An Access Control Framework for Cloud-Enabled Wearable Internet of Things

Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing sub-field of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems.

[1]  Yu Yang,et al.  Study and application on the architecture and key technologies for IOT , 2011, 2011 International Conference on Multimedia Technology.

[2]  Leilani Battle,et al.  Building the Internet of Things Using RFID: The RFID Ecosystem Experience , 2009, IEEE Internet Computing.

[3]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[4]  Hajar Mousannif,et al.  Access control in the Internet of Things: Big challenges and new opportunities , 2017, Comput. Networks.

[5]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[6]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[7]  Andrea Zanella,et al.  Internet of Things for Smart Cities , 2014, IEEE Internet of Things Journal.

[8]  Ravi S. Sandhu,et al.  Access Control Models for Cloud-Enabled Internet of Things: A Proposed Architecture and Research Agenda , 2016, 2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC).

[9]  Miao Wu,et al.  Research on the architecture of Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[10]  Dieter Hayn,et al.  The Internet of Things for Ambient Assisted Living , 2010, 2010 Seventh International Conference on Information Technology: New Generations.

[11]  Sylvia L. Osborn,et al.  HGABAC: Towards a Formal Model of Hierarchical Attribute-Based Access Control , 2014, FPS.

[12]  Luigi Atzori,et al.  The Virtual Object as a Major Element of the Internet of Things: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[13]  Ravi S. Sandhu,et al.  Access Control Models for Virtual Object Communication in Cloud-Enabled IoT , 2017, 2017 IEEE International Conference on Information Reuse and Integration (IRI).

[14]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[15]  Athanasios V. Vasilakos,et al.  The Quest for Privacy in the Internet of Things , 2016, IEEE Cloud Computing.

[16]  Antonio Pescapè,et al.  Integration of Cloud computing and Internet of Things: A survey , 2016, Future Gener. Comput. Syst..

[17]  Kyung-Sup Kwak,et al.  The Internet of Things for Health Care: A Comprehensive Survey , 2015, IEEE Access.

[18]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[19]  Mahadev Satyanarayanan,et al.  The Emergence of Edge Computing , 2017, Computer.

[20]  Hans Schaffers,et al.  Smart Cities and the Future Internet: Towards Cooperation Frameworks for Open Innovation , 2011, Future Internet Assembly.

[21]  Yuan Cheng,et al.  Relationship-Based Access Control for Online Social Networks: Beyond User-to-User Relationships , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[22]  Klaus Moessner,et al.  Enabling smart cities through a cognitive management framework for the internet of things , 2013, IEEE Communications Magazine.

[23]  Wu He,et al.  Internet of Things in Industries: A Survey , 2014, IEEE Transactions on Industrial Informatics.

[24]  Ravi Sandhu,et al.  The \mathrm GURA_G GURA G Administrative Model for User and Group Attribute Assignment , 2016, NSS.

[25]  George Suciu,et al.  Smart Cities Built on Resilient Cloud Computing and Secure Internet of Things , 2013, 2013 19th International Conference on Control Systems and Computer Science.

[26]  Xin Jin,et al.  A Unified Attribute-Based Access Control Model Covering DAC, MAC and RBAC , 2012, DBSec.

[27]  Geng Yang,et al.  Wearable Internet of Things: Concept, architectural components and promises for person-centered healthcare , 2014 .

[28]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[29]  David F. Ferraiolo,et al.  Guide to Attribute Based Access Control (ABAC) Definition and Considerations , 2014 .

[30]  Pritee Parwekar,et al.  From Internet of Things towards cloud of things , 2011, 2011 2nd International Conference on Computer and Communication Technology (ICCCT-2011).

[31]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[32]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[33]  Ravi S. Sandhu,et al.  Access Control Model for AWS Internet of Things , 2017, NSS.

[34]  B. B. P. Rao,et al.  Cloud computing for Internet of Things & sensing based applications , 2012, 2012 Sixth International Conference on Sensing Technology (ICST).

[35]  V. J. Jincy,et al.  Classification Mechanism for IoT Devices towards Creating a Security Framework , 2014, ISI.

[36]  Smruti R. Sarangi,et al.  Internet of Things: Architectures, Protocols, and Applications , 2017, J. Electr. Comput. Eng..