Distributed Capability-based Access Control for the Internet of Things

The evolution of the Internet towards the Internet of Things is being deployed in emerging cyberphysical systems such as access control solutions, alert networks, building automation, and the extension of all these systems into Smarter Cities. This extension and proliferation of the technology in our lives is also presenting security challenges, since the unexpected leaks of information, and illegitimate access to data and physical systems could present a high impact in our lives. This work proposes a cryptographic solution against insider threats through a distributed capability-based access control. This access control solution supports the management of certificates, authentication, and authorization processes. The capability-based approach offers benefits in terms of distributed management, support for delegation, traceability of the access, authentication chains to extend scalability and support of standard certificates based on Elliptic Curve Cryptography (ECC). Specifically, it has been designed a capability token for CoAP Resources, which is signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) in order to ensure end-to-end authentication, integrity and non-repudiation. This distributed solution allows the deployment of scenarios without the intervention of any intermediate entity, a distributed scenario with end-to-end access control validation has been implemented, deployed, and evaluated based on the Jennic/NXP JN5139 module. The results obtained through our experiments demonstrate the feasibility of the proposed approach, in numbers, this has required an average of 480 ms to carry out all the validation process (included signature validation in the smart objects).

[1]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[2]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[3]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[4]  Antonio F. Gómez-Skarmeta,et al.  Smart Lighting Solutions for Smart Cities , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[5]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[6]  Antonio F. Gómez-Skarmeta,et al.  An internet of things–based personal device for diabetes therapy management in ambient assisted living (AAL) , 2011, Personal and Ubiquitous Computing.

[7]  Michael B. Jones,et al.  JSON Web Token (JWT) , 2015, RFC.

[8]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[9]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[10]  Jeroen Hoebeke,et al.  Conditional observe in CoAP , 2014 .

[11]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[12]  Ala Sungoor,et al.  Internet of Things for m-health applications , 2010 .

[13]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[14]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[15]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[16]  V. C. Gungor,et al.  Smart Grid and Smart Homes: Key Players and Pilot Projects , 2012, IEEE Industrial Electronics Magazine.

[17]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[18]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[19]  Guoping Zhang,et al.  The Research of Access Control Based on UCON in the Internet of Things , 2011, J. Softw..

[20]  Jari Arkko,et al.  Media Types for Sensor Markup Language (SenML) , 2012 .

[21]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[22]  Jeff Hodges,et al.  Assertions and Protocol for the OASIS Security Assertion Markup Language (SAML) V2. 0 , 2001 .

[23]  John Hughes,et al.  Security Assertion Markup Language (SAML) 2.0 Technical Overview , 2004 .

[24]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[25]  Antonio F. Gómez-Skarmeta,et al.  Telematic platform for integral management of agricultural/perishable goods in terrestrial logistics , 2012 .

[26]  Ramjee Prasad,et al.  Identity establishment and capability based access control (IECAC) scheme for Internet of Things , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.