Abstract
With the emergence of the Internet of Things (IoT) technology, the number of related devices has been increasing at a very rapid speed. The security of IoT systems has become a crucial issue. Due to the complex IoT environment and users’ unawareness, such issues are usually hard to resolve. Many IoT systems lack proper access control mechanisms and suffer from various large scale attacks. We need a robust and effective secure access control to build IoT systems that retain user privacy and data integrity with high availability.
In this paper, we propose an access control framework based on OAuth 2.0, with which we constructed a remote control system for various devices. The secured authentication schemes prevent possible private data leaks. The proposed framework provides flexibility for further functional extensions with new IoT devices.
This work was financially supported by the Center for Open Intelligent Connectivity from The Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pp. 1–6. IEEE, Yogyakarta, Indonesia (2017)
Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)
Ojo, M., Adami, D., Giordano, S.: A SDN-IoT architecture with NFV implementation. In: 2016 IEEE Globecom Workshops (GC Wkshps), pp. 1–6. IEEE, Washington, DC, USA (2016)
Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ouahman, A.A.: Access control in the Internet of Things: Big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017)
OWASP Internet of Thing Top 10. https://owasp.org/www-project-internet-of-things/. Accessed 10 Aug 2020
Chiang, M., Zhang, T.: Fog and IoT: an overview of research opportunities. IEEE Internet Things J. 3(6), 854–864 (2016)
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: Iot-oas: an oauth-based authorization service architecture for secure services in iot scenarios. IEEE Sens. J. 15(2), 1224–1234 (2014)
Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)
Anggorojati, B., Mahalle, P.N., Prasad, N.R., Prasad, R.: Capability-based access control delegation model on the federated IoT network. In: The 15th International Symposium on Wireless Personal Multimedia Communications, pp. 604–608. IEEE, Taipei, Taiwan (2012)
Lin, Y.-B., Shieh, M.-Z., Lin, Y.-W.: DormTalk: edge computing for the dormitory applications on campus. IET Networks 8(3), 179–186 (2018)
TaiSEIA 101 Interconnection protocol for devices in smart home. http://www.taiseia.org.tw/Affairs/. Accessed 10 Aug 2020
Fett, D., Küsters, R., Schmitz, G.: A comprehensive formal security analysis of OAuth 2.0. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1204–1215. ACM, Vienna, Austria (2016)
The OAuth 2.0 Authorization Framework. https://tools.ietf.org/html/rfc6749. Accessed 10 Aug 2020
Emerson, S., Choi, Y.-K., Hwang, D.-Y., Kim, K.-S., Kim, K.-H.: An OAuth based authentication mechanism for IoT networks. In: 2015 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1072–1074. IEEE, Jeju, South Korea (2015)
Fremantle, P., Aziz, B., Kopecký, J., Scott, P.: Federated identity and access management for the internet of things. In: 2014 International Workshop on Secure Internet of Things, pp. 10–17. IEEE, Wroclaw, Poland (2014)
Siris, V.A., Dimopoulos, D., Fotiou, N., Voulgaris, S., Polyzos, G.C.: OAuth 2.0 meets blockchain for authorization in constrained IoT environments. In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), pp. 364–367. IEEE, Limerick, Ireland (2019)
Nmap: the Network Mapper - Free Security Scanner. https://nmap.org/. Accessed 10 Aug 2020
Basic Security Testing Baseline for Mobile Applications v3.0. https://www.mas.org.tw/spaw2/uploads/files/benchmark/Basic-Security-Testing-Baseline-for-Mobile-Applications-v3.0.pdf. Accessed 10 Aug 2020
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Shieh, MZ., Liu, JC., Kao, YC., Tsai, SC., Lin, YB. (2021). OAuth-Based Access Control Framework for IoT Systems. In: Lin, YB., Deng, DJ. (eds) Smart Grid and Internet of Things. SGIoT 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 354. Springer, Cham. https://doi.org/10.1007/978-3-030-69514-9_17
Download citation
DOI: https://doi.org/10.1007/978-3-030-69514-9_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-69513-2
Online ISBN: 978-3-030-69514-9
eBook Packages: Computer ScienceComputer Science (R0)