Data-Centric Access Control with Confidentiality for Collaborating Smart Grid Services Based on Publish/Subscribe Paradigm

With the smart grid coming near, its information systems become more and more open with services as building blocks. Different smart grid services in different control centers collaborate to realize the real-time control and protection of power systems. The publish/subscribe paradigm makes smart grid service collaborations more real-time and flexible because of the space, time and control decoupling of event producer and consumer, which can be used to establish an appropriate communication infrastructure. Unfortunately, a publish/ subscribe-based smart grid service does not know who consumes its events, and consumers do not know who produces the events either. In this environment, the smart grid service cannot directly control access because of anonymous and indirect service interactions. To address the above issues, this paper at first describes the service communication foundation for smart grid services, and then defines their security model supporting data-centric methodology. Based on such model, underpinning network capabilities can be integrated to help smart grid services control access. The key point in our access control solution is to preserve the service interaction characteristics of the publish/subscribe-based smart grid services: anonymous, multicast and session-control. So two special kinds of event types are used to accomplish authorization request and granting with being consistent with the publish/subscribe paradigm. Attaching policy method is adopted to preserve the anonymity feature for collaborating smart grid services. A delegation scheme for brokers to enforce policies is finally constructed based on attribute-based encryption, which also brings confidentiality for smart grid services.