Identifying, authenticating and authorizing smart objects and end users to cloud services in Internet of Things

Abstract Smart objects connected within the Internet of Things (IoT) are often poorly physically protected, low-cost and simple embedded systems connected using Machine to Machine (M2M) and Machine to Cloud (M2C) lightweight communication protocols. These protocols guarantee basic data confidentiality and integrity, securing communication channels using cryptography, but there are still important challenges related to access control in IoT. This work proposes SmartObjectConnect, a new Identity and Access Management mechanism for smart objects based on current Internet federated specifications but adapted, and re-defined in certain aspects, to the specific requirements of this kind of environment. The proposed mechanism allows IoT services deployed locally or in the cloud to identify, to authenticate and to authorize smart objects using HTTP and CoAP. It also allows end users to be identified, authenticated and authorized via these smart objects if possible and/or required. Furthermore, the proposed mechanism is validated and its usability, efficiency and security are evaluated using a real healthcare case study.

[1]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[2]  John C. Mitchell,et al.  A New Access Control Scheme for Protecting Distributed Cloud Services and Resources , 2016, CloudCom 2016.

[3]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[4]  Mari Carmen Domingo,et al.  An overview of the Internet of Things for people with disabilities , 2012, J. Netw. Comput. Appl..

[5]  Antonio Puliafito,et al.  Identity management in IoT Clouds: A FIWARE case of study , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[6]  Sateesh Addepalli,et al.  Fog computing and its role in the internet of things , 2012, MCC '12.

[7]  Klaus Wehrle,et al.  Towards viable certificate-based authentication for the internet of things , 2013, HotWiSec '13.

[8]  Ingo Friese,et al.  Challenges from the Identities of Things: Introduction of the Identities of Things discussion group within Kantara initiative , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[9]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[10]  Marta Beltrán,et al.  Federated system-to-service authentication and authorization combining PUFs and tokens , 2017, 2017 12th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC).

[11]  Shiuh-Pyng Shieh,et al.  Identifying and Authenticating IoT Objects in a Natural Context , 2015, Computer.

[12]  Benjamin Aziz,et al.  Federated Identity and Access Management for the Internet of Things , 2014, 2014 International Workshop on Secure Internet of Things.

[13]  Dipankar Raychaudhuri,et al.  Comparing alternative approaches for networking of named objects in the future Internet , 2012, 2012 Proceedings IEEE INFOCOM Workshops.

[14]  Do van Thuan,et al.  A User Centric Identity Management for Internet of Things , 2014, 2014 International Conference on IT Convergence and Security (ICITCS).

[15]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[16]  Amardeo Sarma,et al.  Identities in the Future Internet of Things , 2009, Wirel. Pers. Commun..

[17]  Michelle S. Wangham,et al.  Identity management in e-Health: A case study of web of things application using OpenID connect , 2014, 2014 IEEE 16th International Conference on e-Health Networking, Applications and Services (Healthcom).

[18]  Ray Denenberg,et al.  Report from the Joint W3C/IETF URI Planning Interest Group: Uniform Resource Identifiers (URIs), URLs, and Uniform Resource Names (URNs): Clarifications and Recommendations , 2002, RFC.

[19]  Anders Fongen,et al.  Identity Management and Integrity Protection in the Internet of Things , 2012, 2012 Third International Conference on Emerging Security Technologies.

[20]  Younchan Jung,et al.  Software-defined Naming, Discovery and Session Control for IoT Devices and Smart Phones in the Constraint Networks , 2017, FNC/MobiSPC.

[21]  Anjali Sardana,et al.  Identity management framework for cloud based internet of things , 2012, SecurIT '12.

[22]  Almudena Alcaide,et al.  Anonymous authentication for privacy-preserving IoT target-driven applications , 2013, Comput. Secur..

[23]  Muhammad Jaseemuddin,et al.  Non-intrusive user identity provisioning in the internet of things , 2014, MobiWac '14.

[24]  Antonio F. Gómez-Skarmeta,et al.  Towards a Lightweight Authentication and Authorization Framework for Smart Objects , 2014 .

[25]  Rongxing Lu,et al.  Authentication and Authorization Scheme for Various User Roles and Devices in Smart Grid , 2016, IEEE Transactions on Information Forensics and Security.

[26]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[27]  Ralf Küsters,et al.  A Comprehensive Formal Security Analysis of OAuth 2.0 , 2016, CCS.