Trust-ABAC Towards an Access Control System for the Internet of Things

Ouechtati, Hamdi; Azzouna, Nadia Ben

doi:10.1007/978-3-319-57186-7_7

Cited by 19 publications

(12 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Instead, users prove they possess a set of attributes from the system. ABC is particularly well‐suited for access‐control policies, especially attribute‐based access control 44,45 . As an extension of IBC, however, ABC also suffers from the key escrow problem and bilinear pairings.…”

Section: Authentication Methodsmentioning

confidence: 99%

Internet of Things device authentication via electromagnetic fingerprints

Souza

Carlson

Ramos

et al. 2020

Engineering Reports

View full text Add to dashboard Cite

We quickly approach a future where Internet of Things (IoT) devices are the norm. In this scenario, humans are surrounded by a multitude of heterogeneous devices that assist them in almost every aspect of their daily routines. The realization of this future demands strong authentication guarantees to ensure that these devices are not abused and that their users are not endangered. However, providing authentication for these systems is challenging due to the high heterogeneity of IoT applications. In this paper, we first review several IoT application scenarios and promising authentication methods for each. We identify th e key characteristics of each IoT application scenario, present the strengths and weaknesses of prominent authentication methods from the literature, and review which authentication methods have been proposed in the literature for each application. Then, we present a novel authentication method for IoT based on electromagnetic noise. The key advantage of electromagnetic noise is that any electronic device intrinsically generates electromagnetic noise during normal operation. We extract features from these electromagnetic emanations and use machine learning algorithms to identify devices based on these features. Our method achieves 77% accuracy when identifying devices among a set of seven devices.

show abstract

Section: Authentication Methodsmentioning

confidence: 99%

Internet of Things device authentication via electromagnetic fingerprints

Souza

Carlson

Ramos

et al. 2020

Engineering Reports

View full text Add to dashboard Cite

show abstract

“…There have been some efforts made in combining a trust model with the ABAC model. For instance, Ouechtati and Azzouna [81] discuss a trust-ABAC model for IoT. This proposal considers the nature of IoT devices (especially the resource limitation issue) and reviews the critical aspects of an IoT system when proposing its access control model.…”

Section: Attribute-based Andmentioning

confidence: 99%

Section: Attribute-based Andmentioning

confidence: 99%

“…With a similar approach of [81] (that combines trust and ABAC), Wang et al [82] present an IoT access control model based on trust and attributes. However, unlike [81], which only considers the dynamic trust value, this model integrates both the static and dynamic trust attributes when making an authorization decision. This proposal aims to provide distributed security and control for fine-grained access control in IoT, using a trust attribute based on a node's trust evaluation.…”

Section: Attribute-based Andmentioning

confidence: 99%

See 1 more Smart Citation

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

Pal

Jadidi

2021

Sensors

View full text Add to dashboard Cite

Internet of Things (IoT) applications and services are becoming more prevalent in our everyday life. However, such an interconnected network of intelligent physical entities needs appropriate security to sensitive information. That said, the need for proper authentication and authorization is paramount. Access control is in the front line of such mechanisms. Access control determines the use of resources only to the specified and authorized users based on appropriate policy enforcement. IoT demands more sophisticated access control in terms of its usability and efficiency in protecting sensitive information. This conveys the need for access control to serve system-specific requirements and be flexibly combined with other access control approaches. In this paper, we discuss the potential for employing protocol-based and hybrid access control for IoT systems and examine how that can overcome the limitations of traditional access control mechanisms. We also focus on the key benefits and constraints of this integration. Our work further enhances the need to build hierarchical access control for large-scale IoT systems (e.g., Industrial IoT (IIoT) settings) with protocol-based and hybrid access control approaches. We, moreover, list the associated open issues to make such approaches efficient for access control in large-scale IoT systems.

show abstract

“…Different works focus on attribute-based access control models on centralized architectures. For instance, the reference [19] presents an AC model for IoT, in which it is established a coupling between ABAC and trust concepts. In addition, the reference [20] promotes an ABAC mechanism, which is applied to give the system the ability to implement policies to detect any unauthorized entry.…”

Section: Attribute-based Access Control (Abac) Vs Role-based Access mentioning

confidence: 99%

An Attribute-Based Access Control Model in RFID Systems Based on Blockchain Decentralized Applications for Healthcare Environments

2019

View full text Add to dashboard Cite

The growing adoption of Radio-frequency Identification (RFID) systems, particularly in the healthcare field, demonstrates that RFID is a positive asset for healthcare institutions. RFID offers the ability to save organizations time and costs by enabling data of traceability, identification, communication, temperature and location in real time for both people and resources. However, the RFID systems challenges are financial, technical, organizational and above all privacy and security. For this reason, recent works focus on attribute-based access control (ABAC) schemes. Currently, ABAC are based on mostly centralized models, which in environments such as the supply chain can present problems of scalability, synchronization and trust between the parties. In this manuscript, we implement an ABAC model in RFID systems based on a decentralized model such as blockchain. Common criteria for the selection of the appropriate blockchain are detailed. Our access control policies are executed through the decentralized application (DApp), which interfaces with the blockchain through the smart contract. Smart contracts and blockchain technology, on the one hand, solve current centralized systems issues as well as being flexible infrastructures that represent the relationship of trust and support essential in the ABAC model in order to provide the security of RFID systems. Our system has been designed for a supply chain environment with an use case suitable for healthcare systems, so that assets such as surgical instruments containing an associated RFID tag can only access to specific areas. Our system is deployed in both a local and Testnet environment in order to stablish a deep comparison and determining the technical feasibility.

show abstract

Trust-ABAC Towards an Access Control System for the Internet of Things

Cited by 19 publications

References 19 publications

Internet of Things device authentication via electromagnetic fingerprints

Internet of Things device authentication via electromagnetic fingerprints

Protocol-Based and Hybrid Access Control for the IoT: Approaches and Research Opportunities

An Attribute-Based Access Control Model in RFID Systems Based on Blockchain Decentralized Applications for Healthcare Environments

Contact Info

Product

Resources

About