DCapBAC: embedding authorization logic into smart things through ECC optimizations

In recent years, the increasing development of wireless communication technologies and IPv6 is enabling a seamless integration of smart objects into the Internet infrastructure. This extension of technology to common environments demands greater security restrictions, since any unexpected information leakage or illegitimate access to data could present a high impact in our lives. Additionally, the application of standard security and access control mechanisms to these emerging ecosystems has to face new challenges due to the inherent nature and constraints of devices and networks which make up this novel landscape. While these challenges have been usually addressed by centralized approaches, in this work we present a set of Elliptic Curve Cryptography optimizations for point and field arithmetic which are used in the design and implementation of a security and capability-based access control mechanism (DCapBAC) on smart objects. Our integral solution is based on a lightweight and flexible design that allows this functionality is embedded on resource-constrained devices, providing the advantages of a distributed security approach for Internet of Things (IoT) in terms of scalability, interoperability and end-to-end security. Additionally, our scheme has been successfully validated by using AVISPA tool and implemented on a real scenario over the Jennic/NXP JN5148 chipset based on a 32-bit RISC CPU. The results demonstrate the feasibility of our work and show DCapBAC as a promising approach to be considered as security solution for IoT scenarios.

[1]  Jaehong Park,et al.  Usage Control: A Vision for Next Generation Access Control , 2003, MMM-ACNS.

[2]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[3]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[4]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[5]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[6]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[7]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[8]  Guoping Zhang,et al.  The Research of Access Control Based on UCON in the Internet of Things , 2011, J. Softw..

[9]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[10]  Thiemo Voigt,et al.  INDIGO: Secure CoAP for Smartphones Enabling E2E Secure Communication in the 6IoT , 2013 .

[11]  Antonio F. Gómez-Skarmeta,et al.  The Internet of Everything through IPv6: An Analysis of Challenges, Solutions and Opportunities , 2013, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[12]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[13]  Norman Hardy,et al.  The Confused Deputy: (or why capabilities might have been invented) , 1988, OPSR.

[14]  Antonio F. Gómez-Skarmeta,et al.  Telematic platform for integral management of agricultural/perishable goods in terrestrial logistics , 2012 .

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[16]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[17]  Byungha Choi,et al.  Detection of Insider Attacks to the Web Server , 2012, J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl..

[18]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[19]  Antonio F. Gómez-Skarmeta,et al.  Multiplication and Squaring with Shifting Primes on OpenRISC Processors with Hardware Multiplier , 2013, J. Univers. Comput. Sci..

[20]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[21]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[22]  Gabriel Montenegro,et al.  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals , 2007, RFC.

[23]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[25]  Antonio F. Gómez-Skarmeta,et al.  Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier , 2013, Math. Comput. Model..

[26]  Ramjee Prasad,et al.  Identity driven capability based access control (ICAC) scheme for the Internet of Things , 2012, 2012 IEEE International Conference on Advanced Networks and Telecommunciations Systems (ANTS).

[27]  Ramjee Prasad,et al.  Identity establishment and capability based access control (IECAC) scheme for Internet of Things , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[28]  V. C. Gungor,et al.  Smart Grid and Smart Homes: Key Players and Pilot Projects , 2012, IEEE Industrial Electronics Magazine.

[29]  Neeli R. Prasad,et al.  A fuzzy approach to trust based access control in internet of things , 2013, Wireless VITAE 2013.

[30]  Bhawani Shankar Chowdhry,et al.  Wireless Sensor Networks for Developing Countries , 2013, Communications in Computer and Information Science.

[31]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[32]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[33]  Antonio F. Gómez-Skarmeta,et al.  An internet of things–based personal device for diabetes therapy management in ambient assisted living (AAL) , 2011, Personal and Ubiquitous Computing.

[34]  Jingsha He,et al.  Enabling end-to-end secure communication between wireless sensor networks and the Internet , 2012, World Wide Web.

[35]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[36]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[37]  Antonio F. Gómez-Skarmeta,et al.  Interconnection Framework for mHealth and Remote Monitoring Based on the Internet of Things , 2013, IEEE Journal on Selected Areas in Communications.

[38]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[39]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[40]  Zhuzhong Qian,et al.  ACSP: A Novel Security Protocol against Counting Attack for UHF RFID Systems , 2011, 2011 Fifth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[41]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[42]  Antonio F. Gómez-Skarmeta,et al.  Smart Lighting Solutions for Smart Cities , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[43]  M. Naedele,et al.  An Access Control Protocol for Embedded Devices , 2006, 2006 4th IEEE International Conference on Industrial Informatics.

[44]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[45]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[46]  Sebastian Mödersheim,et al.  The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications , 2005, CAV.

[47]  Jari Arkko,et al.  Media Types for Sensor Markup Language (SenML) , 2012 .

[48]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[49]  Antonio F. Gómez-Skarmeta,et al.  Distributed Capability-based Access Control for the Internet of Things , 2013, J. Internet Serv. Inf. Secur..

[50]  Christoph P. Mayer Electronic Communications of the EASST Volume 17 ( 2009 ) Workshops der Wissenschaftlichen Konferenz Kommunikation in Verteilten Systemen 2009 ( WowKiVS 2009 ) Security and Privacy Challenges in the Internet of Things , 2008 .