PLC access control: a security analysis

2016 ◽  
Author(s):  
Haroon Wardak ◽  
Sami Zhioua ◽  
Ahmad Almulhem
Keyword(s):  
Access Control ◽  
Security Analysis

scholarly journals Balancing Access Control and Privacy for Data Deduplication via Functional Encryption

2020 ◽  
Vol 2020 ◽  
pp. 1-11
Author(s):  
Bo Mi ◽  
Ping Long ◽  
Yang Liu ◽  
Fengtian Kuang
Keyword(s):  
Access Control ◽  
Security Analysis ◽  
Functional Encryption ◽  
Data Deduplication ◽  
Paper Briefly ◽  
Storage Security ◽  
Redundancy Removal ◽  
Proof Of Ownership ◽  
Learning With Errors ◽  
And Storage

Data deduplication serves as an effective way to optimize the storage occupation and the bandwidth consumption over clouds. As for the security of deduplication mechanism, users’ privacy and accessibility are of utmost concern since data are outsourced. However, the functionality of redundancy removal and the indistinguishability of deduplication labels are naturally incompatible, which bring about a lot of threats on data security. Besides, the access control of sharing copies may lead to infringement on users’ attributes and cumbersome query overheads. To balance the usability with the confidentiality of deduplication labels and securely realize an elaborate access structure, a novel data deduplication scheme is proposed in this paper. Briefly speaking, we drew support from learning with errors (LWE) to make sure that the deduplication labels are only differentiable during the duplication check process. Instead of authority matching, the proof of ownership (PoW) is then implemented under the paradigm of inner production. Since the deduplication label is light-weighted and the inner production is easy to carry out, our scheme is more efficient in terms of computation and storage. Security analysis also indicated that the deduplication labels are distinguishable only for duplication check, and the probability of falsifying a valid ownership is negligible.

scholarly journals A Role-Based Access Control Model in Modbus SCADA Systems. A Centralized Model Approach

Sensors ◽  
2019 ◽  
Vol 19 (20) ◽  
pp. 4455 ◽  
Author(s):  
Figueroa-Lorenzo ◽  
Añorga ◽  
Arrizabalaga
Keyword(s):  
Performance Analysis ◽  
Access Control ◽  
Control Systems ◽  
Security Analysis ◽  
Control Model ◽  
Transport Layer ◽  
Role Based Access Control ◽  
Access Control Model ◽  
Modbus Protocol ◽  
Role Based

Industrial Control Systems (ICS) and Supervisory Control systems and Data Acquisition (SCADA) networks implement industrial communication protocols to enable their operations. Modbus is an application protocol that allows communication between millions of automation devices. Unfortunately, Modbus lacks basic security mechanisms, and this leads to multiple vulnerabilities, due to both design and implementation. This issue enables certain types of attacks, for example, man in the middle attacks, eavesdropping attacks, and replay attack. The exploitation of such flaws may greatly influence companies and the general population, especially for attacks targeting critical infrastructural assets, such as power plants, water distribution and railway transportation systems. In order to provide security mechanisms to the protocol, the Modbus organization released security specifications, which provide robust protection through the blending of Transport Layer Security (TLS) with the traditional Modbus protocol. TLS will encapsulate Modbus packets to provide both authentication and message-integrity protection. The security features leverage X.509v3 digital certificates for authentication of the server and client. From the security specifications, this study addresses the security problems of the Modbus protocol, proposing a new secure version of a role-based access control model (RBAC), in order to authorize both the client on the server, as well as the Modbus frame. This model is divided into an authorization process via roles, which is inserted as an arbitrary extension in the certificate X.509v3 and the message authorization via unit id, a unique identifier used to authorize the Modbus frame. Our proposal is evaluated through two approaches: A security analysis and a performance analysis. The security analysis involves verifying the protocol's resistance to different types of attacks, as well as that certain pillars of cybersecurity, such as integrity and confidentiality, are not compromised. Finally, our performance analysis involves deploying our design over a testnet built on GNS3. This testnet has been designed based on an industrial security standard, such as IEC-62443, which divides the industrial network into levels. Then both the client and the server are deployed over this network in order to verify the feasibility of the proposal. For this purpose, different latencies measurements in industrial environments are used as a benchmark, which are matched against the latencies in our proposal for different cipher suites.

Dynamic Remote Attestation on CP-ABE Algorithm

2014 ◽  
Vol 696 ◽  
pp. 259-265 ◽  
Author(s):  
Shun Yao Yang
Keyword(s):  
Access Control ◽  
Simulation Experiment ◽  
Security Analysis ◽  
Trust Evaluation ◽  
Remote Attestation ◽  
Trust Value ◽  
Virtual Computing ◽  
Computing Node ◽  
Trust Measure ◽  
Cdh Problem

Current remote attestation schemes in trusted cloud computing lack of dynamic measure scheme of virtual computing nodes. In this paper, by the analysis and comparison of existing remote attestation technology, we propose a trust measure of virtual computing node running state, and a remote attestation scheme based on the trust measure results and CP-ABE attribute access control. By RO security analysis, and a simulation, we verify the security and efficiency of the program. The trust measure of platform running state is mainly based on the trust rating of the programs running on the platform, and a total trust value of the platform by an algorithm. The trust measure of virtual computing node running state is mainly based on the trust measure of the programs running on the platform and CP-ABE attribute access control. The remote attestation for the trust measure of platform running state is based on CDH problem. In this paper, we carry out simulation experiment with different proportions of non-credible nodes and the experiment results verify the trust evaluation efficiency of the scheme on the virtual machine.

scholarly journals Secure Data Access Control with Cipher Text Update and Computation Outsourcing in Fog Computing for Internet of Things

2021 ◽  
Vol 12 (2) ◽  
pp. 1592-1597
Author(s):  
Shaik Jaffer Vali , Et. al.
Keyword(s):  
Access Control ◽  
Fog Computing ◽  
Information Access ◽  
Security Analysis ◽  
Data Access ◽  
The Novel ◽  
Fine Grained ◽  
Cipher Text ◽  
Data Access Control ◽  
Ciphertext Policy

Fog Computing is a region of Computer Science that is under steady construction and development, and related to data security, the worldview turns out to be more solid and secure for IoT's edge stages. The verification of limited memory devices has serious issues since memory utilization is high when applied with different models that have the motivation behind shared confirmation. In this paper, we propose the Novel cipher text-based encryption model (NCEM) which has an information access control plot dependent on Ciphertext-Policy it give information privacy, fine-grained control, and mysterious validation in a multi-authority fog computing framework. The sign cryption and plan cryption overhead for the client is altogether diminished by redistributing the bothersome calculation tasks to fog hubs. The proposed conspire is demonstrated to be secure in the standard model and can give trait repudiation and public unquestionable status. The security analysis, asymptotic multifaceted nature examination, and implementation results demonstrate that our construction can offset the security objectives with useful effectiveness in calculation.

scholarly journals ECC-Based Lightweight Authentication And Access Control Scheme For IoT E-Healthcare

2021 ◽  
Author(s):  
Hailong Yao ◽  
Qiao Yan ◽  
Xingbing Fu ◽  
Zhibin Zhang ◽  
Caihui Lan
Keyword(s):  
Access Control ◽  
Healthcare System ◽  
Secure Communication ◽  
Wireless Body Area Network ◽  
Security Analysis ◽  
Communication Overhead ◽  
Single Server ◽  
Area Network ◽  
Control Scheme ◽  
Multi Server

Abstract The E-healthcare system has a complex architecture, diverse business types, and sensitive data security. To meet the secure communication and access control requirements in the user-medical server, user-patient, patient-medical server and other scenarios in the E-healthcare system, secure and efficient authenticated key agreement and access authorization scheme need to be studied. However, the existing multi-server solutions do not consider the authentication requirements of the Wireless Body Area Network(WBAN), and are not suitable for user-patient, patient-medical server scenarios; most of the existing WBAN authentication scheme are single-server type, which are difficult to meet the requirements of multi-server applications; the study of user-patient real-time scenarios has not received due attention. This work first reveals the structural flaws and security vulnerabilities of the existing typical schemes, and then proposes an authentication and access control architecture suitable for multiple scenarios of the E-healthcare system with separate management and business, and designs a novel ECC-based multi-factor remote authentication and access control scheme for E-healthcare using physically uncloneable function (PUF) and hash. Security analysis and efficiency analysis show that the new scheme has achieved improved functionality and higher security while maintaining low computational and communication overhead.

scholarly journals A Collusion-Resistant Blockchain-Enabled Data Sharing Scheme with Decryption Outsourcing under Time Restriction

2021 ◽  
Vol 2021 ◽  
pp. 1-11
Author(s):  
Xieyang Shen ◽  
Chuanhe Huang ◽  
Xiajiong Shen ◽  
Jiaoli Shi ◽  
Danxin Wang
Keyword(s):  
Access Control ◽  
Data Sharing ◽  
Time Slot ◽  
Security Analysis ◽  
Collusion Resistance ◽  
Time Restrictions ◽  
Control Scheme ◽  
And Performance ◽  
Ciphertext Policy ◽  
Time Restriction

With the ever-increasing demands on decentralization and transparency of cloud storage, CP-ABE (Ciphertext Policy-Attribute-Based Encryption) has become a promising technology for blockchain-enabled data sharing methods due to its flexibility. However, real-world blockchain applications usually have some special requirements like time restrictions or power limitations. Thus, decryption outsourcing is widely used in data sharing scenarios and also causes concerns about data security. In this paper, we proposed a secure access control scheme based on CP-ABE, which could share contents during a particular time slot in blockchain-enabled data sharing systems. Specifically, we bind the time period with both ciphertexts and the keys to archive the goal of only users who have the required attributes in a particular time slot can decrypt the content. Besides, we use time slots as a token to protect the data and access control scheme when users want to outsource the decryption phase. The security analysis shows that our scheme can provide collusion resistance ability under a time restriction, and performance evaluations indicate that our scheme uses less time in decryption compared to other schemes while ensuring security.

Sign in / Sign up

Export Citation Format

Share Document