Access Control for the Internet of Things

As we are moving from networked "Things" towards the Internet of Things (IoT), new security requirements arise. Access control in this new environment is a burgeoning and challenging problem. On the one hand, an access control system should be generic enough to cover the equirements of all the new exciting applications that become pervasive with the IoT. On the other hand, an access control system should be lightweight and easily implementable, considering at the same time the restrictions that Things impose. In this paper, we develop an access control system which enables offloading of complex access control decisions to third, trusted parties. Our system provides Thing authentication without public keys and establishes a shared symmetric encryption key that can be used to secure the communication between authorized users and Things. Our design imposes minimal overhead and it is based on a simple communication protocol. He resulting system is secure, enhances end-user privacy and the architecture facilitates the creation of new applications.

[1]  Stuart Cheshire,et al.  Multicast DNS , 2013, RFC.

[2]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[3]  Jin Tong,et al.  Attributed based access control (ABAC) for Web services , 2005, IEEE International Conference on Web Services (ICWS'05).

[4]  Nikos Fotiou,et al.  Access control delegation for the cloud , 2014, 2014 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[5]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[6]  Thomas C. Schmidt,et al.  RIOT OS: Towards an OS for the Internet of Things , 2013, 2013 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[7]  Hannes Tschofenig,et al.  Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) , 2005, RFC.

[8]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[9]  C. Bormann,et al.  Delegated CoAP Authentication and Authorization Framework (DCAF) , 2015 .

[10]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[11]  Ludwig Seitz,et al.  Authorization framework for the Internet-of-Things , 2013, 2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM).

[12]  Giannis F. Marias,et al.  Access control enforcement delegation for information-centric networking architectures , 2012, CCRV.

[13]  Pai H. Chou,et al.  A Smart Energy System with Distributed Access Control , 2014, 2014 IEEE International Conference on Internet of Things(iThings), and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom).

[14]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[15]  Ramjee Prasad,et al.  Capability-based access control delegation model on the federated IoT network , 2012, The 15th International Symposium on Wireless Personal Multimedia Communications.

[16]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[17]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[18]  Konstantinos Vandikas,et al.  Performance Evaluation of OpenID Connect for an IoT Information Marketplace , 2015, 2015 IEEE 81st Vehicular Technology Conference (VTC Spring).