A Community-Driven Access Control Approach in Distributed IoT Environments

This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

show abstract

“…19: Push msb into the misbehavior list of resource. 20 implementation of the ACC, please refer to [39].…”

Section: B Implementationmentioning

confidence: 99%

Smart Contract-Based Access Control for the Internet of Things

Zhang

Kasahara

Shen

et al. 2019

IEEE Internet Things J.

574

323

View full text Add to dashboard Cite

show abstract

“…However, a fully decentralized solution is not practical for devices with restricted processing capabilities, as in some IoT devices. A community model for heterogeneous intelligent objects is proposed in Hussein et al, where more capable objects perform access control for those with less resources. However, the work assumes that the user or application will be identified by a device storing tokens, and this will not always be true in IoT.…”

Section: Related Workmentioning

confidence: 99%

“…Several works have sought to securely manage devices and applications in IoT . An important part of this management is the access control of multiple users to the various resources of an environment .…”

Section: Introductionmentioning

confidence: 99%

CASA‐IoT: Scalable and context‐aware IoT access control supporting multiple users

et al. 2019

View full text Add to dashboard Cite

Summary The Internet of Things (IoT) supports many users and context‐aware applications controlling heterogeneous IoT devices. This differs from traditional networks, in which a single entity manages each device. Thus, new access control models must be created in order to support more responsive, scalable, secure, and autonomous management. This article presents an attribute‐based access control model, which applies conflict resolution and access delegation in a multiuser and multiapplication environment. With scalability in mind, we propose the caching of access permissions, as well as a split policy processing model in which the devices with enough computational power perform part of the processing. The proposed model was implemented as part of the ManIoT architecture an d evaluated in experiments on a testbed to demonstrate its efficiency. Results show that our model accelerates the processing of access management policies from 51% by up to 79%.

show abstract

“…With regard to IoT, some approaches have implemented a capability-based security model to enable distributed AC IoT environments [11]. A capability can be defined as a self-contained token that references a target object or information along with an associated set of access rights.…”

Section: Related Workmentioning

confidence: 99%

IAACaaS: IoT Application-Scoped Access Control as a Service

et al. 2017

View full text Add to dashboard Cite

access control is a key element when guaranteeing the security of online services. However, devices that make the Internet of Things have some special requirements that foster new approaches to access control mechanisms. Their low computing capabilities impose limitations that make traditional paradigms not directly applicable to sensors and actuators. In this paper, we propose a dynamic, scalable, IoT-ready model that is based on the OAuth 2.0 protocol and that allows the complete delegation of authorization, so that an as a service access control mechanism is provided. Multiple tenants are also supported by means of application-scoped authorization policies, whose roles and permissions are fine-grained enough to provide the desired flexibility of configuration. Besides, OAuth 2.0 ensures interoperability with the rest of the Internet, yet preserving the computing constraints of IoT devices, because its tokens provide all the necessary information to perform authorization. The proposed model has been fully implemented in an open-source solution and also deeply validated in the scope of FIWARE, a European project with thousands of users, the goal of which is to provide a framework for developing smart applications and services for the future Internet. We provide the details of the deployed infrastructure and offer the analysis of a sample smart city setup that takes advantage of the model. We conclude that the proposed solution enables a new access control as a service paradigm that satisfies the special requirements of IoT devices in terms of performance, scalability and interoperability.

show abstract

A Community-Driven Access Control Approach in Distributed IoT Environments

Cited by 65 publications

References 12 publications

Smart Contract-Based Access Control for the Internet of Things

Smart Contract-Based Access Control for the Internet of Things

CASA‐IoT: Scalable and context‐aware IoT access control supporting multiple users

IAACaaS: IoT Application-Scoped Access Control as a Service

Contact Info

Product

Resources

About