skip to main content
research-article

Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT

Published: 17 September 2021 Publication History

Abstract

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

References

[1]
Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J. Alex Halderman, Luca Invernizzi, Michalis Kallitsis, et al. 2017. Understanding the Mirai botnet. In 26th USENIX Security Symposium (USENIX Security’17). USENIX Association. Retrieved from https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/ant
[2]
Mangal Sain, Young Jin Kang, and Hoon Jae Lee. 2017. Survey on security in Internet of Things: State of the art and challenges. In 19th International Conference on Advanced Communication Technology (ICACT’17). IEEE, 699–704.
[3]
Aafaf Ouaddah, Hajar Mousannif, and Abdellah Ait Ouahman. 2015. Access control models in IoT: The road ahead. In IEEE/ACS 12th International Conference of Computer Systems and Applications (AICCSA’15). IEEE, 1–2.
[4]
Rodrigo Roman, Jianying Zhou, and Javier Lopez. 2013. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57, 10 (2013), 2266–2279.
[5]
Sabrina Sicari, Alessandra Rizzardi, Luigi Alfredo Grieco, and Alberto Coen-Porisini. 2015. Security, privacy and trust in Internet of Things: The road ahead. Comput. Netw. 76 (2015), 146–164.
[6]
Reza Tourani, Travis Mick, Satyajayant Misra, and Gaurav Panwar. 2016. Security, privacy, and access control in information-centric networking: A survey. arXiv preprint arXiv:1603.03409 (2016).
[7]
Yuchen Yang, Longfei Wu, Guisheng Yin, Lijie Li, and Hongbin Zhao. 2017. A survey on security and privacy issues in internet-of-things. IEEE Internet Things J. (2017).
[8]
Mahmoud Ammar, Giovanni Russello, and Bruno Crispo. 2018. Internet of Things: A survey on the security of IoT frameworks. J. Inf. Secur. Applic. 38 (2018), 8–27.
[9]
Minhaj Ahmad Khan and Khaled Salah. 2018. IoT security: Review, blockchain solutions, and open challenges. Fut. Gen. Comput. Syst. 82 (2018), 395–411.
[10]
Peng Zhang, Joseph K. Liu, F Richard Yu, Mehdi Sookhak, Man Ho Au, and Xiapu Luo. 2018. A survey on access control in fog computing. IEEE Commun. Mag. 56, 2 (2018), 144–149.
[11]
Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in the internet of things: Big challenges and new opportunities. Comput. Netw. 112 (2017), 237–262.
[12]
Ravi Sandhu. 2000. Engineering authority and trust in cyberspace: The OM-AM and RBAC way. In 5th ACM Workshop on Role-based Access Control. ACM, 111–119.
[13]
David F. Ferraiolo and Richard Kuhn. 1992. Role-based access controls. In 15th NIST-NCSC National Computer Security Conference.
[14]
Vincent C. Hu, David Ferraiolo, Rick Kuhn, Arthur R. Friedman, Alan J. Lang, Margaret M. Cogdell, Adam Schnitzer, Kenneth Sandlin, Robert Miller, Karen Scarfone, et al. 2013. Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Pub. 800, 162 (2013).
[15]
Jaehong Park and Ravi Sandhu. 2004. The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 1 (2004), 128–174.
[16]
Dick Hardt. 2012. The OAuth 2.0 Authorization Framework. RFC 6749. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc6749.
[17]
Eve Maler, Maciej Machulak, and Domenico Catalano. 2015. User-Managed Acess (UMA) Profile of OAuth 2.0. Standard. Kantara Initiative. Retrieved from https://docs.kantarainitiative.org/uma/draft-uma-core.html.
[18]
Emmanuel Bertin, Dina Hussein, Cigdem Sengul, and Vincent Frey. 2019. Access control in the internet of things: A survey of existing approaches and open research questions. Ann. Telecommun. (2019), 1–14.
[19]
Sowmya Ravidas, Alexios Lekidis, Federica Paci, and Nicola Zannone. 2019. Access control in Internet-of-Things: A survey. J. Netw. Comput. Applic. 144 (2019), 79–101.
[20]
Jing Qiu, Zhihong Tian, Chunlai Du, Qi Zuo, Shen Su, and Binxing Fang. 2020. A survey on access control in the age of internet of things. IEEE Internet Things J. 7, 6 (2020), 4682–4696.
[21]
Yunpeng Zhang, Ali Memariani, and Nirupam Bidikar. 2020. A review on blockchain-based access control models in IoT applications. In IEEE 16th International Conference on Control & Automation (ICCA’20). IEEE, 671–676.
[22]
Robert W. Shirey. 2007. Internet Security Glossary. RFC 4949. IETF.
[23]
Pierangela Samarati and Sabrina Capitani de Vimercati. 2000. Access control: Policies, models, and mechanisms. In International School on Foundations of Security Analysis and Design. Springer, 137–196.
[24]
Lili Qiu, Yin Zhang, Feng Wang, Mi Kyung, and Han Ratul Mahajan. 1985. Trusted computer system evaluation criteria. Standard DoD 5200.28-STD. National Computer Security Center.
[25]
Henk C. A. Van Tilborg (Ed.). 2014. Encyclopedia of Cryptography and Security. Springer Science & Business Media.
[26]
Jack B. Dennis and Earl C. Van Horn. 1966. Programming semantics for multiprogrammed computations. Commun. ACM 9, 3 (1966), 143–155.
[27]
Vincent C. Hu, David Ferraiolo, and D. Richard Kuhn. 2006. Assessment of Access Control Systems. US Department of Commerce, National Institute of Standards and Technology.
[28]
Raj Yavatkar, Dimitrios Pendarakis, and Roch Guerin. 2000. A Framework for Policy-based Admission Control. RFC 2753. RFC Editor.
[29]
Andrea Westerinen, John Schnizlein, John Strassner, Mark Scherling, Bob Quinn, Shai Herzog, A. Huynh, Mark Carlson, Jay Perry, and Steve Waldbusser. 2001. Terminology for Policy-based Management. RFC 3198. RFC Editor.
[30]
Jerome H. Saltzer and Michael D. Schroeder. 1975. The protection of information in computer systems. Proc. IEEE 63, 9 (1975), 1278–1308.
[31]
Michael Jones, John Bradley, and Nat Sakimura. 2015. JSON Web Signature (JWS). RFC 7515. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc7515.
[32]
Michael Jones, John Bradley, and Nat Sakimura. 2015. JSON Web Token (JWT). RFC 7519. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc7519.
[33]
Michael Jones and Joe Hildebrand. 2015. JSON Web Encryption (JWE). RFC 7516. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc7516.
[34]
Federico Fernández, Álvaro Alonso, Lourdes Marco, and Joaquín Salvachúa. 2017. A model to enable application-scoped access control as a service for IoT using OAuth 2.0. In 20th Conference on Innovations in Clouds, Internet and Networks (ICIN’17). IEEE, 322–324.
[35]
Syafril Bandara, Takeshi Yashiro, Noboru Koshizuka, and Ken Sakamura. 2016. Access control framework for API-enabled devices in smart buildings. In 22nd Asia-Pacific Conference on Communications (APCC’16). IEEE, 210–217.
[36]
Yosef Ashibani, Dylan Kauling, and Qusay H. Mahmoud. 2017. A context-aware authentication framework for smart homes. In IEEE 30th Canadian Conference on Electrical and Computer Engineering (CCECE’17). IEEE, 1–5.
[37]
Jialu Hao, Cheng Huang, Jianbing Ni, Hong Rong, Ming Xian, and Xuemin Sherman Shen. 2019. Fine-grained data access control with attribute-hiding policy for cloud-based IoT. Comput. Netw. 153 (2019), 1–10.
[38]
Hongyang Yan, Yu Wang, Chunfu Jia, Jin Li, Yang Xiang, and Witold Pedrycz. 2019. IoT-FBAC: Function-based access control scheme using identity-based encryption in IoT. Fut. Gen. Comput. Syst. 95 (2019), 344–353.
[39]
Mohsin B. Tamboli and Dayanand Dambawade. 2016. Secure and efficient CoAP based authentication and access control for Internet of Things (IoT). In IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT’16). IEEE, 1245–1250.
[40]
B. Clifford Neuman and Theodore Ts’o. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. Mag. 32, 9 (1994), 33–38.
[41]
Zach Shelby, Klaus Hartke, and Carsten Bormann. 2014. The constrained application protocol (CoAP). RFC 7252. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc7252.
[42]
Don Johnson, Alfred Menezes, and Scott Vanstone. 2001. The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1, 1 (2001), 36–63.
[43]
Domenico Rotondi, Cristoforo Seccia, and Salvatore Piccione. 2011. Access control & IoT: Capability based authorization access control system. In 1st IoT International Forum. Retrieved from https://www.iot-at-work.eu/data/Capability-Based-Authorization_Summary.pdf.
[44]
Sergio Gusmeroli, Salvatore Piccione, and Domenico Rotondi. 2013. A capability-based security approach to manage access control in the Internet of Things. Math. Comput. Model. 58, 5–6 (2013), 1189–1205.
[45]
René Hummen, Hossein Shafagh, Shahid Raza, Thiemo Voig, and Klaus Wehrle. 2014. Delegation-based Authentication and Authorization for the IP-based internet of things. In 11th IEEE International Conference on Sensing, Communication, and Networking (SECON’14). IEEE, 284–292.
[46]
Eric Rescorla and Nagendra Modadugu. 2012. Datagram transport layer security version 1.2. RFC 6347. RFC Editor. Retrieved from https://tools.ietf.org/html/rfc6347.
[47]
Indrakshi Ray, Bithin Alangot, Shilpa Nair, and Krishnashree Achuthan. 2017. Using attribute-based access control for remote healthcare monitoring. In 4th International Conference on Software Defined Systems (SDS’17). IEEE, 137–142.
[48]
American National Standard for Information Technology. 2013. Next Generation Access Control - Functional Architecture (NGAC-FA). Standard INCITS 499-2013. American National Standard Institute.
[49]
American National Standard for Information Technology. 2016. Next Generation Access Control - Generic Operations and Data Structures. Standard INCITS 526. American National Standards Institute.
[50]
Tahir Ahmad, Umberto Morelli, Silvio Ranise, and Nicola Zannone. 2018. A lazy approach to access control as a service (ACaaS) for IoT: An AWS case study. In 23rd ACM Symposium on Access Control Models and Technologies. ACM, 235–246.
[51]
Ezedine Barka, Sujith Samuel Mathew, and Yacine Atif. 2015. Securing the web of things with role-based access control. In International Conference on Codes, Cryptology, and Information Security (LNCS), Vol. 9084. Springer, 14–26.
[52]
Sujith Samuel Mathew, Yacine Atif, Quan Z. Sheng, and Zakaria Maamar. 2011. Web of things: Description, discovery and integration. In Internet of Things (iThings/CPSCom), International Conference on and 4th International Conference on Cyber, Physical and Social Computing. IEEE, 9–15.
[53]
Sujith Samuel Mathew. 2013. Classifying and Clustering the Web of Things.Ph.D. Dissertation. University of Adelaide.
[54]
Ali E. Abdallah and Etienne J. Khayat. 2004. A formal model for parameterized role-based access control. In IFIP World Computer Congress, TC 1. Springer, 233–246.
[55]
Tianlong Yu, Tian Li, Yuqiong Sun, Susanta Nanda, Virginia Smith, Vyas Sekar, and Srinivasan Seshan. 2020. Learning context-aware policies from multiple smart homes via federated multi-task learning. In IEEE/ACM 5th International Conference on Internet-of-Things Design and Implementation (IoTDI’20). IEEE, 104–115.
[56]
Virginia Smith, Chao-Kai Chiang, Maziar Sanjabi, and Ameet Talwalkar. 2017. Federated multi-task learning. In 31st International Conference on Neural Information Processing Systems. 4427–4437.
[57]
Huansheng Ning, Hong Liu, and Laurence T. Yang. 2015. Aggregated-proof based hierarchical authentication scheme for the internet of things. IEEE Trans. Parallel Distrib. Syst. 26, 3 (2015), 657–667.
[58]
Michael Burrows, Martín Abadi, and Roger Needham. 1990. A logic of authentication. ACM Trans. Comput. Syst. 8 (1990), 18–36.
[59]
Selim G. Akl and Peter D. Taylor. 1983. Cryptographic solution to a problem of access control in a hierarchy. ACM Trans. Comput. Syst. 1, 3 (1983), 239–248.
[60]
Arcangelo Castiglione, Alfredo De Santis, Barbara Masucci, Francesco Palmieri, Aniello Castiglione, and Xinyi Huang. 2016. Cryptographic hierarchical access control for dynamic structures. IEEE Trans. Inf. Forens. Secur. 11, 10 (2016), 2349–2364.
[61]
Tsung-Chih Hsiao, Tzer-Long Chen, Tzer-Shyong Chen, and Yu-Fang Chung. 2019. Elliptic curve cryptosystems-based date-constrained hierarchical key management scheme in internet of things. Sensors Mater. 31, 2 (2019), 355–364.
[62]
Bayu Anggorojati, Parikshit Narendra Mahalle, Neeli Rashmi Prasad, and Ramjee Prasad. 2012. Capability-based access control delegation model on the federated IoT network. In 15th International Symposium on Wireless Personal Multimedia Communications (WPMC’12). IEEE, 604–608. Retrieved from http://vbn.aau.dk/files/73429266/CAP_DELEGATION_WPMC.pdf.
[63]
Ronghua Xu, Yu Chen, Erik Blasch, and Genshe Chen. 2018. A federated capability-based access control mechanism for internet of things (IoTs). In Sensors and Systems for Space Applications XI, Vol. 10641. International Society for Optics and Photonics, 106410U.
[64]
Qiang Liu, Hao Zhang, Jiafu Wan, and Xin Chen. 2017. An access control model for resource sharing based on the role-based access control intended for multi-domain manufacturing internet of things. IEEE Access (2017).
[65]
Fred B. Schneider. 2003. Least privilege and more [computer security]. IEEE Secur. Priv. 99, 5 (2003), 55–59.
[66]
Mikel Uriarte, Oscar López, Jordi Blasi, Oscar Lázaro, Alicia González, Iván Prada, Eneko Olivares, Carlos E. Palau, Benjamín Molina, Miguel A. Portugués, et al. 2016. Sensing enabled capabilities for access control management: IoT as an enabler for the advanced management of access control. In IEEE 1st International Conference on Internet-of-Things Design and Implementation (IoTDI’16). IEEE, 253–258.
[67]
Maha Saadeh, Azzam Sleit, Khair Eddin Sabri, and Wesam Almobaideen. 2018. Hierarchical architecture and protocol for mobile object authentication in the context of IoT smart cities. J. Netw. Comput. Applic. 121 (2018), 1–19.
[68]
Savio Sciancalepore, Giuseppe Piro, Daniele Caldarola, Gennaro Boggia, and Giuseppe Bianchi. 2018. On the design of a decentralized and multiauthority access control scheme in federated and cloud-assisted cyber-physical systems. IEEE Internet Things J. 5, 6 (2018), 5190–5204.
[69]
Xiaoyang Wu, Ron Steinfeld, Joseph Liu, and Carsten Rudolph. 2017. An implementation of access-control protocol for IoT home scenario. In IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS’17). IEEE, 31–37.
[70]
Nikos Fotiou, Theodore Kotsonis, Giannis F. Marias, and George C. Polyzos. 2016. Access control for the internet of things. In 2016 International Workshop on Secure Internet of Things (SIoT’16). IEEE, 29–38.
[71]
Sudha Patel, Dhiren R. Patel, and Ankit P. Navik. 2016. Energy efficient integrated authentication and access control mechanisms for internet of things. In International Conference on Internet of Things and Applications (IOTA’16). IEEE, 304–309.
[72]
Aafaf Ouaddah, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2016. FairAccess: A new blockchain-based access control framework for the Internet of Things. Secur. Commun. Netw. 9, 18 (2016), 5943–5964.
[73]
Aafaf Ouaddah, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In Europe and MENA Cooperation Advances in Information and Communication Technologies. Springer, 523–533.
[74]
Oscar Novo. 2018. Blockchain meets IoT: An architecture for scalable access management in IoT. IEEE Internet Things J. (2018).
[75]
Otto Julio Ahlert Pinno, Andre Ricardo Abed Gregio, and Luis C. E. De Bona. 2017. ControlChain: Blockchain as a central enabler for access control authorizations in the IoT. In IEEE Global Communications Conference (GLOBECOM’17). IEEE, 1–6.
[76]
Otto Julio Ahlert Pinno, André Ricardo Abed Grégio, and Luis C. E. De Bona. 2020. ControlChain: A new stage on the IoT access control authorization. Concurr. Comput.: Pract. Exper. 32, 12 (2020), e5238.
[77]
Sophie Dramé-Maigné, Maryline Laurent, and Laurent Castillo. 2019. Distributed access control solution for the IoT based on multi-endorsed attributes and smart contracts. In 15th International Wireless Communications & Mobile Computing Conference (IWCMC’19). IEEE, 1582–1587.
[78]
Alessandro Armando, David Basin, Yohan Boichut, Yannick Chevalier, Luca Compagna, Jorge Cuéllar, P. Hankes Drielsma, Pierre-Cyrille Héam, Olga Kouchnarenko, Jacopo Mantovani, et al. 2005. The AVISPA tool for the automated validation of internet security protocols and applications. In International Conference on Computer-aided Verification. Springer, 281–285.
[79]
Guy Zyskind, Oz Nathan, and Alex Pentland. 2015. Decentralizing privacy: Using blockchain to protect personal data. In IEEE Security and Privacy Workshops (SPW’15). 180–184.
[80]
Marwah Hemdi and Ralph Deters. 2016. Using REST based protocol to enable ABAC within IoT systems. In IEEE 7th Information Technology, Electronics and Mobile Communication Conference (IEMCON’16). IEEE, 1–7.
[81]
Jorge Bernal Bernabe, José Luis Hernández-Ramos, and Antonio F. Skarmeta Gomez. 2016. TACIoT: Multidimensional trust-aware access control system for the Internet of Things. Soft Comput. 20, 5 (2016), 1763–1779.
[82]
Dina Hussein, Emmanuel Bertin, and Vincent Frey. 2017. A community-driven access control approach in distributed IoT environments. IEEE Commun. Mag. 55, 3 (2017), 146–153.
[83]
José Luis Hernández-Ramos, Antonio J. Jara, Leandro Marın, and Antonio F. Skarmeta. 2013. Distributed capability-based access control for the internet of things. J. Internet Serv. Inf. Secur. 3, 3/4 (2013), 1–16.
[84]
Vinton G. Cerf. 2015. Access control and the internet of things. IEEE Internet Comput. 19, 5 (2015), 96–c3.
[85]
Ludwig Seitz, Göran Selander, and Christian Gehrmann. 2013. Authorization framework for the internet-of-things. In IEEE 14th International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM’13). IEEE, 1–6.
[86]
Abdelkarim Cherkaoui, Lilian Bossuet, Ludwig Seitz, Göran Selander, and Ravishankar Borgaonkar. 2014. New paradigms for access control in constrained environments. In 9th International Symposium on Reconfigurable Communication-centric Systems-on-Chip (ReCoSoC’14). Retrieved from https://hal-ujm.archives-ouvertes.fr/ujm-01011300.
[87]
Tim Moses et al. 2005. Extensible access control markup language (XACML) version 2.0. Standard. OASIS.
[88]
Ravikanth Pappu, Ben Recht, Jason Taylor, and Neil Gershenfeld. 2002. Physical one-way functions. Science 297, 5589 (2002), 2026–2030.
[89]
Luigi Atzori, Antonio Iera, Giacomo Morabito, and Michele Nitti. 2012. The social internet of things (SIoT)—when social networks meet the Internet of Things: Concept, architecture and network characterization. Comput. Netw. 56, 16 (2012), 3594–3608.
[90]
José Luis Hernández-Ramos, Antonio J. Jara, Leandro Marín, and Antonio F. Skarmeta Gómez. 2016. DCapBAC: Embedding authorization logic into smart things through ECC optimizations. Int. J. Comput. Math. 93, 2 (2016), 345–366.
[91]
Sheng Ding, Jin Cao, Chen Li, Kai Fan, and Hui Li. 2019. A novel attribute-based access control scheme using blockchain for IoT. IEEE Access 7 (2019), 38431–38441. Retrieved from https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8668769.
[92]
Han Liu, Dezhi Han, and Dun Li. 2020. Fabric-IoT: A blockchain-based access control system in IoT. IEEE Access 8 (2020), 18207–18218. Retrieved from https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=8964343.
[93]
M. D. Azharul Islam and Sanjay Madria. 2019. A permissioned blockchain based access control system for IoT. In IEEE International Conference on Blockchain (Blockchain’19). IEEE, 469–476.
[94]
Tanzeela Sultana, Ahmad Almogren, Mariam Akbar, Mansour Zuair, Ibrar Ullah, and Nadeem Javaid. 2020. Data sharing system integrating access control mechanism using blockchain-based smart contracts for IoT devices. Appl. Sci. 10, 2 (2020), 488.
[95]
Yan Zhang, Bing Li, Ben Liu, Jiaxin Wu, Yazhou Wang, and Xia Yang. 2020. An attribute-based collaborative access control scheme using blockchain for IoT devices. Electronics 9, 2 (2020), 285.
[96]
Xuanmei Qin, Yongfeng Huang, Zhen Yang, and Xing Li. 2021. LBAC: A lightweight blockchain-based access control scheme for the internet of things. Inf. Sci. 554 (2021), 222–235.

Cited By

View all
  • (2025)Empowering Autonomous IoT Devices in Blockchain Through Gasless TransactionsBlockchain: Research and Applications10.1016/j.bcra.2024.100257(100257)Online publication date: Jan-2025
  • (2024)DAXiot: A Decentralized Authentication and Authorization Scheme for Dynamic IoT Networks2024 27th Conference on Innovation in Clouds, Internet and Networks (ICIN)10.1109/ICIN60470.2024.10494415(01-07)Online publication date: 11-Mar-2024
  • (2024)Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocolsJournal of Information Security and Applications10.1016/j.jisa.2024.10388586(103885)Online publication date: Nov-2024
  • Show More Cited By

Index Terms

  1. Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT

        Recommendations

        Comments

        Information & Contributors

        Information

        Published In

        cover image ACM Computing Surveys
        ACM Computing Surveys  Volume 54, Issue 7
        September 2022
        778 pages
        ISSN:0360-0300
        EISSN:1557-7341
        DOI:10.1145/3476825
        Issue’s Table of Contents
        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        Published: 17 September 2021
        Accepted: 01 April 2021
        Revised: 01 March 2021
        Received: 01 February 2018
        Published in CSUR Volume 54, Issue 7

        Permissions

        Request permissions for this article.

        Check for updates

        Author Tags

        1. Access control
        2. Internet of Things
        3. IoT
        4. security
        5. survey

        Qualifiers

        • Research-article
        • Research
        • Refereed

        Contributors

        Other Metrics

        Bibliometrics & Citations

        Bibliometrics

        Article Metrics

        • Downloads (Last 12 months)169
        • Downloads (Last 6 weeks)15
        Reflects downloads up to 18 Jan 2025

        Other Metrics

        Citations

        Cited By

        View all
        • (2025)Empowering Autonomous IoT Devices in Blockchain Through Gasless TransactionsBlockchain: Research and Applications10.1016/j.bcra.2024.100257(100257)Online publication date: Jan-2025
        • (2024)DAXiot: A Decentralized Authentication and Authorization Scheme for Dynamic IoT Networks2024 27th Conference on Innovation in Clouds, Internet and Networks (ICIN)10.1109/ICIN60470.2024.10494415(01-07)Online publication date: 11-Mar-2024
        • (2024)Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocolsJournal of Information Security and Applications10.1016/j.jisa.2024.10388586(103885)Online publication date: Nov-2024
        • (2024)Development of secure and authentic access controlling techniques using the pushback request response (PRR) approach for blockchain healthcare applicationsOptical and Quantum Electronics10.1007/s11082-024-06656-556:5Online publication date: 25-Mar-2024
        • (2023)User authentication and access control to blockchain-based forensic log dataEURASIP Journal on Information Security10.1186/s13635-023-00142-32023:1Online publication date: 25-Jul-2023
        • (2023)Combining Verifiable Credentials and Blockchain Tokens for Traceable and Offline Token Operations2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539518(1-6)Online publication date: 12-Oct-2023
        • (2023)Permissioning and Personal Data Management in Alternate-Tenancy Smart Environments2023 IEEE 9th World Forum on Internet of Things (WF-IoT)10.1109/WF-IoT58464.2023.10539421(1-8)Online publication date: 12-Oct-2023
        • (2023)Access Control Enforcement Architectures for Dynamic Manufacturing Systems2023 IEEE 20th International Conference on Software Architecture (ICSA)10.1109/ICSA56044.2023.00016(82-92)Online publication date: Mar-2023
        • (2023)Enabling Borderless Office Security: A Comprehensive Zero-Trust Digital Grid Architecture for Flexible Resource Access and Data Protection2023 9th Annual International Conference on Network and Information Systems for Computers (ICNISC)10.1109/ICNISC60562.2023.00092(201-204)Online publication date: 27-Oct-2023
        • (2023)Securing distributed systems: A survey on access control techniques for cloud, blockchain, IoT and SDNCyber Security and Applications10.1016/j.csa.2023.1000151(100015)Online publication date: Dec-2023
        • Show More Cited By

        View Options

        Login options

        Full Access

        View options

        PDF

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader

        HTML Format

        View this article in HTML Format.

        HTML Format

        Media

        Figures

        Other

        Tables

        Share

        Share

        Share this Publication link

        Share on social media