Abstract
Advances in technology have enabled the creation of “smart” Things, fostering the vision of the Internet of Things (IoT). Smart Things have connection capabilities, they support Internet protocols and they even come with operating systems and Application Programming Interfaces. The pursuit for a protocol stack that will support the IoT has resulted, so far, in an ecosystem of heterogeneous and non-compatible solutions that satisfy the requirements of particular vertical sectors (“silos”). For this reason, several research initiatives, driven by both academia and industry, investigate the potential of an interoperable IoT architecture, i.e., an architecture that will provide a common and horizontal communication abstraction, which will act as interconnection layer among all prominent IoT protocols and systems. Securing such an architecture, which includes many stakeholders with diverse interests and security requirements, is not a trivial task. In this paper, we present an authentication and authorization solution that facilitates the interoperability of existing IoT systems. This solution achieves endpoint authentication, encryption key establishment, and enables third parties to define fine-grained, domain-specific access control policies. Things store minimal information, perform only ultra-lightweight computations, and are oblivious about the business logic and processes involved in the authentication and authorization procedures. Furthermore, the proposed solution preserves end-user privacy and can be easily incorporated into existing systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Data (and information) is not only a non-rivalrous good, it is anti-rivalrous [1], providing (potentially) more value the more it is used.
- 2.
References
Anti-Rivalry definition. https://wiki.p2pfoundation.net/Anti-Rivalry. Accessed 8 July 2018
Authentication plugin for Mosquitto with multiple back-ends. https://github.com/jpmens/mosquitto-auth-plug. Accessed 8 July 2018
Eclipse Keti. https://projects.eclipse.org/proposals/eclipse-keti. Accessed 8 July 2018
INTER-IoT project home page. http://www.inter-iot-project.eu. Accessed 8 July 2018
Blazquez, A., Tsiatsis, V., Vandikas, K.: Performance evaluation of openID connect for an IoT information marketplace. In: 2015 IEEE 81st Vehicular Technology Conference (VTC Spring), pp. 1–6 (2015)
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: IoT-OAS: an OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE Sens. J. 15(2), 1224–1234 (2015)
Eronen, P., Tschofenig, H.: Pre-shared key ciphersuites for transport layer security (TLS). RFC 4729, IETF (2005)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. 4(3), 224–274 (2001)
Fotiou, N., Kotsonis, T., Marias, G.F., Polyzos, G.C.: Access control for the Internet of Things. In: 2016 ESORICS International Workshop on Secure Internet of Things (SIoT), pp. 29–38 (2016)
Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the Internet of Things. Math. Comput. Model. 58(5), 1189–1205 (2013). The Measurement of Undesirable Outputs: Models Development and Empirical Analyses and Advances in mobile, ubiquitous and cognitive computing
Hardt, D. (ed.): The OAuth 2.0 Authorization Framework. RFC 6749, IETF (2012)
Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, DIM 2006, New York, NY, USA, pp. 11–16 (2006)
Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347, IETF (2012)
Seitz, L., Selander, G., Gehrmann, C.: Authorization framework for the Internet-of-Things. In: 2013 IEEE 14th International Symposium and Workshops on a Mobile and Multimedia Networks (WoWMoM), World of Wireless, pp. 1–6. IEEE Computer Society, Los Alamitos (2013)
Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252, IETF (2014)
Acknowledgment
This work was funded through INTER-IoT Collaboration Agreement #52 (ACHILLES), which is administered through AUEB-RC. INTER-IoT has received funding from the EC through programme H2020. The paper presents the views of the authors and not necessarily those of the EC or the INTER-IoT consortium.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Fotiou, N., Polyzos, G.C. (2018). Authentication and Authorization for Interoperable IoT Architectures. In: Saracino, A., Mori, P. (eds) Emerging Technologies for Authorization and Authentication. ETAA 2018. Lecture Notes in Computer Science(), vol 11263. Springer, Cham. https://doi.org/10.1007/978-3-030-04372-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-04372-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-04371-1
Online ISBN: 978-3-030-04372-8
eBook Packages: Computer ScienceComputer Science (R0)