conference
Publication date:
September
2013
Publication date
(Print):
September
2013
Pages: 1-11
Affiliations
[1
]Lighting Control Systems Dept., Philips Research, High Tech Campus 34, 5656 AE, Eindhoven,
The Netherlands
[2
]School of Computing Science, University of Glasgow Singapore, 9 Woodlands Avenue 9,
Singapore 738984