Access control in Internet-of-Things: A survey

Abstract The Internet of Things (IoT) is an emerging technology that is revolutionizing the global economy and society. IoT enables a collaborative environment where different entities – devices, people and applications – exchange information for service provision. Despite the benefits that IoT technology brings to individuals, society and industry, its wide adoption opens new security and privacy challenges. Among them, a vital challenge is the protection of devices and resources produced within IoT ecosystems. This need has attracted growing attention from the research community and industry, and several authorization frameworks have been designed specifically for IoT. In this survey, we investigate the main trends in access control in IoT and perform an extensive analysis of existing authorization frameworks tailored to IoT systems. Driven by the needs of representative IoT applications and key requirements for IoT, we elicit the main requirements that authorization frameworks for IoT should satisfy along with criteria for their assessment. These criteria and requirements form a baseline for our literature study. Based on this study, we identify the main open issues in the field of access control for IoT and draw directions for future research.

[1]  Trung Q. Duong,et al.  A conceptual framework for an IoT-based health assistant and its authorization model , 2018, 2018 IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC).

[2]  Albert G. Greenberg,et al.  Ananta: cloud scale load balancing , 2013, SIGCOMM.

[3]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[4]  Geoffrey Fox,et al.  Architecture and measured characteristics of a cloud based internet of things , 2012, 2012 International Conference on Collaboration Technologies and Systems (CTS).

[5]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[6]  Anas Abou El Kalam,et al.  FairAccess: a new Blockchain-based access control framework for the Internet of Things , 2016, Secur. Commun. Networks.

[7]  Smruti R. Sarangi,et al.  Internet of Things: Architectures, Protocols, and Applications , 2017, J. Electr. Comput. Eng..

[8]  Guoping Zhang,et al.  The Research of Access Control Based on UCON in the Internet of Things , 2011, J. Softw..

[9]  Aaron Elliott,et al.  Role Explosion: Acknowledging the Problem , 2010, Software Engineering Research and Practice.

[10]  Dimitris Gritzalis,et al.  Access Control Issues in Utilizing Fog Computing for Transport Infrastructure , 2015, CRITIS.

[11]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[12]  Peter Saint-Andre,et al.  Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence , 2004, RFC.

[13]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[14]  Maryline Laurent-Maknavicius,et al.  Survey on secure communication protocols for the Internet of Things , 2015, Ad Hoc Networks.

[15]  Ricardo Neisse,et al.  Enforcement of security policy rules for the Internet of Things , 2014, 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[16]  Klaus Wehrle,et al.  Modular context-aware access control for medical sensor networks , 2010, SACMAT '10.

[17]  Siobhán Clarke,et al.  Middleware for Internet of Things: A Survey , 2016, IEEE Internet of Things Journal.

[18]  Yunpeng Zhang,et al.  Access Control in Internet of Things: A Survey , 2016, ArXiv.

[19]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[20]  Qi Alfred Chen,et al.  ContexloT: Towards Providing Contextual Integrity to Appified IoT Platforms , 2017, NDSS.

[21]  Emmanuel Bertin,et al.  A Community-Driven Access Control Approach in Distributed IoT Environments , 2017, IEEE Communications Magazine.

[22]  Eui-Nam Huh,et al.  Cloud of Things: Integrating Internet of Things and cloud computing and the issues involved , 2014, Proceedings of 2014 11th International Bhurban Conference on Applied Sciences & Technology (IBCAST) Islamabad, Pakistan, 14th - 18th January, 2014.

[23]  Gonzalo Mateos,et al.  Health Monitoring and Management Using Internet-of-Things (IoT) Sensing with Cloud-Based Processing: Opportunities and Challenges , 2015, 2015 IEEE International Conference on Services Computing.

[24]  Shusen Yang,et al.  A survey on the ietf protocol suite for the internet of things: standards, challenges, and opportunities , 2013, IEEE Wireless Communications.

[25]  Indrakshi Ray,et al.  Using Attribute-Based Access Control for Remote Healthcare Monitoring , 2017, 2017 Fourth International Conference on Software Defined Systems (SDS).

[26]  Guoping Zhang,et al.  An extended role based access control model for the Internet of Things , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[27]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[28]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[29]  R. Sandhu,et al.  The UCON ABC Usage Control Model JAEHONG , 2004 .

[30]  Neeli R. Prasad,et al.  A fuzzy approach to trust based access control in internet of things , 2013, Wireless VITAE 2013.

[31]  James Newsome,et al.  Challenges in Access Right Assignment for Secure Home Networks , 2010, HotSec.

[32]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[33]  Y. Srinivas Towards the Implementation of IoT for Environmental Condition Monitoring in Homes , 2014 .

[34]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[35]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[36]  Abdellah Ait Ouahman,et al.  Towards a Novel Privacy-Preserving Access Control Model Based on Blockchain Technology in IoT , 2017 .

[37]  Lujo Bauer,et al.  Access Control for Home Data Sharing: Attitudes, Needs and Practices , 2010, CHI.

[38]  Tahir Ahmad,et al.  A Lazy Approach to Access Control as a Service (ACaaS) for IoT: An AWS Case Study , 2018, SACMAT.

[39]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[40]  M. Darianian,et al.  Smart Home Mobile RFID-Based Internet-of-Things Systems and Services , 2008, 2008 International Conference on Advanced Computer Theory and Engineering.

[41]  Salil S. Kanhere,et al.  Blockchain in internet of things: Challenges and Solutions , 2016, ArXiv.

[42]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[43]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[44]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[45]  Josef Noll,et al.  Interoperability of Security-Enabled Internet of Things , 2011, Wirel. Pers. Commun..

[46]  Vitaly Shmatikov,et al.  Situational Access Control in the Internet of Things , 2018, CCS.

[47]  Jiwon Choi,et al.  FACT: Functionality-centric Access Control System for IoT Programming Frameworks , 2017, SACMAT.

[48]  Blase Ur,et al.  Rethinking Access Control and Authentication for the Home Internet of Things (IoT) , 2018, USENIX Security Symposium.

[49]  Peter Friess,et al.  Internet of Things Strategic Research Roadmap , 2011 .

[50]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[51]  Marco Picone,et al.  Effective authorization for the Web of Things , 2015, 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT).

[52]  Yacine Atif,et al.  Securing the Web of Things with Role-Based Access Control , 2015, C2SI.

[53]  Frank Eliassen,et al.  Adaptable service composition for very-large-scale Internet of Things systems , 2011 .

[54]  Anas Abou El Kalam,et al.  SmartOrBAC security and privacy in the Internet of Things , 2015, 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA).

[55]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[56]  Daniel Mossé,et al.  Seamless Integration of Heterogeneous Devices and Access Control in Smart Homes , 2012, 2012 Eighth International Conference on Intelligent Environments.

[57]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[58]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[59]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[60]  Earlence Fernandes,et al.  Security Analysis of Emerging Smart Home Applications , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[61]  Benjamin Aziz,et al.  Federated Identity and Access Management for the Internet of Things , 2014, 2014 International Workshop on Secure Internet of Things.

[62]  Chung-Horng Lung,et al.  Internet of Things: Remote Patient Monitoring Using Web Services and Cloud Computing , 2014, 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom).

[63]  Álvaro Alonso,et al.  A model to enable application-scoped access control as a service for IoT using OAuth 2.0 , 2017, 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN).

[64]  B Aishwarya,et al.  Security and Privacy Challenges in Internet of Things , 2018, 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI).

[65]  Ravi S. Sandhu,et al.  Access Control Models for Cloud-Enabled Internet of Things: A Proposed Architecture and Research Agenda , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[66]  Alvaro A. Cárdenas,et al.  Semantic middleware for the Internet of Things , 2010, 2010 Internet of Things (IOT).

[67]  Ramaswamy Chandramouli,et al.  Extensible Access Control Markup Language (XACML) and Next Generation Access Control (NGAC) , 2016, ABAC '16.

[68]  Imran A. Zualkernan,et al.  Internet of things (IoT) security: Current status, challenges and prospective measures , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[69]  Yuan Tian,et al.  SmartAuth: User-Centered Authorization for the Internet of Things , 2017, USENIX Security Symposium.

[70]  Cheng Cheng,et al.  Access Control Method for Web of Things Based on Role and SNS , 2012, 2012 IEEE 12th International Conference on Computer and Information Technology.

[71]  James Newsome,et al.  Access right assignment mechanisms for secure home networks , 2011, Journal of Communications and Networks.

[72]  Patrick D. McDaniel,et al.  Sensitive Information Tracking in Commodity IoT , 2018, USENIX Security Symposium.

[73]  Anas Abou El Kalam,et al.  A Security Framework for Internet of Things , 2015, CANS.

[74]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[75]  Andrea Zanella,et al.  Internet of Things for Smart Cities , 2014, IEEE Internet of Things Journal.

[76]  Imed Romdhani,et al.  Architecting the Internet of Things: State of the Art , 2016 .

[77]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[78]  Teruo Higashino,et al.  Edge-centric Computing: Vision and Challenges , 2015, CCRV.

[79]  Ravi S. Sandhu,et al.  Access Control Models for Virtual Object Communication in Cloud-Enabled IoT , 2017, 2017 IEEE International Conference on Information Reuse and Integration (IRI).

[80]  Joaquín B. Ordieres Meré,et al.  Smart factories in Industry 4.0: A review of the concept and of energy management approached in production based on the Internet of Things paradigm , 2014, 2014 IEEE International Conference on Industrial Engineering and Engineering Management.

[81]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[82]  Giuseppe Piro,et al.  Multi-Domain Access Rights Composition in Federated IoT Platforms , 2018, EWSN.

[83]  André Ricardo Abed Grégio,et al.  ControlChain: Blockchain as a Central Enabler for Access Control Authorizations in the IoT , 2017, GLOBECOM 2017 - 2017 IEEE Global Communications Conference.

[84]  Ivan Stojmenovic,et al.  The Fog computing paradigm: Scenarios and security issues , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[85]  Sherali Zeadally,et al.  Integration challenges of intelligent transportation systems with connected vehicle, cloud computing, and internet of things technologies , 2015, IEEE Wireless Communications.

[86]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[87]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[88]  Jörg Daubert,et al.  On the Security and Privacy of Internet of Things Architectures and Systems , 2015, 2015 International Workshop on Secure Internet of Things (SIoT).

[89]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[90]  Shuang-Hua Yang,et al.  How the internet of things technology enhances emergency response operations , 2013 .

[91]  Miao Wu,et al.  Research on the architecture of Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[92]  Jon Postel,et al.  User Datagram Protocol , 1980, RFC.

[93]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[94]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[95]  Ivan Marsá-Maestre,et al.  Applying an Unified Access Control for IoT-based Intelligent Agent Systems , 2015, 2015 IEEE 8th International Conference on Service-Oriented Computing and Applications (SOCA).

[96]  Sandro Etalle,et al.  A Semantic Security Framework for Systems of Systems , 2013, Int. J. Cooperative Inf. Syst..