Access Control Enforcement within MQTT-based Internet of Things Ecosystems

Confidentiality and privacy of data managed by IoT ecosystems is becoming a primary concern. This paper targets the design of a general access control enforcement mechanism for MQTT-based IoT ecosystems. The proposed approach is presented with ABAC, but other access control models can be similarly supported. The solution is based on an enforcement monitor that has been designed to operate as a proxy between MQTT clients and an MQTT server. The monitor enforces access control constraints by intercepting and possibly manipulating the flow of exchanged MQTT control packets. Early experimental evaluations have overall shown low enforcement overhead.

[1]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[2]  Lihua Yin,et al.  Attribute-Role-Based Hybrid Access Control in the Internet of Things , 2014, APWeb Workshophs.

[3]  Fabio Martinelli,et al.  Improving MQTT by Inclusion of Usage Control , 2017, SpaCCS.

[4]  Steven T. Walsh,et al.  Internet of Things Technology Diffusion Forecasts , 2017, 2017 Portland International Conference on Management of Engineering and Technology (PICMET).

[5]  Fabio Martinelli,et al.  Introducing Usage Control in MQTT , 2017, CyberICPS/SECPRE@ESORICS.

[6]  Ralph Deters,et al.  Using REST based protocol to enable ABAC within IoT systems , 2016, 2016 IEEE 7th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON).

[7]  Elena Ferrari,et al.  Enhancing MongoDB with Purpose-Based Access Control , 2017, IEEE Transactions on Dependable and Secure Computing.

[8]  Ravi S. Sandhu,et al.  An Access Control Framework for Cloud-Enabled Wearable Internet of Things , 2017, 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC).

[9]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[10]  Fabio Martinelli,et al.  Implementing Usage Control in Internet of Things: A Smart Home Use Case , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[11]  Guoping Zhang,et al.  An extended role based access control model for the Internet of Things , 2010, 2010 International Conference on Information, Networking and Automation (ICINA).

[12]  Jaehong Park,et al.  Formal model and policy specification of usage control , 2005, TSEC.

[13]  Imane Bouij-Pasquier,et al.  Security analysis and proposal of new access control model in the Internet of Thing , 2015, 2015 International Conference on Electrical and Information Technologies (ICEIT).

[14]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[15]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[16]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[17]  Ravi S. Sandhu,et al.  Access Control Models for Cloud-Enabled Internet of Things: A Proposed Architecture and Research Agenda , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[18]  Ram Krishnan,et al.  Integrating Attributes into Role-Based Access Control , 2015, DBSec.

[19]  Ravi S. Sandhu,et al.  Access Control Models for Virtual Object Communication in Cloud-Enabled IoT , 2017, 2017 IEEE International Conference on Information Reuse and Integration (IRI).

[20]  Ravi S. Sandhu,et al.  Access Control Model for AWS Internet of Things , 2017, NSS.

[21]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[22]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[23]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .