Feasibility Assessment of a Fine-Grained Access Control Model on Resource Constrained Sensors (original) (raw)
Related papers
Impact assessment of policy expressiveness of an optimized access control model for smart sensors
IET Information Security
In the incoming internet of things (IoT) applications, smart sensors expose services to interact with them, to be parameterised, managed and maintained. Therefore, fine-grained end-to-end access control enforcement is mandatory to tackle the derived security requirements. However, it is still not feasible in very constrained devices. There is an innovative access control model that conveys an expressive policy language and an optimised codification for tight and flexible access control enforcement in very constrained devices. Such tightness enabled by the expressiveness of the policy language leads to detailed policy instances that might impact on the performance and therefore, in the feasibility and further applicability. In this context, this study assesses how the policy length impacts the performance of the establishment of a security association through the protocol named Hidra proposed by such an adapted access control model. Consequently, the notable results of the performance evaluation prove the feasibility and adequacy of this access control model for the new smart IoT scenarios.
Expressive policy based access control for resource-constrained devices
IEEE Access
Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behaviour or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic finegrained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.
Expressive policy based authorization model for resource-constrained device sensors
2018
Upcoming smart scenarios enabled by the Internet of Things (IoT) envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multistakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Given that, strong security in general and access control in particular is a must.However, tightness, feasibility and usability of existing access control models do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In fact, (1) traditional access control solutions are not feasible in all constrained devices due their big impact on the performance although they provide the highest effectiveness by means of tightness and flexibility. (2) Recent ac...
Fine-grained Access Control Framework for Igor, a Unified Access Solution to The Internet of Things
Procedia Computer Science, 2018
With the growing popularity of the Internet of Things (IoT), devices in households and offices are becoming information sharing "smart" devices controlled via network connections. The growth of collection, handling and distribution of data generated by IoT devices presents ethical and privacy issues. Users have no control over what information is kept or revealed, the interpretation of data collected, data ownership and who can access specific information generated by their IoT devices. This paper describes an approach to data ethical/privacy issues related to IoT using a fine-grained access-control framework on Igor, a centralized home and office automation solution. We designed a capability-based access control framework on top of Igor that allows agents, either human or machine, to access and change only the data to which they are authorised. The applicability of this to the European General Data Protection Regulation (GDPR) should be obvious. The implementation, expert evaluation and performance measurement results demonstrate that this is a promising solution for securing access to data generated by IoT devices.
Access Control for the Internet of Things
2016
As we are moving from networked "Things" towards the Internet of Things (IoT), new security requirements arise. Access control in this new environment is a burgeoning and challenging problem. On the one hand, an access control system should be generic enough to cover the requirements of all the new exciting applications that become pervasive with the IoT. On the other hand, an access control system should be lightweight and easily implementable, considering at the same time the restrictions that Things impose. In this paper, we develop an access control system which enables offloading of complex access control decisions to third, trusted parties. Our system provides Thing authentication without public keys and establishes a shared symmetric encryption key that can be used to secure the communication between authorized users and Things. Our design imposes minimal overhead and it is based on a simple communication protocol. The resulting system is secure, enhances end-user privacy and the architecture facilitates the creation of new applications.
Dynamic Access Control Framework for Internet of Things
2019
In the near future, IoT ecosystems will enable billions of smart things to interconnect and communicate information about themselves and their physical environments. The high density of smart things in these environments allows for fine-grained data acquisition, enabling the development of advanced services and new kinds of applications ranging from wearable devices to air conditioners to fully automated cars. However, the dense and pervasive collection, processing and dissemination of data can unleash sensitive information about individuals, raising non-trivial security and privacy concerns. One solution for IoT security and privacy is to restrict access to sensitive data using access control and authorization techniques. Although many basic principles of standard access control models continue to apply, the high dynamic nature of IoT environments, resources limitation of IoT devices and vulnerability to physical and virtual attacks present unique challenges that render existing ac...
Authorization framework for the Internet-of-Things
2013 IEEE 14th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM), 2013
This paper describes a framework that allows finegrained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework.
Policy-based Access Control for the IoT and Smart Cities
2019
The Internet of Things (IoT) can revolutionize the interaction between users and technology. This interaction generates many sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorized users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.
Access control in internet-of-things: A survey
Journal of Network and Computer Applications
The Internet of Things (IoT) is an emerging technology that is revolutionizing the global economy and society. IoT enables a collaborative environment where different entities-devices, people and applications-exchange information for service provision. Despite the benefits that IoT technology brings to individuals, society and industry, its wide adoption opens new security and privacy challenges. Among them, a vital challenge is the protection of devices and resources produced within IoT ecosystems. This need has attracted growing attention from the research community and industry, and several authorization frameworks have been designed specifically for IoT. In this survey, we investigate the main trends in access control in IoT and perform an extensive analysis of existing authorization frameworks tailored to IoT systems. Driven by the needs of representative IoT applications and key requirements for IoT, we elicit the main requirements that authorization frameworks for IoT should satisfy along with criteria for their assessment. These criteria and requirements form a baseline for our literature study. Based on this study, we identify the main open issues in the field of access control for IoT and draw directions for future research.
Annals of Telecommunications, 2019
The Internet of Things operates in a personal-data-rich sector, which makes security and privacy an increasing concern for consumers. Access control is thus a vital issue to ensure trust in the IoT. Several access-control models are today available, each of them coming with various features, making them more or less suitable for the IoT. This article provides a comprehensive survey of these different models, focused both on access control models (e.g., DAC, MAC, RBAC, ABAC) and on access control architectures and protocols (e.g., SAML and XACML, OAuth 2.0, ACE, UMA, LMW2M, AllJoyn). The suitability of each model or framework for IoT is discussed. In conclusion, we provide future directions for research on access control for the IoT: scalability, heterogeneity, openness and flexibility, identity of objects, personal data handling, dynamic access control policies and usable security. Index Terms-Access Control (AC), Internet of Things (IoT),