Skip to main content
Log in

Capability-Based Access Control with ECC Key Management for the M2M Local Cloud Platform

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

One of the critical requirement in managing security of any computing system is access control, which includes protection and access management to the available resources. This requirement becomes more strict especially in a distributed computing environment that consists of constrained devices such as Machine-to-Machine (M2M). New challenges in access control are identified in a system comprises a group of distributed multiple M2M gateways forming a so called M2M local cloud platform (Vallati et al. in Wirel Trans Commun 87(3):1071–1091, 2016). Scalability is obviously a necessity which is lacking in some existing access control system. In addition, flexibility in managing access from users or entity belonging to other authorization domains as well as delegating access right are not provided as an integrated features. Lately, the capability-based access control has been suggested as method to manage access for M2M as the key enabler of Internet of Things. In this paper, a capability based access control equipped with Elliptic Curve Cryptography based key management is proposed for the M2M local cloud platform. The feasibility of the proposed capability based access control and key management are tested by implementing them within the security manager that is part of the overall component of the platform architecture, and evaluating their performances by a series of experimentations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9

Similar content being viewed by others

Notes

  1. https://github.com/BETaaS.

  2. http://www.osgi.org.

  3. https://zookeeper.apache.org/.

  4. http://picketbox.jboss.org/.

  5. https://www.bouncycastle.org/java.html.

  6. http://karaf.apache.org/.

Abbreviations

BETaaS:

Building the Environment for Thing as a Service

TaaS:

Things as a Service

IoT:

Internet of Things

M2M:

Machine-to-Machine

WSN:

Wireless Sensor Network

MANET:

Mobile Ad-hoc Network

ECC:

Elliptic Curve Cryptography

RFID:

Radio Frequency IDentification

PKI:

Public Key Infrastructure

IBE:

Identity-Based Encryption

ETSI:

European Telecommunications Standards Institute

CoAP:

Constrained Application Protocol

API:

Application Programming Interface

CA:

Certificate Authority

ECDH:

Elliptic Curve Diffie-Hellman

ECMQV:

Elliptic Curve Menezes-Qu-Vanstone

ECDLP:

Elliptic Curve Discrete Logarithm Problem

SLA:

Service Level Agreement

ACL:

Access Control List

RBAC:

Role Based Access Control

ABAC:

Attribute Based Access Control

CCAAC:

Capability-based Context Aware Access Control

VID:

Virtual Identity

XML:

EXtensible Markup Language

JSON:

JavaScript Object Notation

References

  1. Vallati, C., Mingozzi, E., Tanganelli, G., Buonaccorsi, N., Valdambrini, N., Zonidis, N., et al. (2016). BeTaaS: A platform for development and execution of machine-to-machine applications in the Internet of Things. Wireless Personal Communications, 87(3), 1071–1091.

    Article  Google Scholar 

  2. Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266–2279.

    Article  Google Scholar 

  3. Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58(5–6), 1189–1205.

    Article  Google Scholar 

  4. Anggorojati, B., Prasad, N., & Prasad, R. (2016). Evaluation of secure capability-based access control in the M2M local cloud platform. In 2016 10th International conference on telecommunication systems services and applications (TSSA).

  5. Xively. (2016). Api docs—Authentication. https://developer.xively.com/v1.0/reference#getting-user-credentials.

  6. Hardt, D. (2012). The OAuth 2.0 authorization framework. RFC 6749.

  7. Anggorojati, B., Mahalle, P. N., Prasad, N. R., & Prasad, R. (2013). Secure access control and authority delegation based on capability and context awareness for federated IoT. In F. Theoleyre & A. C. Pang (Eds.), Internet of Things and M2M communications. San Francisco: River Publisher.

    Google Scholar 

  8. Anggorojati, B., Prasad, N., & Prasad, R. (2014). Secure capability-based access control in the M2M local cloud platform. In 4th International conference on wireless communications, vehicular technology, information theory and aerospace electronic systems (VITAE), 2014.

  9. Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2012). Identity driven Capability based Access Control (ICAC) scheme for the Internet of Things. In 2012 IEEE international conference on advanced networks and telecommunciations systems, ANTS 2012, pp. 49–54.

  10. Anggorojati, B., Prasad, N., & Prasad, R. (2016). Elliptic Curve Cryptography based key management for the M2M local cloud platform. In 2016 International conference on advanced computer science and information systems (ICACSIS), pp. 73–78.

  11. Sandhu, R., Coyne, E., Feinstein, H., & Youman, C. (1996). Role-based access control models. Computer, 29(2), 38–47.

    Article  Google Scholar 

  12. Zhang, J., & Varadharajan, V. (2010). Review: Wireless sensor network key management survey and taxonomy. Journal of Network and Computer Applications, 33(2), 63–75.

    Article  Google Scholar 

  13. Boubakri, W., Abdallah, W., & Boudriga, N. (2014). A chaos-based authentication and key management scheme for M2M communication. In 9th International conference for internet technology and secured transactions (ICITST), 2014, pp. 366–371

  14. Watro, R., Kong, D., Cuti, S. F., Gardiner, C., Lynn, C., & Kruus, P. (2004). TinyPK: Securing sensor networks with public key technology. In Proceedings of the 2Nd ACM workshop on security of ad hoc and sensor networks. SASN ’04, pp. 59–64

  15. Malan, D., Welsh, M., & Smith, M. (2004). A public-key infrastructure for key distribution in TinyOS based on elliptic curve cryptography. In 2004 First annual IEEE communications society conference on sensor and ad hoc communications and networks, 2004. IEEE SECON 2004, pp. 71–80

  16. Gura, N., Patel, A., Wander, A., Eberle, H., & Shantz, S. (2004). Comparing Elliptic Curve Cryptography and rsa on 8-bit CPUs. In M. Joye & J. J. Quisquater (Eds.), Cryptographic hardware and embedded systems–CHES 2004 (Vol. 3156, pp. 119–132)., Lecture Notes in Computer Science Berlin Heidelberg: Springer.

    Chapter  Google Scholar 

  17. Shamir, A. (1985). Identity-based cryptosystems and signature schemes. In Advances in cryptology Volume 196 of Lecture Notes in Computer Science (pp. 47–53) Berlin:Springer.

  18. Boneh, D., & Franklin, M. (2001). Identity-based encryption from the weil pairing. In J. Kilian (Ed.), Advances in cryptology—CRYPTO 2001: 21st annual international cryptology conference (pp. 213–229). Berlin: Springer.

  19. Yang, G., Rong, C. M., Veigner, C., Wang, J. T., & Cheng, H. B. (2006). Identity-based key agreement and encryption for wireless sensor networks. The Journal of China Universities of Posts and Telecommunications, 13(4), 54–60.

    Article  Google Scholar 

  20. Adiga, B. S., Balamuralidhar, P., Rajan, M. A., Shastry, R., & Shivraj, V. L. (2012). An identity based encryption using Elliptic Curve Cryptography for secure M2M communication. In Proceedings of the first international conference on security of Internet of Things. SecurIT ’12.

  21. BETaaS. (2012). D1.2.1—user and system requirements. Technical report, Building the Environment for the Things as a Service (BETaaS).

  22. BETaaS. (2014). D3.1.2—BETaaS architecture. Technical report, Building the Environment for the Things as a Service (BETaaS)

  23. Vanstone, S., & Campagna, M. (2011). A cryptographic suite for embedded systems (SuiteE). In 6th ETSI security workshop.

  24. Hankerson, D., Menezes, A. J., & Vanstone, S. (2004). Guide to Elliptic Curve Cryptography. Secaucus, NJ: Springer-Verlag New York Inc.

    MATH  Google Scholar 

  25. Research, C. (2000). SEC2: Recommended Elliptic Curve Domain Parameters. Mississauga: Certicom Corp.

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Bayu Anggorojati.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Anggorojati, B., Prasad, N.R. & Prasad, R. Capability-Based Access Control with ECC Key Management for the M2M Local Cloud Platform. Wireless Pers Commun 100, 519–538 (2018). https://doi.org/10.1007/s11277-017-5216-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-017-5216-x

Keywords

Navigation