Trust-ABAC Towards an Access Control System for the Internet of Things

In order to cope with certain challenges posed by device capacity and the nature of IoT networks, a lightweight access control model is needed to resolve security and privacy issues. The use of complex encryption algorithms is infeasible due to the volatile nature of IoT environment and pervasive devices with limited resources. In this paper, we present the Trust-ABAC, an access control model for the Internet of Things, in which a coupling between the access control based on attributes and the trust concept is done. We evaluated the performance of Trust-ABAC through an experiment based on a simulation. We used the OMNeT++ simulator to show the efficiency of our model in terms of power consumption, response time and the average number of messages generated by an access request. The obtained results of simulation prove the good scalability of our Trust-ABAC model.

[1]  Xinyi Huang,et al.  Cryptographic Hierarchical Access Control for Dynamic Structures , 2016, IEEE Transactions on Information Forensics and Security.

[2]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[3]  Hongxin Hu,et al.  Enabling Dynamic Access Control for Controller Applications in Software-Defined Networks , 2016, SACMAT.

[4]  Panagiotis Papadimitratos,et al.  Efficient and robust pseudonymous authentication in VANET , 2007, VANET '07.

[5]  A. Varga,et al.  Using the OMNeT++ discrete event simulation system in education , 1999 .

[6]  Christian Esposito,et al.  Interoperable Access Control by Means of a Semantic Approach , 2016, 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA).

[7]  Jian Zhu,et al.  Trust and privacy in attribute based access control for collaboration environments , 2009, iiWAS.

[8]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[9]  Junshan Li,et al.  A Trust and Context Based Access Control Model for Distributed Systems , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[10]  Antonio F. Skarmeta,et al.  A decentralized approach for security and privacy challenges in the Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[11]  Manoj V. Thomas,et al.  Agent-based approach for distributed access control in cloud environments , 2013, 2013 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[12]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[13]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[14]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[15]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[16]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[17]  Xinyi Huang,et al.  Supporting dynamic updates in storage clouds with the Akl-Taylor scheme , 2017, Information Sciences.

[18]  Ravi S. Sandhu,et al.  Lattice-based access control models , 1993, Computer.

[19]  Tao Yu,et al.  A reputation and trust management broker framework for Web applications , 2005, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service.

[20]  Jerry Hamann,et al.  Using Monte Carlo simulations to introduce tolerance design to undergraduates , 1999 .

[21]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[22]  Bhavani M. Thuraisingham,et al.  Reasoning with semantics-aware access control policies for geospatial web services , 2006, SWS '06.