Skip to main content
SpringerLink
Log in

OAuth-Based Access Control Framework for IoT Systems

  • Conference paper
  • First Online:
Smart Grid and Internet of Things (SGIoT 2020)

Included in the following conference series:

Abstract

With the emergence of the Internet of Things (IoT) technology, the number of related devices has been increasing at a very rapid speed. The security of IoT systems has become a crucial issue. Due to the complex IoT environment and users’ unawareness, such issues are usually hard to resolve. Many IoT systems lack proper access control mechanisms and suffer from various large scale attacks. We need a robust and effective secure access control to build IoT systems that retain user privacy and data integrity with high availability.

In this paper, we propose an access control framework based on OAuth 2.0, with which we constructed a remote control system for various devices. The secured authentication schemes prevent possible private data leaks. The proposed framework provides flexibility for further functional extensions with new IoT devices.

This work was financially supported by the Center for Open Intelligent Connectivity from The Featured Areas Research Center Program within the framework of the Higher Education Sprout Project by the Ministry of Education (MOE) in Taiwan.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Andy, S., Rahardjo, B., Hanindhito, B.: Attack scenarios and security analysis of MQTT communication protocol in IoT system. 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI), pp. 1–6. IEEE, Yogyakarta, Indonesia (2017)

    Google Scholar 

  2. Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)

    Article  Google Scholar 

  3. Ojo, M., Adami, D., Giordano, S.: A SDN-IoT architecture with NFV implementation. In: 2016 IEEE Globecom Workshops (GC Wkshps), pp. 1–6. IEEE, Washington, DC, USA (2016)

    Google Scholar 

  4. Ouaddah, A., Mousannif, H., Abou Elkalam, A., Ouahman, A.A.: Access control in the Internet of Things: Big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017)

    Article  Google Scholar 

  5. OWASP Internet of Thing Top 10. https://owasp.org/www-project-internet-of-things/. Accessed 10 Aug 2020

  6. Chiang, M., Zhang, T.: Fog and IoT: an overview of research opportunities. IEEE Internet Things J. 3(6), 854–864 (2016)

    Article  Google Scholar 

  7. Cirani, S., Picone, M., Gonizzi, P., Veltri, L., Ferrari, G.: Iot-oas: an oauth-based authorization service architecture for secure services in iot scenarios. IEEE Sens. J. 15(2), 1224–1234 (2014)

    Article  Google Scholar 

  8. Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A.: Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Article  Google Scholar 

  9. Anggorojati, B., Mahalle, P.N., Prasad, N.R., Prasad, R.: Capability-based access control delegation model on the federated IoT network. In: The 15th International Symposium on Wireless Personal Multimedia Communications, pp. 604–608. IEEE, Taipei, Taiwan (2012)

    Google Scholar 

  10. Lin, Y.-B., Shieh, M.-Z., Lin, Y.-W.: DormTalk: edge computing for the dormitory applications on campus. IET Networks 8(3), 179–186 (2018)

    Article  Google Scholar 

  11. TaiSEIA 101 Interconnection protocol for devices in smart home. http://www.taiseia.org.tw/Affairs/. Accessed 10 Aug 2020

  12. Fett, D., Küsters, R., Schmitz, G.: A comprehensive formal security analysis of OAuth 2.0. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1204–1215. ACM, Vienna, Austria (2016)

    Google Scholar 

  13. The OAuth 2.0 Authorization Framework. https://tools.ietf.org/html/rfc6749. Accessed 10 Aug 2020

  14. Emerson, S., Choi, Y.-K., Hwang, D.-Y., Kim, K.-S., Kim, K.-H.: An OAuth based authentication mechanism for IoT networks. In: 2015 International Conference on Information and Communication Technology Convergence (ICTC), pp. 1072–1074. IEEE, Jeju, South Korea (2015)

    Google Scholar 

  15. Fremantle, P., Aziz, B., Kopecký, J., Scott, P.: Federated identity and access management for the internet of things. In: 2014 International Workshop on Secure Internet of Things, pp. 10–17. IEEE, Wroclaw, Poland (2014)

    Google Scholar 

  16. Siris, V.A., Dimopoulos, D., Fotiou, N., Voulgaris, S., Polyzos, G.C.: OAuth 2.0 meets blockchain for authorization in constrained IoT environments. In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), pp. 364–367. IEEE, Limerick, Ireland (2019)

    Google Scholar 

  17. Nmap: the Network Mapper - Free Security Scanner. https://nmap.org/. Accessed 10 Aug 2020

  18. Basic Security Testing Baseline for Mobile Applications v3.0. https://www.mas.org.tw/spaw2/uploads/files/benchmark/Basic-Security-Testing-Baseline-for-Mobile-Applications-v3.0.pdf. Accessed 10 Aug 2020

Download references

Author information

Authors and Affiliations

  1. Information Technology Service Center, National Chiao Tung University, Hsinchu, Taiwan

    Min-Zheng Shieh, Jui-Chun Liu & Yi-Chih Kao

  2. Department of Computer Science, National Chiao Tung University, Hsinchu, Taiwan

    Shi-Chun Tsai & Yi-Bing Lin

Authors
  1. Min-Zheng Shieh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jui-Chun Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi-Chih Kao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shi-Chun Tsai
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Yi-Bing Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Min-Zheng Shieh .

Editor information

Editors and Affiliations

  1. National Chiao Tung University, Hsinchu, Taiwan

    Yi-Bing Lin

  2. National Changhua University of Education, Changhua, Taiwan

    Der-Jiunn Deng

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shieh, MZ., Liu, JC., Kao, YC., Tsai, SC., Lin, YB. (2021). OAuth-Based Access Control Framework for IoT Systems. In: Lin, YB., Deng, DJ. (eds) Smart Grid and Internet of Things. SGIoT 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 354. Springer, Cham. https://doi.org/10.1007/978-3-030-69514-9_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-69514-9_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-69513-2

  • Online ISBN: 978-3-030-69514-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation