Multi-Domain Access Rights Composition in Federated IoT Platforms

Current activities in the Internet of Things research area are devoting many efforts to the definition of architectures and mechanisms supporting the federation of heterogeneous platforms. In this context, the Multi-Domain Access Rights Composition is emerging as a promising paradigm, enabling the sharing of resources across organizations and boundaries. From the security perspective, the protection of resources against unauthorized accesses becomes even more difficult to accomplish. The work presented herein aims at solve the access control issue through a novel solution based on the Attribute Based Access Control logic. Specifically, the conceived approach leverages the Decentralized Multi-Authority - Ciphertext-Policy - Attribute Based Encryption algorithm, in a way that is completely different with respect to its conventional usage. The resulting protocol offers, at the same time, the following requirements: peer authentication, data confidentiality between communicating peers, advanced access control mechanism based cryptographic algorithms, user privacy, adoption of attributes with limited lifetime, revocation of attributes, and resilience against collusion attack.

[1]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[2]  Giuseppe Piro,et al.  Attribute-Based Access Control Scheme in Federated IoT Platforms , 2016, InterOSS@IoT.

[3]  Xin Wang,et al.  From RBAC to ABAC: Constructing Flexible Data Access Control for Cloud Storage Services , 2015, IEEE Transactions on Services Computing.

[4]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[5]  Allison Bishop,et al.  New Proof Methods for Attribute-Based Encryption: Achieving Full Security through Selective Techniques , 2012, CRYPTO.

[6]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[7]  Liangmin Wang,et al.  Cooperative Query Answer Authentication Scheme Over Anonymous Sensing Data , 2017, IEEE Access.

[8]  Maurizio Giacobbe,et al.  Characterizing Cloud Federation in IoT , 2016, 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[9]  Tooska Dargahi,et al.  WI-FAB: attribute-based WLAN access control, without pre-shared keys and backend infrastructures , 2016, HotPOST '16.

[10]  Maria Ganzha,et al.  Semantic interoperability in the Internet of Things: An overview from the INTER-IoT perspective , 2017, J. Netw. Comput. Appl..

[11]  Divneet Singh Kapoor,et al.  Create Your Own Internet of Things: A survey of IoT platforms. , 2017, IEEE Consumer Electronics Magazine.

[12]  Peter Reichl,et al.  Towards an IoT framework for semantic and organizational interoperability , 2017, 2017 Global Internet of Things Summit (GIoTS).

[13]  Sorin A. Huss,et al.  Attribute-based authorization tickets for Car-to-X communication , 2016, 2016 IEEE Conference on Communications and Network Security (CNS).

[14]  Jian Shen,et al.  FACOR: Flexible access control with outsourceable revocation in mobile clouds , 2016 .

[15]  Zhen Liu,et al.  Time-Domain Attribute-Based Access Control for Cloud-Based Video Content Sharing: A Cryptographic Approach , 2016, IEEE Transactions on Multimedia.

[16]  Giuseppe Piro,et al.  OAuth-IoT: An access control framework for the Internet of Things based on open standards , 2017, 2017 IEEE Symposium on Computers and Communications (ISCC).

[17]  Danh Le Phuoc,et al.  Enabling IoT Ecosystems through Platform Interoperability , 2017, IEEE Software.

[18]  Ivana Podnar Žarko,et al.  Towards the cross-domain interoperability of IoT platforms , 2016, 2016 European Conference on Networks and Communications (EuCNC).

[19]  Pei-Yu Chiang,et al.  Cloud-Based Fine-Grained Health Information Access Control Framework for LightweightIoT Devices with Dynamic Auditing andAttribute Revocation , 2018, IEEE Transactions on Cloud Computing.