Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment

Claeys, Timothy; Rousseau, Franck; Tourancheau, Bernard

doi:10.1109/siot.2017.00006

Cited by 21 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To solve the problems related to key exchange, we propose to use ECIES (Elliptic Curve Integrated Encryption Scheme) [41]. It is an authenticated public key cryptography system that aims at generating a secret key for onetime use by both parties of a communication.…”

Section: Implementation Of Secure Exchange Of Contextmentioning

confidence: 99%

SETUCOM: Secure and Trustworthy Context Management for Context-Aware Security and Privacy in the Internet of Things

Sylla

Chalouf

Krief

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

IoT technologies facilitate the development and the improvement of pervasive computing by enabling effective context-awareness features. These features enable the IoT applications to detect the user’s situation and adapt their behavior. They also enable context-aware security and privacy, which consist in adapting security and privacy mechanisms’ deployment to the user’s situation. Research studies on context-aware security and privacy focus on security and privacy mechanisms’ implementation but do not consider the secure and trustworthy context management. In this paper, we introduce a new secure and trustworthy context management system for context-aware security and privacy in the smart city: “SETUCOM.” SETUCOM is the implementation of the DTM (Device Trust Management) module of the CASPaaS (Context-Aware Security and Privacy as a Service) architecture. It secures context information exchange by using a lightweight hybrid encryption system adapted to IoT devices and manages trust through artificial intelligence techniques such as Bayesian networks and fuzzy logic. A detailed description of the proposed system is provided, and its main performances are evaluated. The results prove SETUCOM feasibility in context-aware security and privacy for the smart city.

show abstract

Section: Implementation Of Secure Exchange Of Contextmentioning

confidence: 99%

SETUCOM: Secure and Trustworthy Context Management for Context-Aware Security and Privacy in the Internet of Things

Sylla

Chalouf

Krief

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…This prevents cloning, intrusion and replacement by illegitimate devices. For example, in (Claeys et al, 2017), authors proposed a new authentication technique based on OAuth1.0a and ACE (Authentication and Authorization for Constrained Environments). In this solution, a cryptographic protocol EDHOC (Ephemeral Diffie Hellman over Cose (Concise Object Signing and Encryption (Bormann and Hoffman, 2013;Schaad, 2016)) (Selander et al, 2016) is used for authentication.…”

Section: Research Directionsmentioning

confidence: 99%

“…Several variants of these mechanisms have been implemented and have proven their effectiveness. For example, in (Claeys et al, 2017), a token-based secure access control system is implemented. The main advantage of such a system is that it can be used in unsecured network environments.…”

Section: Research Directionsmentioning

confidence: 99%

“…Secondly, research must be carried out on the awareness of these mechanisms to the context. For example, it may be possible to define contextual authorization tokens as proposed in the MCIASIoTE project but based on the solution implemented in (Claeys et al, 2017). Indeed, unlike the mechanism proposed in the MCIASIoTE project, the mechanism proposed in (Claeys et al, 2017) is based on ACE (Shaad et al, 2018) and OAuth2 and does not require a secure connection for token management.…”

Section: Research Directionsmentioning

confidence: 99%

“…For example, it may be possible to define contextual authorization tokens as proposed in the MCIASIoTE project but based on the solution implemented in (Claeys et al, 2017). Indeed, unlike the mechanism proposed in the MCIASIoTE project, the mechanism proposed in (Claeys et al, 2017) is based on ACE (Shaad et al, 2018) and OAuth2 and does not require a secure connection for token management. However, this mechanism does not enable the user to have the ability to define and manage permissions.…”

Section: Research Directionsmentioning

confidence: 99%

See 2 more Smart Citations

Context-aware security in the internet of things: a survey

Sylla¹,

Chalouf²,

Krief³

et al. 2021

IJAACS

View full text Add to dashboard Cite

Internet of Things applications encompass home-automation, health, transportation, etc. The main objective of these applications is to improve user's daily lives. However, security and privacy threats and the lack of adapted security mechanisms could significantly reduce their development and slow-down their adoption. Several researches have been conducted in order to find solutions for securing the IoT systems and to reduce, even eliminate risks for user's privacy. One of the proposed solutions is context-aware security, which enables to consider relevant contextual information while implementing security mechanisms. In this paper, we will conduct a survey of the context-aware security solutions that have been proposed for smart city IoT applications. These applications have a great impact on citizens life. For each solution, we will provide critical analysis in terms of context-aware management, security services and privacy mechanisms. Then, we will identify the different research directions for better context-aware security in these applications.

show abstract

Blockchain for Efficient Public Key Infrastructure and Fault-Tolerant Distributed Consensus

Moh

Nguyen

Moh

et al. 2020

Advances in Information Security

View full text Add to dashboard Cite

Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment

Cited by 21 publications

References 5 publications

SETUCOM: Secure and Trustworthy Context Management for Context-Aware Security and Privacy in the Internet of Things

SETUCOM: Secure and Trustworthy Context Management for Context-Aware Security and Privacy in the Internet of Things

Context-aware security in the internet of things: a survey

Blockchain for Efficient Public Key Infrastructure and Fault-Tolerant Distributed Consensus

Contact Info

Product

Resources

About