ABSAC: Attribute-Based Access Control Model Supporting Anonymous Access for Smart Cities

Smart cities require new access control models for Internet of Things (IoT) devices that preserve user privacy while guaranteeing scalability and efficiency. Researchers believe that anonymous access can protect the private information even if the private information is not stored in authorization organization. Many attribute-based access control (ABAC) models that support anonymous access expose the attributes of the subject to the authorization organization during the authorization process, which allows the authorization organization to obtain the attributes of the subject and infer the identity of the subject. The ABAC with anonymous access proposed in this paper called ABSAC strengthens the identity-less of ABAC by combining homomorphic attribute-based signatures (HABSs) which does not send the subject attributes to the authorization organization, reducing the risk of subject identity re-identification. It is a secure anonymous access framework. Tests show that the performance of ABSAC implementation is similar to ABAC’s performance.

Download Full-text

Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT

International Journal of Mobile Computing and Multimedia Communications ◽

10.4018/ijmcmc.2019100102 ◽

2019 ◽

Vol 10 (4) ◽

pp. 13-25 ◽

Cited By ~ 2

Author(s):

Shigenari Nakamura ◽

Tomoya Enokido ◽

Makoto Takizawa

Keyword(s):

Internet Of Things ◽

Access Control ◽

Information Flow ◽

Control Model ◽

The Internet ◽

Information Flow Control ◽

The Subject ◽

Access Rights ◽

Iot Devices ◽

The Internet Of Things

In the Internet of Things (IoT), not only computers like servers but also devices with sensor and actuator devices are interconnected. It is critical to make the IoT secure, especially devices. In the capability-based access control (CapBAC) model proposed to make IoT devices secure, an owner of each device issues a capability token, i.e. a set of access rights, to a subject. Only a subject holding the capability token is allowed to manipulate the device. However, a subject may get data in a device d1 via another device d2 although the subject holds no capability token to get data from the device d1. Here, the data in the device d1 illegally flow to the subject. In this article, the authors propose the operation interruption (OI) protocol where illegal get operations are interrupted. In the evaluation, the ratio of the number of get operations interrupted to the total number of get operations is kept constant even if the numbers of subjects and access rights granted to each subject increase in the OI protocol.

Download Full-text

From Conventional to State-of-the-Art IoT Access Control Models

Electronics ◽

10.3390/electronics9101693 ◽

2020 ◽

Vol 9 (10) ◽

pp. 1693

Author(s):

Ahmad Kamran Malik ◽

Naina Emmanuel ◽

Sidra Zafar ◽

Hasan Ali Khattak ◽

Basit Raza ◽

...

Keyword(s):

Internet Of Things ◽

Access Control ◽

Social Networking ◽

Private Information ◽

Online Social Networks ◽

Security And Privacy ◽

Accurate Information ◽

Access Control Models ◽

Control Models ◽

Macro Scale

The advent in Online Social Networks (OSN) and Internet of Things (IoT) has created a new world of collaboration and communication between people and devices. The domain of internet of things uses billions of devices (ranging from tiny sensors to macro scale devices) that continuously produce and exchange huge amounts of data with people and applications. Similarly, more than a billion people are connected through social networking sites to collaborate and share their knowledge. The applications of IoT such as smart health, smart city, social networking, video surveillance and vehicular communication are quickly evolving people’s daily lives. These applications provide accurate, information-rich and personalized services to the users. However, providing personalized information comes at the cost of accessing private information of users such as their location, social relationship details, health information and daily activities. When the information is accessible online, there is always a chance that it can be used maliciously by unauthorized entities. Therefore, an effective access control mechanism must be employed to ensure the security and privacy of entities using OSN and IoT services. Access control refers to a process which can restrict user’s access to data and resources. It enforces access rules to grant authorized users an access to resources and prevent others. This survey examines the increasing literature on access control for traditional models in general, and for OSN and IoT in specific. Challenges and problems related to access control mechanisms are explored to facilitate the adoption of access control solutions in OSN and IoT scenarios. The survey provides a review of the requirements for access control enforcement, discusses several security issues in access control, and elaborates underlying principles and limitations of famous access control models. We evaluate the feasibility of current access control models for OSN and IoT and provide the future development direction of access control for the same.

Download Full-text

Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things

2020 International Conference on Information Security and Cryptology (ISCTURKEY) ◽

10.1109/iscturkey51113.2020.9307964 ◽

2020 ◽

Author(s):

Melike Burakgazi Bilgen ◽

Kemal Bicakci

Keyword(s):

Internet Of Things ◽

Access Control ◽

Control Model ◽

Access Control Model ◽

Attribute Based Access Control

Download Full-text

Service-Based Hybrid Access Control Technology with Priority Level for the Internet of Vehicles under the Cloud Architecture

Security and Communication Networks ◽

10.1155/2021/4646087 ◽

2021 ◽

Vol 2021 ◽

pp. 1-18

Author(s):

Pengshou Xie ◽

Haoxuan Yang ◽

Liangxuan Wang ◽

Shuai Wang ◽

Tao Feng ◽

...

Keyword(s):

Cloud Computing ◽

Access Control ◽

Hierarchical Structure ◽

Control Model ◽

Communication Process ◽

Access Control Model ◽

Cloud Architecture ◽

Access Control Models ◽

Control Models ◽

Attribute Based Access Control

The communication process of devices in IoV under cloud architecture needs to be protected by access control models. However, existing access control models have difficulty establishing the appropriate granularity of permissions in the face of large amounts of data in IoV. Moreover, the access control model may need to temporarily change user privileges to accommodate the dynamic nature of IoV scenarios, a requirement that is difficult to implement for traditional access control models. The unstable connection status of devices in IoV also creates problems for access control. The service (composed of role and attribute) based access control model (in IoV) S-RABAC (V), under the Cloud computing architecture, introduces a formal theoretical model. The model uses attribute grouping and prioritization mechanisms to form a hierarchical structure. The permission combination pattern in the hierarchical structure can avoid duplicate permissions and reduce the number of permissions while ensuring fine-grained permissions. Different layers in the model have different priorities, and when a user’s permission requires temporary changes, it can be adjusted to the corresponding layers according to the user’s priority. In addition, users are allowed to keep their assigned privileges for a period to avoid frequent access control because of unstable connections. We have implemented the proposed access control model in Alibaba Cloud Computing and given six example demonstrations. The experiment shows that this is an access control model that can protect IoV security more effectively. Various unique mechanisms in the model enable S-RABAC(V) to improve the overall access control efficiency. The model adds some extra features compared to ABAC and RBAC and can generate more access control decisions using the priority mechanism.

Download Full-text

Hyperledger Fabric Access Control System for Internet of Things Layer in Blockchain-Based Applications

Entropy ◽

10.3390/e23081054 ◽

2021 ◽

Vol 23 (8) ◽

pp. 1054

Author(s):

Adnan Iftekhar ◽

Xiaohui Cui ◽

Qi Tao ◽

Chengliang Zheng

Keyword(s):

Internet Of Things ◽

Access Control ◽

Control Mechanism ◽

Raspberry Pi ◽

Access Control System ◽

Attribute Based Access Control ◽

Iot Devices ◽

Application Fields ◽

The Internet Of Things ◽

Gain Access

Blockchain-based applications are gaining traction in various application fields, including supply chain management, health care, and finance. The Internet of Things (IoT) is a critical component of these applications since it allows for data collection from the environment. In this work, we integrate the Hyperledger Fabric blockchain and IoT devices to demonstrate the access control and establish the root of trust for IoT devices. The Hyperledger Fabric is designed to be secure against unwanted access and use through encryption protocols, access restrictions, and cryptography algorithms. An attribute-based access control (ABAC) mechanism was created using Hyperledger Fabric components only to gain access to the IoT device. Single board computers based on the ARM architecture are becoming increasingly powerful and popular in automation applications. In this study, the Raspberry Pi 4 Model B based on ARM64 architecture is used as the IoT device. Because the ARM64 architecture is not supported by default, we build executable binaries and Docker images for the ARM64 architecture, using the Hyperledger Fabric source code. On an IoT device, we run the fabric node in native mode to evaluate the executable binaries generated for the ARM64 architecture. Through effective chaincode execution and testing, we successfully assess the Hyperledger fabric blockchain implementation and access control mechanism on the ARM64 architecture.

Download Full-text

An access control model for the Internet of Things based on zero-knowledge token and blockchain

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01986-4 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Lihua Song ◽

Xinran Ju ◽

Zongke Zhu ◽

Mengchen Li

Keyword(s):

Internet Of Things ◽

Access Control ◽

Single Point ◽

Control Model ◽

Third Party ◽

Security Level ◽

Zero Knowledge ◽

Access Control Model ◽

Test Analysis ◽

Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Download Full-text

State-of-the-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things

Sensors ◽

10.3390/s21051598 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1598

Author(s):

Sigurd Frej Joel Jørgensen Ankergård ◽

Edlira Dushku ◽

Nicola Dragoni

Keyword(s):

Internet Of Things ◽

Smart Cities ◽

Cyber Attacks ◽

Resource Constrained ◽

Remote Attestation ◽

Comprehensive Overview ◽

Research Issues ◽

Advantages And Disadvantages ◽

Iot Devices ◽

Specialized Hardware

The Internet of Things (IoT) ecosystem comprises billions of heterogeneous Internet-connected devices which are revolutionizing many domains, such as healthcare, transportation, smart cities, to mention only a few. Along with the unprecedented new opportunities, the IoT revolution is creating an enormous attack surface for potential sophisticated cyber attacks. In this context, Remote Attestation (RA) has gained wide interest as an important security technique to remotely detect adversarial presence and assure the legitimate state of an IoT device. While many RA approaches proposed in the literature make different assumptions regarding the architecture of IoT devices and adversary capabilities, most typical RA schemes rely on minimal Root of Trust by leveraging hardware that guarantees code and memory isolation. However, the presence of a specialized hardware is not always a realistic assumption, for instance, in the context of legacy IoT devices and resource-constrained IoT devices. In this paper, we survey and analyze existing software-based RA schemes (i.e., RA schemes not relying on specialized hardware components) through the lens of IoT. In particular, we provide a comprehensive overview of their design characteristics and security capabilities, analyzing their advantages and disadvantages. Finally, we discuss the opportunities that these RA schemes bring in attesting legacy and resource-constrained IoT devices, along with open research issues.

Download Full-text

Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things

Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy - CODASPY '18 ◽

10.1145/3176258.3176328 ◽

2018 ◽

Cited By ~ 3

Author(s):

Asma Alshehri ◽

James Benson ◽

Farhan Patwa ◽

Ravi Sandhu

Keyword(s):

Internet Of Things ◽

Access Control ◽

Control Model ◽

Access Control Model ◽

Virtual Objects

Download Full-text

Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽

10.3390/s18082664 ◽

2018 ◽

Vol 18 (8) ◽

pp. 2664 ◽

Cited By ~ 4

Author(s):

Luis Belem Pacheco ◽

Eduardo Pelinson Alchieri ◽

Priscila Mendez Barreto

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Single Point ◽

Data Access ◽

Cloud Services ◽

Sensitive Information ◽

User Privacy ◽

Privacy And Security ◽

Iot Devices ◽

And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Download Full-text

Practical Multiauthority Attribute-Based Access Control for Edge-Cloud-Aided Internet of Things

Security and Communication Networks ◽

10.1155/2021/8872699 ◽

2021 ◽

Vol 2021 ◽

pp. 1-22

Author(s):

Kaiqing Huang ◽

Xueli Wang ◽

Zhiqiang Lin

Keyword(s):

Internet Of Things ◽

Access Control ◽

Data Access ◽

Edge Computing ◽

Fine Grained ◽

Technical Requirements ◽

Data Access Control ◽

Heavy Burden ◽

Attribute Based Access Control ◽

Access Privileges

With the assistance of edge computing which reduces the heavy burden of the cloud center server by using the network edge servers, the Internet of Things (IoTs) architectures enable low latency for real-time devices and applications. However, there still exist security challenges on data access control for the IoT. Multiauthority attribute-based encryption (MA-ABE) is a promising technique to achieve access control over encrypted data in cross-domain applications. Based on the characteristics and technical requirements of the IoT, we propose an efficient fine-grained revocable large universe multiauthority access control scheme. In the proposed scheme, the most expensive encryption operations have been executed in the user’s initialization phase by adding a reusable ciphertext pool besides splitting the encryption algorithm to online encryption and offline encryption. Massive decryption operations are outsourced to the near-edge servers for reducing the computation overhead of decryption. An efficient revocation mechanism is designed to change users’ access privileges dynamically. Moreover, the scheme supports ciphertext verification. Only valid ciphertext can be stored and transmitted, which saves system resources. With the help of the chameleon hash function, the proposed scheme is proven CCA2-secure under the q-DPBDHE2 assumption. The performance analysis results indicate that the proposed scheme is efficient and suitable in edge computing for the IoT.

Download Full-text