scholarly journals Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

2021 ◽  
Author(s):  
Mohammed Al-Shaboti
Keyword(s):  
Access Control ◽  
Security And Privacy ◽  
Smart Spaces ◽  
Fine Grained ◽  
User Activity ◽  
User Access ◽  
Single User ◽  
Iot Devices ◽  
Access Policies

<p><b>The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity.</b></p> <p>The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied.</p> <p>The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy.</p> <p>Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing.</p> <p>Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers.</p> <p>Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time.</p> <p>In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.</p>

scholarly journals Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

2021 ◽  
Author(s):  
Mohammed Al-Shaboti
Keyword(s):  
Access Control ◽  
Security And Privacy ◽  
Smart Spaces ◽  
Fine Grained ◽  
User Activity ◽  
User Access ◽  
Single User ◽  
Iot Devices ◽  
Access Policies

<p><b>The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity.</b></p> <p>The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied.</p> <p>The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy.</p> <p>Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing.</p> <p>Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers.</p> <p>Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time.</p> <p>In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.</p>

scholarly journals Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

2021 ◽  
Author(s):  
Mohammed Al-Shaboti
Keyword(s):  
Access Control ◽  
Security And Privacy ◽  
Smart Spaces ◽  
Fine Grained ◽  
User Activity ◽  
User Access ◽  
Single User ◽  
Iot Devices ◽  
Access Policies

<p><b>The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity.</b></p> <p>The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied.</p> <p>The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy.</p> <p>Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing.</p> <p>Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers.</p> <p>Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time.</p> <p>In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.</p>

scholarly journals Fine-grained Access Control for Internet of Things Smart Spaces Driven by User Inputs

2021 ◽  
Author(s):  
Mohammed Al-Shaboti
Keyword(s):  
Access Control ◽  
Security And Privacy ◽  
Smart Spaces ◽  
Fine Grained ◽  
User Activity ◽  
User Access ◽  
Single User ◽  
Iot Devices ◽  
Access Policies

<p><b>The increasing use of Internet of Things (IoT) devices raises security and privacy concerns. In smart spaces, multiple IoT devices are simultaneously used to fulfil user activity functions. However, these devices exhibit several security vulnerabilities that can compromise smart space security and privacy. The ability of fine-grained control network access in IoT devices and application messages can significantly reduce the risk resulting from the exploitation of IoT vulnerabilities due to unauthorised access, thereby improving smart space security. A well-recognised approach in the literature for IoT access control is to use pre-defined access policies to allow the necessary connections for a device to function correctly. However, these policies allow access to all device functions (i.e. coarse-grained access) including those functions that are not used by any user activity.</b></p> <p>The overall goal of this thesis is to develop an access control framework and techniques to achieve fine-grained access policies by using user inputs. The user inputs will be utilised to select devices to fulfil user activities aiming to build an access policy from the minimum access required for each device function. In this thesis, the use of user inputs to meet user security and privacy requirements in single- and multi-user smart spaces is studied.</p> <p>The main contributions are as follows: first, an access control framework that enables users to tailor IoT device policies to meet their security and privacy requirements is proposed. Validation results of the framework show the effectiveness of integrating user access rules into the existing security countermeasures (i.e. pre-defined policies and intrusion detection systems – IDS) to enforce user security and privacy.</p> <p>Second, the problem of selecting preferable devices to fulfil user activity functions is formulated as an optimisation problem. The optimisation problem is then solved by local and global optimisation searching algorithms that are guided by a developed user preference quantified model. The results show that global optimisation search algorithms such as Genetic Algorithm (GA) find the solution more effectively and efficiently than local search algorithms such as simulated annealing and hill-climbing.</p> <p>Third, sharing access control for multi-user smart spaces is proposed. Traditional access control that considers a single user is not suitable for multi-user smart spaces, where users share their IoT devices. The sharing between multiple users poses challenges different than in single-user access control. For example, users may abuse using shared devices and use vulnerable ones. This thesis addresses these two challenges through two contributions. First, it proposes a novel sharing policy language that enables users to precisely define their sharing policy. Second, this thesis formulates the sharing policies as constraints in the context of an optimisation problem with the objective function that maximises the use of secure devices. Results show that the IoT sharing issue can naturally be translated into an integer linear programming (ILP) problem and effectively solved using off-the-shelf ILP solvers.</p> <p>Fourth, this thesis explores the feasibility and practicality of the fine-grained access policy enforcement through a smart home case study. A case study is built using a hub-based architecture that uses Web of Things (WoT) technology. WoT provides a device semantic description that includes device functions with the corresponding Uniform Resource Identifier (URI) which is used to build access control policies. The case study results show that policy enforcement can be effectively achieved by directing network traffic through a device proxy for each IoT device to enforce application access control without introducing statistically significant overhead on the user activity running time.</p> <p>In summary, this thesis studies the use of user inputs to derive fine-grained access control in smart spaces. For a single-user access control system, this thesis considers using manual rules and user preferences in small and dense smart spaces, respectively. For a multi-user access control system, this thesis proposes a secure sharing system supported by a sharing policy language to share and use IoT devices securely. For each scenario analysed, user input is utilised to derive fine-grained access policies. Enforcement of these policies has been explored by implementing a smart space case study using WoT technology. The overall results show that user preferences and sharing policies can be used to derive fine-grained access policies that are transparent to users and meet their security and privacy requirements.</p>

scholarly journals BFR-SE: A Blockchain-Based Fair and Reliable Searchable Encryption Scheme for IoT with Fine-Grained Access Control in Cloud Environment

2021 ◽  
Vol 2021 ◽  
pp. 1-21
Author(s):  
Hongmin Gao ◽  
Shoushan Luo ◽  
Zhaofeng Ma ◽  
Xiaodan Yan ◽  
Yanping Xu
Keyword(s):  
Access Control ◽  
Service Providers ◽  
Auxiliary Information ◽  
Bloom Filter ◽  
Searchable Encryption ◽  
Security And Privacy ◽  
Encryption Scheme ◽  
Fine Grained ◽  
Data User ◽  
Iot Devices

Due to capacity limitations, large amounts of data generated by IoT devices are often stored on cloud servers. These data are usually encrypted to prevent the disclosure, which significantly affects the availability of this data. Searchable encryption (SE) allows a party to store his data created by his IoT devices or mobile in encryption on the cloud server to protect his privacy while retaining his ability to search for data. However, the general SE techniques are all pay-then-use. The searchable encryption service providers (SESP) are considered curious but honest, making it unfair and unreliable. To address these problems, we combined ciphertext-policy attribute-based encryption, Bloom filter, and blockchain to propose a blockchain-based fair and reliable searchable encryption scheme (BFR-SE) in this paper. In BFR-SE, we constructed an attribute-based searchable encryption model that can provide fine-grained access control. The data owner stores the indices on SESP and stores some additional auxiliary information on the blockchain. After a data user initiates a request, SESP must return the correct and integral search results before the deadline. Otherwise, the data user can send an arbitration request, and the blockchain will make a ruling. The blockchain will only perform arbitrations based on auxiliary information when disputes arise, saving the computing resources on-chain. We analyzed the security and privacy of BFR-SE and simulated our scheme on the EOS blockchain, which proves that BFR-SE is feasible. Meanwhile, we provided a thorough analysis of storage and computing overhead, proving that BFR-SE is practical and has good performance.

scholarly journals Security-Oriented Architecture for Managing IoT Deployments

Symmetry ◽  
2019 ◽  
Vol 11 (10) ◽  
pp. 1315
Author(s):  
André Zúquete ◽  
Hélder Gomes ◽  
João Amaral ◽  
Carlos Oliveira
Keyword(s):  
Access Control ◽  
Public Key Infrastructure ◽  
Security And Privacy ◽  
Fine Grained ◽  
Asymmetric Cryptography ◽  
Access Control Policies ◽  
Public Keys ◽  
Key Issues ◽  
Iot Devices ◽  
The Internet Of Things

Assuring security and privacy is one of the key issues affecting the Internet of Things (IoT), mostly due to its distributed nature. Therefore, for the IoT to thrive, this problem needs to be tackled and solved. This paper describes a security-oriented architecture for managing IoT deployments. Our main goal was to deal with a fine-grained control in the access to IoT data and devices, to prevent devices from being manipulated by attackers and to avoid information leaking from IoT devices to unauthorized recipients. The access control is split: the management of authentication and access control policies is centered on special components (Authentication, Authorization, and Accounting Controllers), which can be distributed or centralized, and the actual enforcement of access control decisions happens on the entities that stay in the path to the IoT devices (Gateways and Device Drivers). The authentication in the entire system uses asymmetric cryptography and pre-distributed unique identifiers derived from public keys; no Public Key Infrastructure (PKI) is used. A Kerberos-like ticket-based approach is used to establish secure sessions.

Access Control and Information Flow Control for Web Services Security

2016 ◽  
Vol 11 (1) ◽  
pp. 44-76 ◽  
Author(s):  
Saadia Kedjar ◽  
Abdelkamel Tari ◽  
Peter Bertok
Keyword(s):  
Web Services ◽  
Access Control ◽  
Flow Control ◽  
Information Flow ◽  
Information Flow Control ◽  
User Access ◽  
Web Services Security ◽  
Information Confidentiality ◽  
Security Standards

With the advancement of web services technology, security has become an increasingly important issue. Various security standards have been developed to secure web services at the transport and message level, but application level has received less attention. The security solutions at the application level focus on access control which cannot alone ensure the confidentiality and integrity of information. The solution proposed in this paper consists on a hybrid model that combines access control (AC) and information flow control (IFC). The AC mechanism uses the concept of roles and attributes to control user access to web services' methods. The IFC mechanism uses labels to control how the roles access to the system's objects and verify the information flows between them to ensure the information confidentiality and integrity. This manuscript describes the model, gives the demonstration of the IFC model safety, presents the modeling and implementation of the model and a case study.

scholarly journals A Fine-Grained User-Divided Privacy-Preserving Access Control Protocol in Smart Watch

Sensors ◽  
2019 ◽  
Vol 19 (9) ◽  
pp. 2109
Author(s):  
Liming Fang ◽  
Minghui Li ◽  
Lu Zhou ◽  
Hanyi Zhang ◽  
Chunpeng Ge
Keyword(s):  
Access Control ◽  
Data Privacy ◽  
Privacy Preservation ◽  
Data Access ◽  
Privacy Preserving ◽  
Security And Privacy ◽  
Fine Grained ◽  
Data Access Control ◽  
Smart Watch ◽  
Performance And Evaluation

A smart watch is a kind of emerging wearable device in the Internet of Things. The security and privacy problems are the main obstacles that hinder the wide deployment of smart watches. Existing security mechanisms do not achieve a balance between the privacy-preserving and data access control. In this paper, we propose a fine-grained privacy-preserving access control architecture for smart watches (FPAS). In FPAS, we leverage the identity-based authentication scheme to protect the devices from malicious connection and policy-based access control for data privacy preservation. The core policy of FPAS is two-fold: (1) utilizing a homomorphic and re-encrypted scheme to ensure that the ciphertext information can be correctly calculated; (2) dividing the data requester by different attributes to avoid unauthorized access. We present a concrete scheme based on the above prototype and analyze the security of the FPAS. The performance and evaluation demonstrate that the FPAS scheme is efficient, practical, and extensible.

AntibIoTic: The Fog-enhanced distributed security system to protect the (legacy) Internet of Things

2021 ◽  
pp. 1-37
Author(s):  
Michele De Donno ◽  
Xenofon Fafoutis ◽  
Nicola Dragoni
Keyword(s):  
Internet Of Things ◽  
Fog Computing ◽  
Security System ◽  
Security And Privacy ◽  
Aggregated Data ◽  
Fine Grained ◽  
Computational Overhead ◽  
Distributed Security ◽  
Cloud Server ◽  
Iot Devices

The Internet of Things (IoT) is evolving our society; however, the growing adoption of IoT devices in many scenarios brings security and privacy implications. Current security solutions are either unsuitable for every IoT scenario or provide only partial security. This paper presents AntibIoTic 2.0, a distributed security system that relies on Fog computing to secure IoT devices, including legacy ones. The system is composed of a backbone, made of core Fog nodes and Cloud server, a Fog node acting at the edge as the gateway of the IoT network, and a lightweight agent running on each IoT device. The proposed system offers fine-grained, host-level security coupled with network-level protection, while its distributed nature makes it scalable, versatile, lightweight, and easy to deploy, also for legacy IoT deployments. AntibIoTic 2.0 can also publish anonymized and aggregated data and statistics on the deployments it secures, to increase awareness and push cooperations in the area of IoT security. This manuscript recaps and largely expands previous works on AntibIoTic, providing an enhanced design of the system, an extended proof-of-concept that proves its feasibility and shows its operation, and an experimental evaluation that reports the low computational overhead it causes.

scholarly journals An Efficient ECC-Based CP-ABE Scheme for Power IoT

Processes ◽  
2021 ◽  
Vol 9 (7) ◽  
pp. 1176
Author(s):  
Rui Cheng ◽  
Kehe Wu ◽  
Yuling Su ◽  
Wei Li ◽  
Wenchao Cui ◽  
...  
Keyword(s):  
Access Control ◽  
Elliptic Curve Cryptography ◽  
Energy Production ◽  
Control Function ◽  
Rapid Development ◽  
Bilinear Pairing ◽  
Security And Privacy ◽  
Fine Grained ◽  
Attribute Based Encryption ◽  
Ciphertext Policy

The rapid development of the power Internet of Things (IoT) has greatly enhanced the level of security, quality and efficiency in energy production, energy consumption, and related fields. However, it also puts forward higher requirements for the security and privacy of data. Ciphertext-policy attribute-based encryption (CP-ABE) is considered a suitable method to solve this issue and can implement fine-grained access control. However, its internal bilinear pairing operation is too expensive, which is not suitable for power IoT with limited computing resources. Hence, in this paper, a novel CP-ABE scheme based on elliptic curve cryptography (ECC) is proposed, which replaces the bilinear pairing operation with simple scalar multiplication and outsources most of the decryption work to edge devices. In addition, time and location attributes are combined in the proposed scheme, allowing the data users to access only within the range of time and locations set by the data owners to achieve a more fine-grained access control function. Simultaneously, the scheme uses multiple authorities to manage attributes, thereby solving the performance bottleneck of having a single authority. A performance analysis demonstrates that the proposed scheme is effective and suitable for power IoT.

Sign in / Sign up

Export Citation Format

Share Document