Abstract
In the CBAC (Capability-Based Access Control) model proposed for the IoT (Internet of Things), authorizers, e.g. device owners, issue capability tokens, i.e. a set of access rights on resource objects in devices, to subjects. Since data of a device are stored in another device through communication among subjects and devices, a subject sb can get data of a resource object \(r^1\) by accessing another resource object \(r^2\) even if the subject sb is not allowed to get the data from the resource object \(r^1\). Here, an illegal information flow from the resource object \(r^1\) to the subject sb occurs. In addition, each capability token is valid only for some time period. Suppose, data generated at time \(\tau \) flow to a subject sb at time \(\tau '\) (\(> \tau \)). If the subject sb is allowed to get data at time \(\tau '\) but not at time \(\tau \), the subject sb should not receive the data. Here, the information flow is referred to as late. In our previous studies, the OI (Operation Interruption) and TBOI (Time-Based OI) protocols are proposed to prevent operations implying only illegal information flow and both illegal and late information flows, respectively. In this paper, we discuss the design and implementation of a device supporting the TBOI protocol and evaluate an authorization process of the TBOI protocol in terms of the execution time. In the evaluation, we show the late information flow is prevented in addition to the illegal one in the TBOI protocol although the execution time is almost the same as the OI protocol.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Raspberry pi 3 model b+. https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/
Raspbian, version 10.3, 13 February 2020. https://www.raspbian.org/ (visited on 11 March 2020)
Denning, D.E.R.: Cryptography and Data Security. Addison Wesley, Boston (1982)
Enokido, T., Barolli, V., Takizawa, M.: A legal information flow (LIF) scheduler based on role-based access control model. Int. J. Comput. Stand. Interfaces 31(5), 906–912 (2009)
Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the internet of things. Math. Comput. Model. 58(5–6), 1189–1205 (2013)
Hanes, D., Salgueiro, G., Grossetete, P., Barton, R., Henry, J.: IoT Fundamentals: Networking Technologies, Protocols, and Use Cases for the Internet of Things. Cisco Press, Indianapolis (2018)
Hernández-Ramos, J.L., Jara, A.J., MarÃn, L., Skarmeta, A.F.: Distributed capability-based access control for the internet of things. J. Internet Serv. Inf. Secur. 3(3/4), 1–16 (2013)
Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A read-write abortion protocol to prevent illegal information flow in role-based access control systems. Int. J. Space-Based Situated Comput. 6(1), 43–53 (2016)
Nakamura, S., Enokido, T., Takizawa, M.: Time-based legality of information flow in the capability-based access control model for the internet of things. Concurrency Comput. Pract. Experience https://doi.org/10.1002/cpe.5944
Nakamura, S., Enokido, T., Takizawa, M.: Information flow control based on the CapBAC (capability-based access control) model in the IoT. Int. J. Mob. Comput. Multimed. Commun. 10(4), 13–25 (2019)
Nakamura, S., Enokido, T., Ogiela, L., Takizawa, M.: Implementation of a device adopting the OI (operation interruption) protocol to prevent illegal information flow in the IoT. In: Proceedings of the 9th International Conference on Emerging Internet, Data, and Web Technologies, pp. 168–179 (2021)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Shelby, Z., Hartke, K., Bormann, C.: Constrained application protocol (CoAP). IFTF Internet-draft, http://tools.ietf.org/html/draft-ietf-core-coap-18 (2013)
Tanganelli, G., Vallati, C., Mingozzi, E.: CoAPthon: Easy development of CoAP-based IoT applications with python. In: IEEE 2nd World Forum on Internet of Things (WF-IoT 2015), pp. 63–68 (2015)
Warner, B.: python-ecdsa-0.11, 11 March 2014. https://github.com/ecdsa/python-ecdsa (visited on 7 July 2020)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services (ICWS 2005). IEEE Computer Society (2005)
Acknowledgements
This work was supported by Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP20K23336.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nakamura, S., Enokido, T., Takizawa, M. (2021). Design and Implementation of the TBOI (Time-Based Operation Interruption) Protocol to Prevent Late Information Flow in the IoT. In: Barolli, L., Woungang, I., Enokido, T. (eds) Advanced Information Networking and Applications. AINA 2021. Lecture Notes in Networks and Systems, vol 225. Springer, Cham. https://doi.org/10.1007/978-3-030-75100-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-75100-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75099-2
Online ISBN: 978-3-030-75100-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)