ABSTRACT
Internet of Things (IoT) is revolutionizing the capabilities of the Internet with billions of connected devices in the cyberspace. These devices are commonly referred to as smart things enabling smart environments, such as Smart Home, Smart Health, Smart Transportation, and overall Smart Communities, together with key enabling technologies like Cloud Computing, Artificial Intelligence (AI) and Machine Learning (ML). Security and privacy are major concerns for today's diverse autonomous IoT ecosystem. Autonomous things and a large amount of data associated with things have fueled significant research in IoT access control and privacy in both academia and industry. To enable futuristic IoT with sustainable growth, dynamic access and communication control framework that adequately addresses security and privacy issues in IoT is inevitable. In this paper, we analyze the access and communication control requirements in Cloud-Enabled IoT (CE-IoT) and propose an attribute-based framework for access control and communication control, known as ABAC-CC, to secure accesses and communications (data flow) between various entities in the IoT architecture. We also introduce a novel Attribute-Based Communication Control (ABCC) model, which focuses on securing communications and data flow in IoT and enables users to define privacy policies using attributes of various entities. Furthermore, we analyze the applicability of ABAC-CC in specific IoT application domains, and finally, we present future research directions in the context of Cloud and Edge computing enabled IoT platforms.
- Amazon Web Services (AWS) - Cloud Computing Services. https://aws. amazon.com. Accessed: 2020-01-08.Google Scholar
- Apple Smart Watch. https://www.apple.com/apple-watch-series-5/. Accessed: 2020-01-08.Google Scholar
- AWS Internet of Things. http://docs.aws.amazon.com/iot/latest/ developerguide/what-is-aws-iot.htm. Accessed: 2020-01--10.Google Scholar
- Constrained Application Protocol. http://coap.technology note = Accessed: 2019--12--10.Google Scholar
- Fitbit. https://www.fitbit.com/us/home. Accessed: 2020-01-08.Google Scholar
- Google Cloud Platform. https://cloud.google.com/. Accessed: 2019--12--10.Google Scholar
- Google Internet of Things. https://cloud.google.com/solutions/iotoverview/. Accessed: 2019--12--10.Google Scholar
- Google Nest. https://nest.com/. Accessed: 2020-01-08.Google Scholar
- Here's How the Internet of Things (IoT) Will Change Work-places. http://www.insight.com/enUS/learn/content/2017/02072017-heres-how-theinternet- of-things-iot-will-change-workplacesGoogle Scholar
- Message Queuing Telemetry Transport. http://mqtt.org/Google Scholar
- Microsoft Azure. https://azure.microsoft.com. Accessed: 2019--11--10.Google Scholar
- Ala Al-Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2347--2376.Google ScholarDigital Library
- Asma Alshehri and Ravi Sandhu. 2016. Access control models for cloud-enabled internet of things: A proposed architecture and research agenda. In 2nd International Conference on Collaboration and Internet Computing (CIC), 2016, IEEE. IEEE, 530--538.Google ScholarCross Ref
- Asma Alshehri and Ravi Sandhu. 2017. Access Control Models for Virtual Object Communication in Cloud-Enabled IoT. In International Conference on Information Reuse and Integration (IRI), IEEE. IEEE, 16--25.Google Scholar
- Luigi Atzori, Antonio Iera, and Giacomo Morabito. 2010. The Internet of Things: A Survey. Computer Networks 54, 15 (2010), 2787--2805.Google ScholarDigital Library
- Smriti Bhatt. 2018. Attribute-Based Access and Communication Control Models for Cloud and Cloud-Enabled Internet of Things. Ph.D. Dissertation. University of Texas at San Antonio.Google Scholar
- Smriti Bhatt, A Tawalbeh Loái, Pankaj Chhetri, and Paras Bhatt. 2019. Authorizations in Cloud-Based Internet of Things: Current Trends and Use Cases. In 2019 Fourth International Conference on Fog and Mobile Edge Computing (FMEC). IEEE, 241--246.Google Scholar
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2016. An Attribute-Based Access Control Extension for OpenStack and its Enforcement Utilizing the Policy Machine. In IEEE 2nd International Conference on Collaboration and Internet Computing (CIC). IEEE, 37--45.Google ScholarCross Ref
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. ABAC with group attributes and attribute hierarchies utilizing the policy machine. In Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control. ACM, 17--28.Google ScholarDigital Library
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. An Access Control Framework for Cloud-Enabled Wearable Internet of Things. In 3rd International Conference on Collaboration and Internet Computing (CIC), IEEE.Google Scholar
- Smriti Bhatt, Farhan Patwa, and Ravi Sandhu. 2017. Access Control Model for AWS Internet of Things. In International Conference on Network and System Security. Springer, 721--736.Google Scholar
- Prosunjit Biswas, Ravi Sandhu, and Ram Krishnan. 2016. A Comparison of Logicalformula and Enumerated Authorization Policy ABAC Models. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 122--129.Google Scholar
- Prosunjit Biswas, Ravi Sandhu, and Ram Krishnan. 2016. Label-based access control: An ABAC model with enumerated authorization policy. In Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control. ACM, 1--12.Google ScholarDigital Library
- Alessio Botta, Walter De Donato, Valerio Persico, and Antonio Pescapé. 2014. On the integration of cloud computing and internet of things. In Future internet of things and cloud (FiCloud), 2014 international conference on. IEEE, 23--30.Google Scholar
- Imane Bouij-Pasquier, Abdellah Ait Ouahman, Anas Abou El Kalam, and Mina Ouabiba de Montfort. 2015. SmartOrBAC security and privacy in the Internet of Things. In 2015 IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA). IEEE, 1--8.Google ScholarCross Ref
- Ji-Won Byun, Elisa Bertino, and Ninghui Li. 2005. Purpose based access control of complex data for privacy protection. In Proceedings of the tenth ACM symposium on Access control models and technologies. 102--110.Google ScholarDigital Library
- David F Ferraiolo, Ravi Sandhu, Serban Gavrila, D Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST Standard for Role-Based Access Control. ACM Transactions on Information and System Security (TISSEC) 4, 3 (2001), 224-- 274.Google ScholarDigital Library
- Maanak Gupta and Ravi Sandhu. 2016. The \mathrm {GURA_G} GURAG Administrative Model for User and Group Attribute Assignment. In International Conference on Network and System Security. Springer, 318--332.Google ScholarCross Ref
- Vincent C Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2014. Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800--162 (2014).Google Scholar
- Xin Jin, Ram Krishnan, and Ravi Sandhu. 2012. A unified attribute-based access control model covering DAC, MAC and RBAC. In IFIP Annual Conference on Data and Applications Security and Privacy. Springer, 41--55.Google ScholarDigital Library
- Rafiullah Khan, Sarmad Ullah Khan, Rifaqat Zaheer, and Shahid Khan. 2012. Future internet: the internet of things architecture, possible applications and key challenges. In Frontiers of Information Technology (FIT), 2012 10th International Conference on. IEEE, 257--260.Google ScholarDigital Library
- Bo Lang, Ian Foster, Frank Siebenlist, Rachana Ananthakrishnan, and Tim Freeman. 2009. A flexible attribute based access control method for grid computing. Journal of Grid Computing 7, 2 (2009), 169--180.Google ScholarCross Ref
- Parikshit N Mahalle, Bayu Anggorojati, Neeli Rashmi Prasad, and Ramjee Prasad. 2012. Identity Establishment and Capability Based Access Control (IECAC) Scheme for Internet of Things. In 15th Symposium on Wireless Personal Multimedia Communications (WPMC). IEEE, 187--191.Google Scholar
- Jiwan Ninglekhu and Ram Krishnan. 2017. AARBAC: Attribute-based administration of role-based access control. In Collaboration and Internet Computing (CIC), 2017 IEEE 3rd International Conference on. IEEE, 126--135.Google ScholarCross Ref
- Jiwan Ninglekhu and Ram Krishnan. 2017. Attribute based administration of role based access control: A detail description. arXiv preprint arXiv:1706.03171 (2017).Google Scholar
- Michele Nitti, Virginia Pilloni, Giuseppe Colistra, and Luigi Atzori. 2016. The virtual object as a major element of the internet of things: a survey. IEEE Communications Surveys & Tutorials 18, 2 (2016), 1228--1240.Google ScholarDigital Library
- Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access Control in The Internet of Things: Big Challenges and New Opportunities. Computer Networks 112 (2017), 237--262.Google ScholarDigital Library
- Pritee Parwekar. 2011. From internet of things towards cloud of things. In Computer and Communication Technology (ICCCT), 2011 2nd International Conference on. IEEE, 329--333.Google ScholarCross Ref
- Pawani Porambage, Mika Ylianttila, Corinna Schmitt, Pardeep Kumar, Andrei Gurtov, and Athanasios V Vasilakos. 2016. The quest for privacy in the internet of things. IEEE Cloud Computing 3, 2 (2016), 36--45.Google ScholarCross Ref
- Fausto Rabitti, Elisa Bertino, Won Kim, and Darrell Woelk. 1991. A model of authorization for next-generation database systems. ACM Transactions on Database Systems (TODS) 16, 1 (1991), 88--131.Google ScholarDigital Library
- BB Prahlada Rao, Paval Saluia, Neetu Sharma, Ankit Mittal, and Shivay Veer Sharma. 2012. Cloud computing for Internet of Things & sensing based applications. In Sensing Technology (ICST), 2012 Sixth International Conference on. IEEE, 374--380.Google Scholar
- Ravi Sandhu, Edward J Coyne, Hal Feinstein, and Charles Youman. 1996. Role- Based Access Control Models. IEEE Computer 29, 2 (1996), 38--47.Google ScholarDigital Library
- Mahadev Satyanarayanan, Paramvir Bahl, Ramón Caceres, and Nigel Davies. 2009. The Case for VM-Based Cloudlets in Mobile Computing. IEEE pervasive Computing 8, 4 (2009).Google Scholar
- Daniel Servos and Sylvia L Osborn. 2014. HGABAC: Towards a formal model of hierarchical attribute-based access control. In International Symposium on Foundations and Practice of Security. Springer, 187--204.Google Scholar
- Hai-bo Shen and Fan Hong. 2006. An attribute-based access control model for web services. In 2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT´06). IEEE, 74--79.Google Scholar
- Bo Tang, Hongjuan Kang, Jingwen Fan, Qi Li, and Ravi Sandhu. 2019. Iot passport: a blockchain-based trust framework for collaborative internet-of-things. In Proceedings of the 24th ACM Symposium on Access Control Models and Technologies. 83--92.Google ScholarDigital Library
- Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. Smartauth: User-centered authorization for the internet of things. In 26th {USENIX} Security Symposium ({USENIX} Security . 361--378.Google Scholar
- Ronghua Xu, Yu Chen, Erik Blasch, and Genshe Chen. 2018. Blendcac: A smart contract enabled decentralized capability-based access control mechanism for the iot. Computers 7, 3 (2018), 39.Google ScholarCross Ref
- Zhihong Yang, Yingzhao Yue, Yu Yang, Yufeng Peng, Xiaobo Wang, and Wenji Liu. 2011. Study and application on the architecture and key technologies for IOT. In 2011 International Conference on Multimedia Technology. IEEE, 747--751.Google ScholarCross Ref
- Ning Ye, Yan Zhu, Ru-chuan Wang, Reza Malekian, and Qiao-min Lin. 2014. An efficient authentication and access control scheme for perception layer of Internet of Things. (2014).Google Scholar
- Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for web services. In IEEE International Conference on Web Services (ICWS´05). IEEE.Google ScholarDigital Library
Index Terms
- ABAC-CC: Attribute-Based Access Control and Communication Control for Internet of Things
Recommendations
Poster: IoT SENTINEL - An ABAC Approach Against Cyber-Warfare In Organizations
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and TechnologiesRecently, Internet of Things (IoT) devices and applications are becoming increasingly popular among users in various IoT domains, such as Wearable IoT, Smart Cities, Smart Home, and Smart Industry. With a range of IoT devices, cyber attack surface has ...
New directions in IoT privacy using attribute-based authentication
CF '16: Proceedings of the ACM International Conference on Computing FrontiersThe Internet of Things (IoT) is a ubiquitous system that incorporates not only the current Internet of computers, but also smart objects and sensors. IoT technologies often rely on centralised architectures that follow the current business models. This ...
Threat-Based Security Analysis for the Internet of Things
SIOT '14: Proceedings of the 2014 International Workshop on Secure Internet of ThingsThe Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. This technology is anticipated to become an integral milestone in the development of smart homes and smart cities. ...
Comments