Authentication, Authorization and Accounting (AAA)

AAA refers to Authentication, Authorization and Accounting which form a family of proto-cols to mediate the network access. Some examples of protoproto-cols are: Radius or Diameter (Reference).

- Authentication: Process in which an entity proves its identity before others. The authentica-tion is obtained through the exchange of credentials between two parts, such as: passwords, tokens, digital certificate etc.

- Authorization: Concession of rights or restrictions to an entity or user in based on its identity.

There is a huge list of examples: concessions depending on the hour, the role of the user (admin, root etc.), the location, the current system state etc.

- Accounting: Tracking of the resources consumption of each user. This data can be used for the administration, planning, billing, among other purposes.

The AAA protocol can serve as a base for some new concept for smart home systems. In this case, it is used as an extension of the project about the water and energy consumption.

Even this part is still "on-going" for a medium term, the main aspects have been decided.

As in the previous sections is explained, the main principle of the project is to hold each user in a household responsible of its consumption; kids, young, adults, tenant etc. In order to be able to detect who is using a device in each moment and to collect the consumption of each person is required the using of the AAA protocol.

5.2.1 Authorization of the user

The same as all the smart homes environments, there is a gateway or central hub which coordinates all the system and interconnects the total amount of nodes. In this case, as it will be explained in detail in the following chapter, there is a gateway which contains all the information required for the performance of the ecosystem. One of the data stored in this gateway in XML file format, is the information about the users inside the household. Each

5 User-in-the-loop in utility networks 56

user has to be registered when the system is installed in the household with a role selected.

This role says the rights of the user in the whole ecosystem.

Table 5.5: Table of the different user roles.

R - Read information about consumption; W - Create device and users, X - Change permis-sion of other users.

Table5.5 shows the type of users than can be part of the system. The authorization of the user to do something depends on rwx (read, write and execute). Both "root" and "admin"

are able to create users, devices, delete etc., even "Root" is thought for the developers.

The "master" role represents the adult responsible of the system in the household; parents, owner of a flat, direction of a hotel etc. This user is able to change the permission of the other users such as: permission to use the devices in a room, permission to be able to read the consumption etc. "Normal" role, designed for adult user in a household without the responsibility of the bill, tenants, teenager etc. Finally, "Kid" and "Guest" are completely controlled by the "master", their permission in the home are limited. In the case of "Guest", its concessions could depend on the tariff ordered, the rent etc.

5.2.2 Authentication of the user

In order to collect the consumption of each user inside the system, it is necessary an authen-tication of them each time. For instance, an authenauthen-tication in the gateway when the person comes into the house. At this point, there are some ideas that could be implemented for the system access:

5 User-in-the-loop in utility networks 57

Table 5.6: Some authentication ideas for the system.

In this table there are exposed some possible solutions for the authentication of the users in the system. A combination of them could be possible, for instance, using a local password for the authentication in the central gateway once the user enter in the home, and the usage of the RFID login for the identification before using some devices. Even this possible solution, the identification of the users in each device in a more friendly and non-invader way is still an issue in course.

5 User-in-the-loop in utility networks 58

Figure 5.7: Key ring for RFID authentication.

Figure 5.8: RFID Reader for Windows System.

Figure 5.9: RFID module for Arduino.

Figure 5.10: RFID Access control device and tag.

5 User-in-the-loop in utility networks 59

5.2.3 Accounting the user consumption

Once the system has the information about the different users and about who is going to use the devices, it is needed to collect the data about the consumption of each one. In order to get the consumption of one action the following formula has to be calculated, where S(t) represents the supply of water and power used by the device, e(t) is the price variation over the time, both energy and water and t and to, are the time interval in which the action is executed.

Figure 5.11: Cost equation.

The previous formula gives the price of a certain action executed in a period of time. The dynamic price of water or energy is real-time obtained by the gateway. The final value is stored and added to the previous ones of the user. At the end of the month, the amount of water and energy consumed per user is going to be payed.

5 User-in-the-loop in utility networks 60