Survey on Delegated and Self-Contained Authorization Techniques in CPS and IoT

Sreelakshmi Vattaparambil Sudarsan; Olov Schelen; Ulf Bodin

doi:10.1109/ACCESS.2021.3093327

IEEE Access (Jan 2021)

Survey on Delegated and Self-Contained Authorization Techniques in CPS and IoT

Sreelakshmi Vattaparambil Sudarsan,
Olov Schelen,
Ulf Bodin

Affiliations

Sreelakshmi Vattaparambil Sudarsan: ORCiD; EISLAB, Luleå University of Technology, Luleå, Sweden
Olov Schelen: ORCiD; EISLAB, Luleå University of Technology, Luleå, Sweden
Ulf Bodin: ORCiD; EISLAB, Luleå University of Technology, Luleå, Sweden

DOI: https://doi.org/10.1109/ACCESS.2021.3093327
Journal volume & issue: Vol. 9
pp. 98169 – 98184

Abstract

Read online

Authentication, authorization, and digital identity management are core features required by secure digital systems. In this, authorization is a key component for regulating the detailed access credentials with respect to required service resources. Authorization, therefore, plays a significant role in the trust management of autonomous devices and services. Due to the heterogeneous nature of cyber-physical systems and the Internet of Things, several authorization techniques using different access control models, accounts, groups, tokens, and delegations have both strengths and weaknesses. Many studies exist in the literature that focus on other main security requirements, such as authentication, identity management, and confidentiality. However, there is a need for a comprehensive review of different authorization techniques in cyber-physical systems and the Internet of Things. A specific target of this paper is authorization in the cyber-physical system and Internet of Things networks with non-constrained devices in an industrial context with mobility, subcontractors, and autonomous machines that are able to carry out advanced tasks on behalf of others. We study the different authorization techniques using our three-dimensional classification, including access control models, subgranting models, and authorization governance. We focus on the state of the art of authorization subgranting, including delegation techniques by access control/authorization server and self-contained authorization using a new concept of power of attorney. Comparisons are performed with respect to several parameters, such as type of communication, method of authorization, control of expiration, and use of techniques such as public key certificate, encryption techniques, and tokens. The results show the differences and similarities of server-based and power of attorney-based authorization subgranting. The most common standards are also analyzed in light of those classifications.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords