The concept of Internet of Things (IoT) has received considerable
attention and development in recent years. There have been significant
studies on access control models for IoT in academia, while
companies have already deployed several cloud-enabled IoT platforms.
However, there is no consensus on a formal access control
model for cloud-enabled IoT. The access-control oriented (ACO) architecture
was recently proposed for cloud-enabled IoT, with virtual
objects (VOs) and cloud services in the middle layers. Building upon
ACO, operational and administrative access control models have
been published for virtual object communication in cloud-enabled
IoT illustrated by a use case of sensing speeding cars as a running
example.
In this paper, we study AWS IoT as a major commercial cloud-
IoT platform and investigate its suitability for implementing the
afore-mentioned academic models of ACO and VO communication
control. While AWS IoT has a notion of digital shadows closely
analogous to VOs, it lacks explicit capability for VO communication
and thereby for VO communication control. Thus there is a
significant mismatch between AWS IoT and these academic models.
The principal contribution of this paper is to reconcile this
mismatch by showing how to use the mechanisms of AWS IoT
to effectively implement VO communication models. To this end,
we develop an access control model for virtual objects (shadows)
communication in AWS IoT called AWS-IoT-ACMVO. We develop
a proof-of-concept implementation of the speeding cars use case in
AWS IoT under guidance of this model, and provide selected performance
measurements. We conclude with a discussion of possible
alternate implementations of this use case in AWS IoT.
more »
« less
Authorization Framework for Secure Cloud Assisted Connected Cars and Vehicular Internet of Things
Internet of Things has become a predominant phenomenon in every
sphere of smart life. Connected Cars and Vehicular Internet of
Things, which involves communication and data exchange between
vehicles, traffic infrastructure or other entities are pivotal to realize
the vision of smart city and intelligent transportation. Vehicular
Cloud offers a promising architecture wherein storage and processing
capabilities of smart objects are utilized to provide on-the-fly
fog platform. Researchers have demonstrated vulnerabilities in this
emerging vehicular IoT ecosystem, where data has been stolen from
critical sensors and smart vehicles controlled remotely. Security
and privacy is important in Internet of Vehicles (IoV) where access
to electronic control units, applications and data in connected
cars should only be authorized to legitimate users, sensors or vehicles.
In this paper, we propose an authorization framework to
secure this dynamic system where interactions among entities is
not pre-defined. We provide an extended access control oriented
(E-ACO) architecture relevant to IoV and discuss the need of vehicular
clouds in this time and location sensitive environment. We
outline approaches to different access control models which can be
enforced at various layers of E-ACO architecture and in the authorization
framework. Finally, we discuss use cases to illustrate access
control requirements in our vision of cloud assisted connected cars
and vehicular IoT, and discuss possible research directions.
more »
« less
- PAR ID:
- 10072089
- Date Published:
- Journal Name:
- Proceedings of 23rd ACM Symposium on Access Control Models and Technologies (SACMAT’18)
- Page Range / eLocation ID:
- 193 to 204
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Abstract—Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing subfield of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems.more » « less
-
The internet of Things (IoT) refers to a network of physical objects that are equipped with sensors, software, and other technologies in order to communicate with other devices and systems over the internet. IoT has emerged as one of the most important technologies of this century over the past few years. To ensure IoT systems' sustainability and security over the long term, several researchers lately motivated the need to incorporate the recently proposed zero trust (ZT) cybersecurity paradigm when designing and implementing access control models for IoT systems. This poster proposes a hybrid access control approach incorporating traditional and deep learning-based authorization techniques toward score-based ZT authorization for IoT systems.more » « less
-
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. It assumes no implicit trust is granted to assets or user accounts based solely on their physical or network location. We have billions of devices in IoT ecosystems connected to enable smart environments, and these devices are scattered around different locations, sometimes multiple cities or even multiple countries. Moreover, the deployment of resource-constrained devices motivates the integration of IoT and cloud services. This adoption of a plethora of technologies expands the attack surface and positions the IoT ecosystem as a target for many potential security threats. This complexity has outstripped legacy perimeter-based security methods as there is no single, easily identified perimeter for different use cases in IoT. Hence, we believe that the need arises to incorporate ZT guiding principles in workflows, systems design, and operations that can be used to improve the security posture of IoT applications. This paper motivates the need to implement ZT principles when developing access control models for smart IoT systems. It first provides a structured mapping between the ZT basic tenets and the PEI framework when designing and implementing a ZT authorization system. It proposes the ZT authorization requirements framework (ZT-ARF), which provides a structured approach to authorization policy models in ZT systems. Moreover, it analyzes the requirements of access control models in IoT within the proposed ZT-ARF and presents the vision and need for a ZT score-based authorization framework (ZT-SAF) that is capable of maintaining the access control requirements for ZT IoT connected systems.more » « less
-
Connected cars have the potential to transform a vehicle from a transportation platform to a platform for integrating humans with a city. To that end we introduce semantic accessors (actor based local proxies for remote services) as a novel, and powerful discovery mechanism for connected vehicles that bridges the domains of Internet of Things (IoT) composition frameworks and the semantic web of things. The primary components of this approach include a local semantic repository used for maintaining the vehicle’s perspective of its real-world context, accessors for querying and dynamically updating the repository to match evolving vehicular context information, accessors for services (such as parking) linked to a service ontology, and a swarmlet controller responsible for managing the above in accordance with user input. We demonstrate this semantic accessor architecture with a prototype Dashboard display that downloads accessors for new services as they become available and dynamically renders their self-described user interface components.more » « less