Securing Home IoT Environments with Attribute-Based Access Control

Rapid advances in ıotn~ have led to the proliferation of several end-user ıot devices. A modern day home ıot environment now resembles a complete network ecosystem with a variety of devices co-existing and operating concurrently. It is necessary that these devices do not disrupt the operations of other devices, either accidentally or maliciously. Accidental disruptions are usually due to misconfigured devices, which may, for instance, result in a device sending network broadcasts and flooding the network. Malicious disruptions may be caused by devices being compromised by attackers or due to devices purchased from untrusted manufacturers. An intentional disruption can include sending control information to other devices to manipulate their operations, and requesting for sensitive information such as surveillance videos or camera pictures. One way of preventing such disruptions is by enforcing access control on ıot devices. Attribute-Based Access Control is the most appropriate model because of its ability to enforce access control based on the attributes of the devices, users, and environment context. We consider the NIST Next Generation Access Control (NGAC) specification for our ABAC requirements because of several reasons, including its support for adaptive policies, efficiency, and ease of policy management.

[1]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[2]  Raheem A. Beyah,et al.  Who's in Control of Your Control System? Device Fingerprinting for Cyber-Physical Systems , 2016, NDSS.

[3]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[4]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[5]  Lihua Yin,et al.  Attribute-Role-Based Hybrid Access Control in the Internet of Things , 2014, APWeb Workshophs.

[6]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[7]  Rune Hylsberg Jacobsen,et al.  Access Control with RFID in the Internet of Things , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[8]  Raheem Beyah,et al.  GTID: A Technique for Physical Device and Device Type Fingerprinting , 2015, IEEE Transactions on Dependable and Secure Computing.

[9]  Radu State,et al.  Automated Behavioral Fingerprinting , 2009, RAID.

[10]  Neeli R. Prasad,et al.  A fuzzy approach to trust based access control in internet of things , 2013, Wireless VITAE 2013.

[11]  Antonio F. Gómez-Skarmeta,et al.  DCapBAC: embedding authorization logic into smart things through ECC optimizations , 2016, Int. J. Comput. Math..

[12]  Yunpeng Zhang,et al.  Access Control in Internet of Things: A Survey , 2016, ArXiv.

[13]  Kewei Sha,et al.  An Overview of Access Control Mechanisms for Internet of Things , 2017, 2017 26th International Conference on Computer Communication and Networks (ICCCN).

[14]  Vijayalakshmi Atluri,et al.  The Policy Machine: A novel architecture and framework for access control policy specification and enforcement , 2011, J. Syst. Archit..

[15]  David F. Ferraiolo,et al.  Policy Machine: Features, Architecture, and Specification , 2014 .

[16]  Antonio F. Gómez-Skarmeta,et al.  TACIoT: multidimensional trust-aware access control system for the Internet of Things , 2016, Soft Comput..

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control , 1998, Adv. Comput..

[18]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[19]  Ahmad-Reza Sadeghi,et al.  IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT , 2016, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[20]  Ravi S. Sandhu,et al.  An Access Control Framework for Cloud-Enabled Wearable Internet of Things , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).

[21]  David F. Ferraiolo,et al.  Enabling an Enterprise-Wide, Data-Centric Operating Environment , 2013, Computer.

[22]  Ravi S. Sandhu,et al.  Access Control Model for AWS Internet of Things , 2017, NSS.

[23]  Bernhard Schölkopf,et al.  Support Vector Novelty Detection Applied to Jet Engine Vibration Spectra , 2000, NIPS.

[24]  T. Kohno,et al.  Remote physical device fingerprinting , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[25]  Mustaque Ahamad,et al.  Generalized Role-Based Access Control for Securing Future Applications , 2000 .

[26]  Ramaswamy Chandramouli,et al.  A Comparison of Attribute Based Access Control (ABAC) Standards for Data Service Applications , 2015 .

[27]  Ning Zhang,et al.  LACS: A Lightweight Label-Based Access Control Scheme in IoT-Based 5G Caching Context , 2017, IEEE Access.

[28]  Donald F. Towsley,et al.  Estimation and removal of clock skew from network delay measurements , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).