scholarly journals Validation of an Adaptive Risk-based Access Control Model for the Internet of Things

2018 ◽  
Vol 10 (1) ◽  
pp. 26-35 ◽  
Author(s):  
Hany F. Atlam ◽  
◽  
Ahmed Alenezi ◽  
Raid Khalid Hussein ◽  
Gary B. Wills
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Control Model ◽  
The Internet ◽  
Access Control Model ◽  
The Internet Of Things

scholarly journals An Access Control Model for the Internet of Things Based on Zero-Knowledge Token and Blockchain

2020 ◽  
Author(s):  
Lihua Song ◽  
Xinran Ju ◽  
Zongke Zhu ◽  
Mengchen Li
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Single Point ◽  
Control Model ◽  
The Internet ◽  
Security Level ◽  
Zero Knowledge ◽  
Access Control Model ◽  
The Internet Of Things ◽  
Zero Knowledge Proof

Abstract Information security has become the focus problem in the Internet of Things, and the traditional centralized access control model is faced with threats such as single point failure, internal attack, and central leak. In this paper, we proposed a model to improve the access control security of the Internet of Things, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deployed the attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration; Secondly, the encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids the attribute ownership exposure problem; Besides, the use of smart contracts solves the problem of low computing efficiency of Internet of Things devices and the waste of blockchain computing power resources; Finally, a prototype of Internet of Things access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Information Flow Control Based on the CapBAC (Capability-Based Access Control) Model in the IoT

2019 ◽  
Vol 10 (4) ◽  
pp. 13-25 ◽  
Author(s):  
Shigenari Nakamura ◽  
Tomoya Enokido ◽  
Makoto Takizawa
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Information Flow ◽  
Control Model ◽  
The Internet ◽  
Information Flow Control ◽  
The Subject ◽  
Access Rights ◽  
Iot Devices ◽  
The Internet Of Things

In the Internet of Things (IoT), not only computers like servers but also devices with sensor and actuator devices are interconnected. It is critical to make the IoT secure, especially devices. In the capability-based access control (CapBAC) model proposed to make IoT devices secure, an owner of each device issues a capability token, i.e. a set of access rights, to a subject. Only a subject holding the capability token is allowed to manipulate the device. However, a subject may get data in a device d1 via another device d2 although the subject holds no capability token to get data from the device d1. Here, the data in the device d1 illegally flow to the subject. In this article, the authors propose the operation interruption (OI) protocol where illegal get operations are interrupted. In the evaluation, the ratio of the number of get operations interrupted to the total number of get operations is kept constant even if the numbers of subjects and access rights granted to each subject increase in the OI protocol.

scholarly journals An access control model for the Internet of Things based on zero-knowledge token and blockchain

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Lihua Song ◽  
Xinran Ju ◽  
Zongke Zhu ◽  
Mengchen Li
Keyword(s):  
Internet Of Things ◽  
Access Control ◽  
Single Point ◽  
Control Model ◽  
Third Party ◽  
Security Level ◽  
Zero Knowledge ◽  
Access Control Model ◽  
Test Analysis ◽  
Zero Knowledge Proof

AbstractInformation security has become a hot topic in Internet of Things (IoT), and traditional centralized access control models are faced with threats such as single point failure, internal attack, and central leak. In this paper, we propose a model to improve the access control security of the IoT, which is based on zero-knowledge proof and smart contract technology in the blockchain. Firstly, we deploy attribute information of access control in the blockchain, which relieves the pressure and credibility problem brought by the third-party information concentration. Secondly, encrypted access control token is used to gain the access permission of the resources, which makes the user's identity invisible and effectively avoids attribute ownership exposure problem. Besides, the use of smart contracts solves the problem of low computing efficiency of IoT devices and the waste of blockchain computing power resources. Finally, a prototype of IoT access control system based on blockchain and zero-knowledge proof technology is implemented. The test analysis results show that the model achieves effective attribute privacy protection, compared with the Attribute-Based Access Control model of the same security level, the access efficiency increases linearly with the increase of access scale.

Sign in / Sign up

Export Citation Format

Share Document