scholarly journals Dynamic-IoTrust: A Dynamic Access Control for IoT Based on Smart Contracts

2021 ◽  
Vol 10 (2) ◽  
pp. 139
Author(s):  
Eman Samkri ◽  
Norah Farooqi

The Internet of things (IoT) is an active, real-world area in need of more investigation. One of the top weaknesses in security challenges that IoTs face, the centralized access control server, which can be a single point of failure. In this paper, Dynamic-IoTrust, a decentralized access control smart contract based aims to overcome distrusted, dynamic, trust and authentication issues for access control in IoT. It also integrates dynamic trust value to evaluate users based on behavior. In particular, the Dynamic-IoTrust contains multiple Main Smart Contract, one Register Contract, and one Judging Contract to achieve efficient distributed access control management. Dynamic-IoTrust provides both static access rights by allowing predefined access control policies and also provides dynamic access rights by checking the trust value and the behavior of the user. The system also provides to detected user misbehavior and make a decision for user trust value and penalty. There are several levels of trusted users to access the IoTs device. Finally, the case study demonstrates the feasibility of the Dynamic-IoTrust model to offer a dynamic decentralized access control system with trust value attribute to evaluate the internal user used IoTs devices.

Sensors ◽  
2021 ◽  
Vol 21 (16) ◽  
pp. 5438
Author(s):  
Santiago Figueroa-Lorenzo ◽  
Javier Añorga Benito ◽  
Saioa Arrizabalaga

Security is the main challenge of the Modbus IIoT protocol. The systems designed to provide security involve solutions that manage identity based on a centralized approach by introducing a single point of failure and with an ad hoc model for an organization, which handicaps the solution scalability. Our manuscript proposes a solution based on self-sovereign identity over hyperledger fabric blockchain, promoting a decentralized identity from which both authentication and authorization are performed on-chain. The implementation of the system promotes not only Modbus security, but also aims to ensure the simplicity, compatibility and interoperability claimed by Modbus.


2011 ◽  
Vol 2 (3) ◽  
pp. 22-37 ◽  
Author(s):  
Roel Peeters ◽  
Dave Singelée ◽  
Bart Preneel

Designing a secure, resilient and user-friendly access control system is a challenging task. In this article, a threshold-based location-aware access control mechanism is proposed. This design uniquely combines the concepts of secret sharing and distance bounding protocols to tackle various security vulnerabilities. The proposed solution makes use of the fact that the user carries around various personal devices. This solution offers protection against any set of or fewer compromised user’s devices, with being an adjustable threshold number. It removes the single point of failure in the system, as access is granted when one carries any set of user’s devices. Additionally it supports user-centered management, since users can alter the set of personal devices and can adjust the security parameters of the access control scheme towards their required level of security and reliability.


2012 ◽  
Vol 463-464 ◽  
pp. 1630-1633
Author(s):  
Hai Yun Lin ◽  
Yu Jiao Wang ◽  
Jian Bi

Along with the increasing number of Chinese automobiles in cities, the vehicle management becomes a difficult issue. The effective management on vehicle is to identify the vehicle. RFID technology can be used for the access control management, which can serve an effective way to identify the vehicles, making access control management of the security protection more effective and intellective[1] . Access Control System based on RFID protocol is proposed, and then introduces a model of system and gives a brief description of each component of the model, A detailed explanation about the implementation of each model is given.


2014 ◽  
Vol 631-632 ◽  
pp. 1402-1408
Author(s):  
Hui Lin Zhang ◽  
Wei Li ◽  
Qiu Li Tong ◽  
Shi Xue Yin

It introduces the existing problems in the temporary houses management in universities, analyses the improvement the access control system based on campus card brings, expounds the authorization mechanism of offline access control system, the design of the structure of the access control document in the card and the authorizing and validating processes, emphasis the fully integration of the access control business and the temporary houses management business. Forward


Author(s):  
Roel Peeters ◽  
Dave Singelée ◽  
Bart Preneel

Designing a secure, resilient and user-friendly access control system is a challenging task. In this article, a threshold-based location-aware access control mechanism is proposed. This design uniquely combines the concepts of secret sharing and distance bounding protocols to tackle various security vulnerabilities. The proposed solution makes use of the fact that the user carries around various personal devices. This solution offers protection against any set of (t-1) or fewer compromised user’s devices, with t being an adjustable threshold number. It removes the single point of failure in the system, as access is granted when one carries any set of t user’s devices. Additionally it supports user-centered management, since users can alter the set of personal devices and can adjust the security parameters of the access control scheme towards their required level of security and reliability.


Sensors ◽  
2020 ◽  
Vol 20 (6) ◽  
pp. 1793 ◽  
Author(s):  
Yuta Nakamura ◽  
Yuanyu Zhang ◽  
Masahiro Sasabe ◽  
Shoji Kasahara

Due to the rapid penetration of the Internet of Things (IoT) into human life, illegal access to IoT resources (e.g., data and actuators) has greatly threatened our safety. Access control, which specifies who (i.e., subjects) can access what resources (i.e., objects) under what conditions, has been recognized as an effective solution to address this issue. To cope with the distributed and trust-less nature of IoT systems, we propose a decentralized and trustworthy Capability-Based Access Control (CapBAC) scheme by using the Ethereum smart contract technology. In this scheme, a smart contract is created for each object to store and manage the capability tokens (i.e., data structures recording granted access rights) assigned to the related subjects, and also to verify the ownership and validity of the tokens for access control. Different from previous schemes which manage the tokens in units of subjects, i.e., one token per subject, our scheme manages the tokens in units of access rights or actions, i.e., one token per action. Such novel management achieves more fine-grained and flexible capability delegation and also ensures the consistency between the delegation information and the information stored in the tokens. We implemented the proposed CapBAC scheme in a locally constructed Ethereum blockchain network to demonstrate its feasibility. In addition, we measured the monetary cost of our scheme in terms of gas consumption to compare our scheme with the existing Blockchain-Enabled Decentralized Capability-Based Access Control (BlendCAC) scheme proposed by other researchers. The experimental results show that the proposed scheme outperforms the BlendCAC scheme in terms of the flexibility, granularity, and consistency of capability delegation at almost the same monetary cost.


2017 ◽  
pp. 507-526
Author(s):  
Peter J. Hawrylak ◽  
Steven Reed ◽  
Matthew Butler ◽  
John Hale

Access to resources, both physical and cyber, must be controlled to maintain security. The increasingly connected nature of our world makes access control a paramount issue. The expansion of the Internet of Things into everyday life has created numerous opportunities to share information and resources with other people and other devices. The Internet of Things will contain numerous wireless devices. The level of access each user (human or device) is given must be controlled. Most conventional access control schemes are rigid in that they do not account for environmental context. This solution is not sufficient for the Internet of Things. What is needed is a more granular control of access rights and a gradual degradation or expansion of access based on observed facts. This chapter presents an access control system termed the Access of Things, which employs a gradual degradation of privilege philosophy. The Access of Things concept is applicable to the dynamic security environment present in the Internet of Things.


Author(s):  
Aurélien Faravelon ◽  
Stéphanie Chollet

Pervasive applications are entering the mainstream, but at the present time, exhibit significant security weaknesses. Service-driven architectural approaches facilitate the development of pervasive applications, however, security with respect to access control and data privacy of pervasive applications are currently not managed comprehensively from design time through run time. This chapter presents a use case emphasizing the security challenges for pervasive applications and proposes a novel, generative architectural approach, to include security in pervasive applications at design time. This is a model-driven approach based on models pertaining to access control management that respect the temporal constraints relating to pervasive applications. The approach is implemented with a design and runtime environment and the results of the validation applied to the pervasive use case are presented.


Author(s):  
Vineela Muppavarapu ◽  
Soon M. Chung

This paper proposes a semantic-based access control system for the data resources in the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI). OGSA-DAI is a widely used middleware for integrating data resources in Grids. However, the identity-based access control in OGSA-DAI causes substantial overhead for the resource providers in virtual organizations (VOs), because the access control information of individual users has to be maintained by each resource provider. To solve these problems, the authors propose a semantic-based access control system using Shibboleth and ontology. Shibboleth, an attribute authorization service, is used to manage the user attributes, and the Web Ontology Language (OWL) is used to represent the ontology of the data resources and users. By using ontology, VOs can resolve the differences in their terminologies and specify access control policies based on concepts and user roles, instead of individual resources and user identities. As a result, the administration overhead of the resource providers is reduced considerably. In addition, the eXtensible Access Control Markup Language (XACML) is used to specify the access control policies uniformly across multiple VOs. The authors also developed an XACML policy administration tool that allows the administrators to create, update, and manage XACML policies. The performance analysis shows that our proposed system adds only a small overhead to the existing security mechanism of OGSA-DAI.


Sign in / Sign up

Export Citation Format

Share Document