XSACd - Cross-domain resource sharing & access control for smart environments

Abstract Computing devices permeate working and living environments, affecting all aspects of modern everyday lives; a trend which is expected to intensify in the coming years. In the residential setting, the enhanced features and services provided by said computing devices constitute what is typically referred to as a “smart home”. However, the direct interaction smart devices often have with the physical world, along with the processing, storage and communication of data pertaining to users’ lives, i.e. private sensitive in nature, bring security concerns into the limelight. The resource-constraints of the platforms being integrated into a smart home environment, and their heterogeneity in hardware, network and overlaying technologies, only exacerbate the above issues. This paper presents XSACd, a cross-domain resource sharing & access control framework for smart environments, combining the well-studied fine-grained access control provided by the eXtensible Access Control Markup Language (XACML) with the benefits of Service Oriented Architectures, through the use of the Devices Profile for Web Services (DPWS). Based on standardized technologies, it enables seamless interactions and fine-grained policy-based management of heterogeneous smart devices, including support for communication between distributed networks, via the associated MQ Telemetry Transport protocol (MQTT)–based proxies. The framework is implemented in full, and its performance is evaluated on a test bed featuring relatively resource-constrained smart platforms and embedded devices, verifying the feasibility of the proposed approach.

[1]  Daniel Díaz-López,et al.  Dynamic counter-measures for risk-based access control systems , 2016 .

[2]  Ioannis G. Askoxylakis,et al.  Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources , 2018, IEEE Systems Journal.

[3]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[5]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[6]  Hong Linh Truong,et al.  MQTT-S — A publish/subscribe protocol for Wireless Sensor Networks , 2008, 2008 3rd International Conference on Communication Systems Software and Middleware and Workshops (COMSWARE '08).

[7]  Christian Werner,et al.  A DPWS-Based Architecture for Medical Device Interoperability , 2009 .

[8]  Charalampos Manifavas,et al.  Secure policy-based management solutions in heterogeneous embedded systems networks , 2012, 2012 International Conference on Telecommunications and Multimedia (TEMU).

[9]  Dugki Min,et al.  iVision based Context-Aware Smart Home system , 2012, The 1st IEEE Global Conference on Consumer Electronics 2012.

[10]  Christos V. Verikoukis,et al.  Intra Smart Grid Management Frameworks for Control and Energy Saving in Buildings , 2015, IDCS.

[11]  Andreas Jacobsson,et al.  A risk analysis of a smart home automation system , 2016, Future Gener. Comput. Syst..

[12]  Tommaso Cucinotta,et al.  A Real-Time Service-Oriented Architecture for Industrial Automation , 2009, IEEE Transactions on Industrial Informatics.

[13]  Phillip Hallam-Baker,et al.  Web services security: soap message security , 2003 .

[14]  Mark O'Neill,et al.  Web Services Security , 2003 .

[15]  Towards the Web of Things: Using DPWS to bridge isolated OSGi platforms , 2010, 2010 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[16]  Hyun-Wook Jin,et al.  Adaptive Periodic Communication over MQTT for Large-Scale Cyber-Physical Systems , 2015, 2015 IEEE 3rd International Conference on Cyber-Physical Systems, Networks, and Applications.

[17]  Sylvain Giroux,et al.  An XACML-based Security Pattern to achieve Socio-Technical Confidentiality in Smart Homes , 2009 .

[18]  Johann Bourcier,et al.  Implementing Home-Control Applications on Service Platform , 2007, 2007 4th IEEE Consumer Communications and Networking Conference.

[19]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[20]  Pethuru Raj,et al.  A Smart Train Using the DPWS-based Sensor Integration , 2013 .

[21]  Wolfgang Granzer,et al.  Privacy enabled web service access control using SAML and XACML for home automation gateways , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[22]  Christos V. Verikoukis,et al.  Security and resilience for smart devices and applications , 2014, EURASIP J. Wirel. Commun. Netw..

[23]  Abdul Rahman Ramli,et al.  A rule-based framework for heterogeneous subsystems management in smart home environment , 2009, IEEE Transactions on Consumer Electronics.

[24]  Ioannis Papaefstathiou,et al.  Embedded Systems Security: A Survey of EU Research Efforts , 2015, Secur. Commun. Networks.

[25]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[26]  Tom Kirkham,et al.  Risk driven Smart Home resource management using cloud services , 2014, Future Gener. Comput. Syst..

[27]  Daniel Mossé,et al.  Seamless Integration of Heterogeneous Devices and Access Control in Smart Homes , 2012, 2012 Eighth International Conference on Intelligent Environments.

[28]  Andy J. Stanford-Clark,et al.  The application of publish/subscribe messaging to environmental, monitoring, and control systems , 2010, IBM J. Res. Dev..

[29]  Georg Carle,et al.  A secure service infrastructure for interconnecting future home networks based on DPWS and XACML , 2010, HomeNets '10.

[30]  Soma Bandyopadhyay,et al.  Lightweight Internet protocols for web enablement of sensors using constrained gateway devices , 2013, 2013 International Conference on Computing, Networking and Communications (ICNC).

[31]  Doo-Kwon Baik,et al.  Home gateway operating model using reference monitor for enhanced user comfort and privacy , 2008, IEEE Transactions on Consumer Electronics.

[32]  Stefan Saroiu,et al.  Home automation in the wild: challenges and opportunities , 2011, CHI.

[33]  A. Sleman,et al.  SOA distributed operating system for managing embedded devices in home and building automation , 2011, IEEE Transactions on Consumer Electronics.

[34]  Duane DeCouteau,et al.  Cross-Enterprise Security and Privacy Authorization (XSPA) Profile of XACML v2.0 for Healthcare Version 1.0 , 2008 .

[35]  Jim Sermersheim,et al.  Lightweight Directory Access Protocol (LDAP): The Protocol , 2006, RFC.

[36]  Christine Verdier,et al.  Enforcing privacy as access control in a pervasive context , 2012, 2012 IEEE Consumer Communications and Networking Conference (CCNC).

[37]  Ioannis Papaefstathiou,et al.  Node.DPWS: Efficient Web Services for the Internet of Things , 2016, IEEE Software.

[38]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[39]  J. Beatty,et al.  Web Services Dynamic Discovery (WS-Discovery) , 2004 .

[40]  Abdul Rahman Ramli,et al.  Interoperability framework for smart home systems , 2011, IEEE Transactions on Consumer Electronics.

[41]  Tim Bray,et al.  The JavaScript Object Notation (JSON) Data Interchange Format , 2014, RFC.