Skip to main content
SpringerLink
Log in

Lightweight Capability-Based Access Control for Internet of Things (IoT)

  • Conference paper
  • First Online:
Applications and Techniques in Information Security (ATIS 2022)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1804))

  • 211 Accesses

Abstract

Internet of Things applications encompassed heterogeneous devices that are uninterruptedly exchanging data and being accessed ubiquitously through lossy networks. This raises the need for an elastic, lightweight, and access control mechanism to survive with the pervasive nature of such a global ecosystem, ensuring reliable communications between trusted devices. To address this gap, this paper proposes a capability-based access control system for IoT, which supplies an end-to-end and reliable security mechanism for IoT devices, based on a lightweight authorization mechanism and a novel trust model that has been specially devised for IoT environments. The algorithm has been implemented and evaluated successfully in a real testbed for constrained IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. https://www.gartner.com/en/newsroom/press-releases/2021-06-30-gartner-global-government-iot-revenue-for-endpoint-electronics-and-communications-to-total-us-dollars-21-billion-in-2022. Accessed on 12 Jan 2022

  2. https://www.networkworld.com/article/3332032/top-10-iot-vulnerabilities.html. Accessed 12 Jan 2022

  3. Ferraiolo, D., Cugini, J., Kuhn, R.: Role-based access control (RBAC): Features and motivations. In: Proceedings of 11th annual computer security application conference, pp. 241–248 (1995)

    Google Scholar 

  4. Zhang, G., Tian J.: An extended role based access control model for the Internet of Things. In: 2010 International Conference on Information, Networking and Automation (ICINA), pp. V1-319–V1-323 (2010). https://doi.org/10.1109/ICINA.2010.5636381

  5. Bhatt, S., Sandhu, R.: ABAC-CC: attribute-based access control and communication control for Internet of Things. In: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies (SACMAT‘20), pp. 203–212. Association for Computing Machinery, New York, NY, USA (2020). https://doi.org/10.1145/3381991.3395618

  6. Bouij-Pasquier, I., Ait Ouahman, A., Abou El Kalam, A., Ouabiba de Montfort, M.: SmartOrBAC security and privacy in the Internet of Things. In: 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA), pp. 1–8 (2015). https://doi.org/10.1109/AICCSA.2015.7507098

  7. Anggorojati, B., Prasad, N.R., Prasad, R.: Secure capability-based access control in the M2M local cloud platform. In: 2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), pp. 1–5 (2014). https://doi.org/10.1109/VITAE.2014.6934469

  8. Lampson, B.: Protection, ACM SIGOPS Oper. Syst. Rev. http://dl.acm.org/citation.cfm?id=775268 (1974)

  9. Nakamura, S., Enokido, T., Takizawa, M.: A capability token selection algorithm for lightweight information flow control in the IoT. In: Barolli, L., Chen, H.-C., Enokido, T. (eds.) NBiS 2021. LNNS, vol. 313, pp. 23–34. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84913-9_3

    Chapter  Google Scholar 

  10. Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the Internet of Things. Math. Comput. Model. 58(5–6), 1189–1205 (2013). https://doi.org/10.1016/j.mcm.2013.02.006

    Article  Google Scholar 

  11. Ramos, J.L.H., Jara, A.J., Marin, L., Gomez, A.F.S.: DCapBac: embedding authorization logic into smart things through ECC optimizations. Int. J. Comput. Math. 93, 345–366 (2016)

    Article  MATH  Google Scholar 

  12. Pinjala, S.K., Sivalingam, K.M.: DCACI: a decentralized lightweight capability based access control framework using IOTA for Internet of Things. In: 2019 IEEE 5th World Forum on Internet of Things (WF-IoT), pp. 13–18 (2019). https://doi.org/10.1109/WF-IoT.2019.8767356

  13. https://cr.yp.to/highspeed/naclcrypto-20090310.pdf. Accessed 10 Dec 2021

  14. Xu, R., Chen, Y., Blasch, E., Chen, G.: Blendcac: a smart contract enabled decentralized capability-based access control mechanism for the IoT. Computers 7(3), 39 (2018)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Manipal Institute of Technology, Manipal Academy of Higher Education (MAHE), Manipal, Karnataka, 576104, India

    S. Deepthi & Shrey Khandwekar

Authors
  1. S. Deepthi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shrey Khandwekar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Deepthi .

Editor information

Editors and Affiliations

  1. Manipal Academy of Higher Education, Karnataka, India

    Srikanth Prabhu

  2. Deakin University, Melbourne, VIC, Australia

    Shiva Raj Pokhrel

  3. Deakin University, Burwood, VIC, Australia

    Gang Li

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Deepthi, S., Khandwekar, S. (2023). Lightweight Capability-Based Access Control for Internet of Things (IoT). In: Prabhu, S., Pokhrel, S.R., Li, G. (eds) Applications and Techniques in Information Security . ATIS 2022. Communications in Computer and Information Science, vol 1804. Springer, Singapore. https://doi.org/10.1007/978-981-99-2264-2_20

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-2264-2_20

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-2263-5

  • Online ISBN: 978-981-99-2264-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation