Understanding Data Usage Control in a Smart City

Smart cities consist of public and private actors that provide various services, such as energy management for public buildings, waste management, public lighting, mobility management, and intelligent parking. Each of these services requires a variety of sensors and actuators.

These sensors continuously collect information about the environment in which they are deployed. The collected data is shared among the actors of the smart cities. The actors of smart cities include institutional actors (such as districts, municipalities), equipment manufacturers, network operators, infrastructure providers, service providers, and end-users. 

In smart cities, we face new and evolving threats in the field of information security. The security concerns in smart cities are critical in the development of a successful and operational smart city. 

The data owners need to define who can use their data and how their data should be consumed. For this, academic researchers are proposing new techniques of enforcing policies on data usage for smart cities. 

Let’s take an example of a use case of smart parking systems. There are several data consumers of this system such as municipal authorities, application developers, and commercial operators. Each of the consumers can request accessing data but at the granularity and scope. So here, a data usage control module is needed to deal with trust and control issues. This module allows data providers to exercise some control over the generated data by their sensors and ensure that the policies put in place by the data producers are respected by data consumers.

Now, it's time to explore usage control for smart cities in detail.

Usage control goes further than access control by regulating the usage of information after initial access was granted.

The UCON data usage model, proposed by Zhang et al. is specifically designed for modern applications and computing environments like smart cities. UCON is different from the traditional models like DAC, MAC, and RBAC as it is flexible to implement different access control scenarios in open environments.

The access permissions to the resources and information are based on mutable attributes. Moreover, the decision factors include authorizations, obligations, and conditions. Therefore, usage control improves the cliché access control models in the following aspects: 

The mutability of attributes; that is, the attributes may change for changing requirements of the computing environment. Access decision continuity.The combination of the functionality of various access control models, trust management, and digital rights management (DRM.). UCON not only just extends authority access rights but also defines how digital data would or would not be used and further distributed.

Hence it is evident that the shift from traditional access control to UCON is especially important for dynamic and open environments such as the Internet, smart grids, cloud, mobile technology, and collaborative computing.

I explored the role of Usage Control in the enhancement of security and privacy in a smart city. A novel privacy and trust-aware usage control model named SmartUCON, incorporating RBAC, DRM, Trust, and an encryption module, is suggested below.

Park and Sandhu introduced UCON as a combination of access control, digital rights management (DRM), and trust management unifying all three areas. The word ‘usage’ depicts the usage of rights on digital objects. The general solutions of access control, trust management, and DRM are concerned with their targeted problems. A unified UCON model is an all-in-one solution for access control, trust, and digital rights. This makes UCON a very suitable option for enhancing the security of smart city architecture. 

There are two types of control domains in UCON:

The server offers a digital object while the client collects and utilizes it. UCON thus provides a hybrid control domain having both CRM and SRM. The Usage Control model consists of a total of six components. Out of these, three are the core traditional components, and the rest of the three are added components.

These added components enhance the authorization process. The core components include Objects, Subjects, and Rights. The added components comprise Authorization Rules, Obligations, and Conditions.

Role-Based Access Control is the most famous access control mechanism due to its applicability and versatility. RBAC is a flexible model that can be represented in diverse ways as compared to classical lattice-based MAC. The idea of RBAC was formed for the environments that had user disparity and had multi-application online systems.

The main concept of role-based access is that the roles are assigned with permissions, and the subjects are assigned to roles. Hence roles can be produced for the different jobs in the organizations. The usage of RBAC in modern computing has a variety of motivations.

Role-based access control deals with the requirements of the organizations, corporate sector, commercial sector, and government jobs. In a smart city scenario, RBAC can play a vital role for various components such as governance, health, finance, etc.

Digital rights management (DRM) can be described as a group of policies and technologies that direct the right usage of digital objects. The data owner is concerned about its content which must be evaluated further in some way. The data owner fulfills the necessary processes and provides the data through control of its digital rights. The end consumer, who is the user of the data, can use data based on digital rights. There is a vital need for digital rights of the content in smart cities.

In highly ubiquitous and pervasive computing environments (such as smart cities) the issue of trust is of utmost importance. In closed computing environments, the traditional physical methods utilize system-based controls to verify the identity of a person or process. However, these methodologies are insufficient for open computing environments such as smart cities and IoT frameworks.

The reason is that they create trust issues in the stakeholders and data owners as traditional systems are deficient in central control. The main components of UCON that represent obligations and conditions can cater to the trust issues in the smart city. If the stakeholders see that the data usage is restricted to keeping their privacy intact in a highly ubiquitous computing environment, their trust issues can be solved.

In the proposed usage control model, I am incorporating three modules: RBAC, DRM, and Trust. To enhance trust and deal with the privacy issues, I have suggested including an encryption module in the access control mechanism so even the system administrator and cloud server remains unaware that which subject is assigned to which role. The main components of the proposed model are described as follows:

Subjects: The Subject of SmartUCON in a smart city mainly comprises two main types: Data owner (DON) and Data Consumers (DC). Such as the doctor (in the smart health component) or application devices (such as cars in the smart mobility component). DC is the one who requires practicing the digital rights to access the data objects. DON is the one who provides a data object and curtails rights on it.

Data Objects: The Data Objects (DO) are a set of information holding entities that the data owner has rights on. On the other hand, the DC subjects can have the authorization to access objects with controlled usage in our proposed SmartUCON. In SmartUCON, data objects are mostly privacy-sensitive for critical infrastructure such as in the case of smart health components (where data owners are humans). But there might also be privacy non-sensitive data such as that of smart environment data received from sensors.

The privacy-sensitive DO have personal identity information of the data owner that may cause privacy and trust issues in data usage in smart cities. Therefore, in this proposed model, it is implied that the data owners themselves control data usage, defining Conditions to enhance privacy.

Roles: In the proposed SmartUCON, the role-based access control should be a part of access and usage control for smart cities components. Most of the critical components of a smart city are organizational based such as health, education, governance, etc. The utility and usability of RBAC in such scenarios cannot be undermined. Hence, it is proposed that Subjects should be assigned to roles with certain Permissions to access and certain Attributes, Conditions, and Obligations for privacy-aware data usage.

Attributes: In SmartUCON, there are two main types of Attributes: Role Attributes and Data Object Attributes (DOA). The DOA comprises properties that can be utilized for access decisions. The examples of DOA may include the trust value of the devices and confidentiality of data objects.

The Role attributes can either be mutable attributes or immutable attributes. Examples of the role attributes include memberships, or security clearance, etc. Attribute mutability is a significant feature of usage control that makes it more suitable for smart city scenarios. A mutable attribute can be changed after the data consumer's access to data objects.

Obligations: There are two main Obligation types in the smart city. Actions, that need to be performed before the data usage and Restrictions that need to be catered for using the data objects. The Obligations are based on the requirements of the data owners. It is to be noted that the obligations are fulfilled both before and during the data in the usage control in the smart city. Obligations play a key role in efficient digital rights management in a smart city.

Conditions: The condition in SmartUCON are the constraints relevant to the requirements set by data owners for the data objects. These include confidentiality, locality, abstraction, and timestamp. The conditions help in evaluating the constraints for data usage to enhance the trust of data owners. The role attributes and DO attributes should be utilized for the selection of condition requirements. It is an important factor that conditions are not mutable.

Rights: In SmartUCON, Rights are the privileges that roles can hold and practice a data object. The rights contain a set of usage functions that provide access to data objects.

Two main types of Rights are introduced:

Authorizations: In SmartUCON, Authorizations are the predicates that need to be evaluated for the usage decision of the data object. The authorizations consider the role attributes and object attributes for decision making.

Data usage control can limit insider threats' access. It will help to enable trustable and secure smart cities. In the next article, I'll explain the practical application of usage control in smart health. Stay tuned!