From Conventional to State-of-the-Art IoT Access Control Models (original) (raw)
Related papers
Access control in internet-of-things: A survey
Journal of Network and Computer Applications
The Internet of Things (IoT) is an emerging technology that is revolutionizing the global economy and society. IoT enables a collaborative environment where different entities-devices, people and applications-exchange information for service provision. Despite the benefits that IoT technology brings to individuals, society and industry, its wide adoption opens new security and privacy challenges. Among them, a vital challenge is the protection of devices and resources produced within IoT ecosystems. This need has attracted growing attention from the research community and industry, and several authorization frameworks have been designed specifically for IoT. In this survey, we investigate the main trends in access control in IoT and perform an extensive analysis of existing authorization frameworks tailored to IoT systems. Driven by the needs of representative IoT applications and key requirements for IoT, we elicit the main requirements that authorization frameworks for IoT should satisfy along with criteria for their assessment. These criteria and requirements form a baseline for our literature study. Based on this study, we identify the main open issues in the field of access control for IoT and draw directions for future research.
Annals of Telecommunications, 2019
The Internet of Things operates in a personal-data-rich sector, which makes security and privacy an increasing concern for consumers. Access control is thus a vital issue to ensure trust in the IoT. Several access-control models are today available, each of them coming with various features, making them more or less suitable for the IoT. This article provides a comprehensive survey of these different models, focused both on access control models (e.g., DAC, MAC, RBAC, ABAC) and on access control architectures and protocols (e.g., SAML and XACML, OAuth 2.0, ACE, UMA, LMW2M, AllJoyn). The suitability of each model or framework for IoT is discussed. In conclusion, we provide future directions for research on access control for the IoT: scalability, heterogeneity, openness and flexibility, identity of objects, personal data handling, dynamic access control policies and usable security. Index Terms-Access Control (AC), Internet of Things (IoT),
A survey on access control in IoT: models, architectures and research opportunities
International Journal of Security and Networks, 2021
The rapid growth of smart devices and sensors industry has revolutionised many fields such as smart cities, healthcare, etc. Nowadays, the internet of things (IoT) interconnects theses devices making them able to exchange data which improves the delivery of various services. Although IoT represents a promising paradigm in almost all fields, the security of users' data is still a significant issue that should be thoroughly addressed. This is mainly required where sensitive information is being used such as in healthcare or military sectors. Access control is a fundamental security mechanism that has to be provided for IoT-based applications in order to limit access to users data to only authorised individuals. However, due to the high mobility and huge number of devices, controlling access is challenging. In particular, using cloud data centres inevitably leads to high delays and network overhead. This research examines the growing literature on access control for IoT with respect to security requirements.
Access control in the Internet of Things: Big challenges and new opportunities
Computer Networks, 2017
In this paper, an extensive state of the art review of different access control solutions in IoT within the Objectives, Models, Architecture and Mechanisms (OM-AM) way is provided. An analysis of the security and privacy requirements for the most dominant IoT application domains, including Personal and home, Government and utilities, and Enterprise and industry, is conducted. The pros and cons of traditional, as well as recent access control models and protocols from an IoT perspective are highlighted. Furthermore, a qualitative and a quantitative evaluation of the most relevant IoT relatedprojects that represent the majority of research and commercial solutions proposed in the field of access control conducted over the recent years (2011-2016) is achieved. Finally, potential challenges and future research directions are defined.
Access Control for the Internet of Things
2016
As we are moving from networked "Things" towards the Internet of Things (IoT), new security requirements arise. Access control in this new environment is a burgeoning and challenging problem. On the one hand, an access control system should be generic enough to cover the requirements of all the new exciting applications that become pervasive with the IoT. On the other hand, an access control system should be lightweight and easily implementable, considering at the same time the restrictions that Things impose. In this paper, we develop an access control system which enables offloading of complex access control decisions to third, trusted parties. Our system provides Thing authentication without public keys and establishes a shared symmetric encryption key that can be used to secure the communication between authorized users and Things. Our design imposes minimal overhead and it is based on a simple communication protocol. The resulting system is secure, enhances end-user privacy and the architecture facilitates the creation of new applications.
Dynamic Access Control Framework for Internet of Things
2019
In the near future, IoT ecosystems will enable billions of smart things to interconnect and communicate information about themselves and their physical environments. The high density of smart things in these environments allows for fine-grained data acquisition, enabling the development of advanced services and new kinds of applications ranging from wearable devices to air conditioners to fully automated cars. However, the dense and pervasive collection, processing and dissemination of data can unleash sensitive information about individuals, raising non-trivial security and privacy concerns. One solution for IoT security and privacy is to restrict access to sensitive data using access control and authorization techniques. Although many basic principles of standard access control models continue to apply, the high dynamic nature of IoT environments, resources limitation of IoT devices and vulnerability to physical and virtual attacks present unique challenges that render existing ac...
Access control in IoT environments: Feasible scenarios
Procedia Computer Science
The Internet of Things (IoT) is the extension of the internet to the physical world where all objects collect information and interact with their environments with no or little human intervention. They collect and transfer sensitive and private data from various users. This puts security and privacy issues at the forefront: the ability to manage the digital identity of millions of people and billions of devices is fundamental for success. As most of the information contained in IoT environment may be personal or sensitive data, there is a requirement to support anonymity and restrain access to information. This article will focus on access control and authentication mechanisms as well as supporting the cryptography algorithms in constrained devices.
Policy-based Access Control for the IoT and Smart Cities
2019
The Internet of Things (IoT) can revolutionize the interaction between users and technology. This interaction generates many sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorized users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.
Sensors (Basel, Switzerland), 2018
Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on mes...
Smart Contract-Based Access Control Framework for Internet of Things Devices
Computers
The Internet of Things (IoT) has recently attracted much interest from researchers due to its diverse IoT applications. However, IoT systems encounter additional security and privacy threats. Developing an efficient IoT system is challenging because of its sophisticated network topology. Effective access control is required to ensure user privacy in the Internet of Things. Traditional access control methods are inappropriate for IoT systems because most conventional access control approaches are designed for centralized systems. This paper proposes a decentralized access control framework based on smart contracts with three parts: initialization, an access control protocol, and an inspection. Smart contracts are used in the proposed framework to store access control policies safely on the blockchain. The framework also penalizes users for attempting unauthorized access to the IoT resources. The smart contract was developed using Remix and deployed on the Ropsten Ethereum testnet. We...