User-centric access control for efficient security in smart cities

Access control is a building block for the overall security of any communication system. In the Internet of Things (IoT), delegated authorization mechanisms are necessary to relieve constrained devices from the duty of identity management and access control tasks. Smart cities require new user-centric authorization approaches for IoT devices that preserve user privacy while guaranteeing scalability and efficiency. This paper introduces SMARTIE, an integrating platform for user-centric, secure IoT applications. SMARTIE efficiently provides decentralized access control for IoT devices based on user privacy preferences.

[1]  Alexandros G. Fragkiadakis,et al.  An IoT Middleware for Enhanced Security and Privacy: The RERUM Approach , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[2]  Dawn Song,et al.  Smart Locks: Lessons for Securing Commodity Internet of Things Devices , 2016, AsiaCCS.

[3]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[4]  Alessandro Bassi,et al.  Enabling Things to Talk , 2013, Springer Berlin Heidelberg.

[5]  Jaeho Kim,et al.  OpenIoT: An open service framework for the Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[6]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[7]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[8]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[9]  Antonio F. Gómez-Skarmeta,et al.  Dynamic security credentials PANA-based provisioning for IoT smart objects , 2015, WF-IoT.

[10]  Henrich Christopher Pöhls,et al.  JSON Sensor Signatures (JSS): End-to-End Integrity Protection from Constrained Device to IoT Application , 2015, 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[11]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[12]  Tim Moses,et al.  EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[13]  Teruo Higashino,et al.  Edge-centric Computing: Vision and Challenges , 2015, CCRV.

[14]  Luis Rodero-Merino,et al.  Finding your Way in the Fog: Towards a Comprehensive Definition of Fog Computing , 2014, CCRV.

[15]  Antonio F. Gómez-Skarmeta,et al.  DCapBAC: embedding authorization logic into smart things through ECC optimizations , 2016, Int. J. Comput. Math..