Towards a Lightweight Authentication and Authorization Framework for Smart Objects

The Internet of Things (IoT) represents the current technology revolution that is intended to transform the current environment into a more pervasive and ubiquitous world. In this emerging ecosystem, the application of standard security technologies has to cope with the inherent nature of constrained physical devices, which are seamlessly integrated into the Internet infrastructure. This work proposes a set of lightweight authentication and authorization mechanisms in order to support smart objects during their life cycle. Furthermore, such mechanisms are framed within a proposed security framework, which is compliant with the Architectural Reference Model, recently presented by the EU FP7 IoT-A project. The resulting architecture is intended to provide a holistic security approach to be leveraged in the design of novel and lightweight security protocols for IoT constrained environments.

[1]  Antonio F. Gómez-Skarmeta,et al.  Multiplication and Squaring with Shifting Primes on OpenRISC Processors with Hardware Multiplier , 2013, J. Univers. Comput. Sci..

[2]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[3]  Antonio F. Gómez-Skarmeta,et al.  Glowbal IP: An adaptive and transparent IPv6 integration in the Internet of Things , 2012, Mob. Inf. Syst..

[4]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.

[5]  D. Richard Kuhn,et al.  Role-Based Access Control ( RBAC ) : Features and Motivations , 2014 .

[6]  Antonio F. Gómez-Skarmeta,et al.  Privacy-Preserving Security Framework for a Social-Aware Internet of Things , 2014, UCAmI.

[7]  Mehdi Mani,et al.  ACE use cases , 2014 .

[8]  Hans Schaffers,et al.  Smart Cities and the Future Internet: Towards Cooperation Frameworks for Open Innovation , 2011, Future Internet Assembly.

[9]  David R. Kuhn,et al.  Role-Based Access Control (RBAC): Features and Motivations | NIST , 1995 .

[10]  Antonio F. Gómez-Skarmeta,et al.  Semantic Web of Things: an analysis of the application semantics for the IoT moving towards the IoT convergence , 2014, Int. J. Web Grid Serv..

[11]  Vincent Rijmen,et al.  The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[12]  Alan DeKok Datagram Transport Layer Security (DTLS) as a Transport Layer for RADIUS , 2014, RFC.

[13]  Ricardo Dahab,et al.  NanoECC: Testing the Limits of Elliptic Curve Cryptography in Sensor Networks , 2008, EWSN.

[14]  Ludwig Seitz,et al.  Problem Description for Authorization in Constrained Environments , 2015 .

[15]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[16]  Paul E. Hoffman,et al.  Internet Key Exchange Protocol Version 2 (IKEv2) , 2010, RFC.

[17]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[18]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[19]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[20]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[21]  Antonio F. Gómez-Skarmeta,et al.  IoT6 - Moving to an IPv6-Based Future IoT , 2013, Future Internet Assembly.

[22]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[23]  Peng Ning,et al.  2008 International Conference on Information Processing in Sensor Networks TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks ∗ , 2022 .

[24]  Hannes Tschofenig,et al.  The EAP-PSK Protocol: A Pre-Shared Key Extensible Authentication Protocol (EAP) Method , 2007, RFC.

[25]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[26]  Antonio F. Gómez-Skarmeta,et al.  Lightweight MIPv6 with IPSec support , 2014, Mob. Inf. Syst..

[27]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[28]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[29]  Antonio J. Jara Trust Extension Protocol for Authentication in Networks Oriented to Management (TEPANOM) , 2014, CD-ARES.

[30]  Viktor Mayer-Schnberger,et al.  Big Data: A Revolution That Will Transform How We Live, Work, and Think , 2013 .

[31]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[32]  Óscar García-Morchón,et al.  Securing the IP-based internet of things with HIP and DTLS , 2013, WiSec '13.

[33]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[34]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[35]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[36]  Dan Simon,et al.  The EAP-TLS Authentication Protocol , 2008, RFC.

[37]  Ramjee Prasad,et al.  Identity establishment and capability based access control (IECAC) scheme for Internet of Things , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[38]  Antonio F. Gómez-Skarmeta,et al.  Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier , 2013, Math. Comput. Model..

[39]  Thiemo Voigt,et al.  Lightweight IKEv2: A Key Management Solution for both Compressed IPsec and IEEE 802.15.4 Security , 2012 .

[40]  Jingsha He,et al.  Enabling end-to-end secure communication between wireless sensor networks and the Internet , 2012, World Wide Web.

[41]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[42]  Christoph P. Mayer Electronic Communications of the EASST Volume 17 ( 2009 ) Workshops der Wissenschaftlichen Konferenz Kommunikation in Verteilten Systemen 2009 ( WowKiVS 2009 ) Security and Privacy Challenges in the Internet of Things , 2008 .

[43]  Antonio F. Gómez-Skarmeta,et al.  DCapBAC: embedding authorization logic into smart things through ECC optimizations , 2016, Int. J. Comput. Math..

[44]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[45]  Douglas Crockford,et al.  The application/json Media Type for JavaScript Object Notation (JSON) , 2006, RFC.

[46]  Antonio F. Skarmeta,et al.  A decentralized approach for security and privacy challenges in the Internet of Things , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[47]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[48]  Ru-chuan Wang,et al.  An efficient authentication and access control scheme for perception layer of Internet of Things , 2014 .

[49]  Behcet Sarikaya,et al.  Security Bootstrapping Solution for Resource-Constrained Devices , 2012 .

[50]  Gabriel Montenegro,et al.  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs): Overview, Assumptions, Problem Statement, and Goals , 2007, RFC.

[51]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[52]  Antonio F. Gómez-Skarmeta,et al.  PANATIKI: A Network Access Control Implementation Based on PANA for IoT Devices , 2013, Sensors.

[53]  寺岡 文男,et al.  Protocol for carrying Authentication for Network Access (PANA) を利用したネットワークアクセス認証システムの実装と検証 , 2007 .

[54]  Alessandro Bassi,et al.  Enabling Things to Talk , 2013, Springer Berlin Heidelberg.

[55]  Sanggon Lee,et al.  Security Analysis and Improvements of Authentication and Access Control in the Internet of Things , 2014, Sensors.

[56]  Klaus Wehrle,et al.  Slimfit — A HIP DEX compression layer for the IP-based Internet of Things , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[57]  Euripides G. M. Petrakis,et al.  An architecture for designing Future Internet (FI) applications in sensitive domains: Expressing the software to data paradigm by utilizing hybrid cloud technology , 2013, 13th IEEE International Conference on BioInformatics and BioEngineering.

[58]  Katharine Armstrong,et al.  Big data: a revolution that will transform how we live, work, and think , 2014 .

[59]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[60]  Alexander Gluhak,et al.  The SENSEI Real World Internet Architecture , 2010, Future Internet Assembly.

[61]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.