Prioritized access control enabling weighted, fine-grained protection in cyber-physical systems

Abstract

This article investigates access control in cyber-physical systems, making a decision to permit or deny a user’s request for access operations on a system. Access operations in cyber-physical system result in diverse impacts on human beings and are perceived with different importance. Say, controlling a nuclear plant and reading data from it must be given different priorities. Access requests for these operations must be authorized distinctively with different protection levels, named prioritization issue. Existing solutions, however, do not either satisfy the prioritization requirement efficiently or work well in cyber-physical system environment. To solve the prioritization problem, we propose a new access control mechanism, named multi-factor access control, that employs a multi-factoring technique. In multi-factor access control, a user is granted multiple secret keys (i.e. factors) from independent authorities. When accessing a highly prioritized object, the user must present more than two factors, each of which is issued from different authorities. This decreases the probability that it presents false evidence of qualification, increasing protection level. To demonstrate the feasibility, we implement the proposed scheme and apply it to our smart building testbed. Throughout real-world experiments, we evaluate the performance of computation cost and illustrate automated, prioritized smart building controls.