Abstract—Internet of Things (IoT) has become a pervasive and
diverse concept in recent years. IoT applications and services
have given rise to a number of sub-fields in the IoT space.
Wearable technology, with its particular set of characteristics
and application domains, has formed a rapidly growing subfield
of IoT, viz., Wearable Internet of Things (WIoT). While
numerous wearable devices are available in the market today,
security and privacy are key factors for wide adoption of
WIoT. Wearable devices are resource constrained by nature with
limited storage, power, and computation. A Cloud-Enabled IoT
(CEIoT) architecture, a dominant paradigm currently shaping
the industry and suggested by many researchers, needs to be
adopted for WIoT. In this paper, we develop an access control
framework for cloud-enabled WIoT (CEWIoT) based on the
Access Control Oriented (ACO) architecture recently developed
for CEIoT in general. We first enhance the ACO architecture
from the perspective of WIoT by adding an Object Abstraction
Layer, and then develop our framework based on interactions
between different layers of this enhanced ACO architecture. We
present a general classification and taxonomy of IoT devices,
along with brief introduction to various application domains of
IoT and WIoT. We then present a remote health and fitness
monitoring use case to illustrate different access control aspects
of our framework and outline its possible enforcement in a
commercial CEIoT platform, viz., AWS IoT. Finally, we discuss
the objectives of our access control framework and relevant open
problems.
more »
« less
Access Control Model for Virtual Objects (Shadows) Communication for AWS Internet of Things
The concept of Internet of Things (IoT) has received considerable
attention and development in recent years. There have been significant
studies on access control models for IoT in academia, while
companies have already deployed several cloud-enabled IoT platforms.
However, there is no consensus on a formal access control
model for cloud-enabled IoT. The access-control oriented (ACO) architecture
was recently proposed for cloud-enabled IoT, with virtual
objects (VOs) and cloud services in the middle layers. Building upon
ACO, operational and administrative access control models have
been published for virtual object communication in cloud-enabled
IoT illustrated by a use case of sensing speeding cars as a running
example.
In this paper, we study AWS IoT as a major commercial cloud-
IoT platform and investigate its suitability for implementing the
afore-mentioned academic models of ACO and VO communication
control. While AWS IoT has a notion of digital shadows closely
analogous to VOs, it lacks explicit capability for VO communication
and thereby for VO communication control. Thus there is a
significant mismatch between AWS IoT and these academic models.
The principal contribution of this paper is to reconcile this
mismatch by showing how to use the mechanisms of AWS IoT
to effectively implement VO communication models. To this end,
we develop an access control model for virtual objects (shadows)
communication in AWS IoT called AWS-IoT-ACMVO. We develop
a proof-of-concept implementation of the speeding cars use case in
AWS IoT under guidance of this model, and provide selected performance
measurements. We conclude with a discussion of possible
alternate implementations of this use case in AWS IoT.
more »
« less
- NSF-PAR ID:
- 10072091
- Date Published:
- Journal Name:
- CODASPY ’18: Eighth ACM Conference on Data and Application Security and Privacy, March 19–21, 2018, Tempe, AZ
- Page Range / eLocation ID:
- 175 to 185
- Format(s):
- Medium: X
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Internet of Things has become a predominant phenomenon in every sphere of smart life. Connected Cars and Vehicular Internet of Things, which involves communication and data exchange between vehicles, traffic infrastructure or other entities are pivotal to realize the vision of smart city and intelligent transportation. Vehicular Cloud offers a promising architecture wherein storage and processing capabilities of smart objects are utilized to provide on-the-fly fog platform. Researchers have demonstrated vulnerabilities in this emerging vehicular IoT ecosystem, where data has been stolen from critical sensors and smart vehicles controlled remotely. Security and privacy is important in Internet of Vehicles (IoV) where access to electronic control units, applications and data in connected cars should only be authorized to legitimate users, sensors or vehicles. In this paper, we propose an authorization framework to secure this dynamic system where interactions among entities is not pre-defined. We provide an extended access control oriented (E-ACO) architecture relevant to IoV and discuss the need of vehicular clouds in this time and location sensitive environment. We outline approaches to different access control models which can be enforced at various layers of E-ACO architecture and in the authorization framework. Finally, we discuss use cases to illustrate access control requirements in our vision of cloud assisted connected cars and vehicular IoT, and discuss possible research directions.more » « less
-
Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.more » « less
-
Smart homes are interconnected homes in which a wide variety of digital devices with limited resources communicate with multiple users and among themselves using multiple protocols. The deployment of resource-limited devices and the use of a wide range of technologies expand the attack surface and position the smart home as a target for many potential security threats. Access control is among the top security challenges in smart home IoT. Several access control models have been developed or adapted for IoT in general, with a few specifically designed for the smart home IoT domain. Most of these models are built on the role-based access control (RBAC) model or the attribute-based access control (ABAC) model. However, recently some researchers demonstrated that the need arises for a hybrid model combining ABAC and RBAC, thereby incorporating the benefits of both models to better meet IoT access control challenges in general and smart homes requirements in particular. In this paper, we used two approaches to develop two different hybrid models for smart home IoT. We followed a role-centric approach and an attribute-centric approach to develop HyBAC RC and HyBAC AC , respectively. We formally define these models and illustrate their features through a use case scenario demonstration. We further provide a proof-of-concept implementation for each model in Amazon Web Services (AWS) IoT platform. Finally, we conduct a theoretical comparison between the two models proposed in this paper in addition to the EGRBAC model (RBAC model for smart home IoT) and HABAC model (ABAC model for smart home IoT), which were previously developed to meet smart homes’ challenges.more » « less
-
The area of smart homes is one of the most popular for deploying smart connected devices. One of the most vulnerable aspects of smart homes is access control. Recent advances in IoT have led to several access control models being developed or adapted to IoT from other domains, with few specifically designed to meet the challenges of smart homes. Most of these models use role-based access control (RBAC) or attribute-based access control (ABAC) models. As of now, it is not clear what the advantages and disadvantages of ABAC over RBAC are in general, and in the context of smart-home IoT in particular. In this paper, we introduce HABACα, an attribute-based access control model for smart-home IoT. We formally define HABACα and demonstrate its features through two use-case scenarios and a proof-of-concept implementation. Furthermore, we present an analysis of HABACα as compared to the previously published EGRBAC (extended generalized role-based access control) model for smart-home IoT by first describing approaches for constructing HABACα specification from EGRBAC and vice versa in order to compare the theoretical expressiveness power of these models, and second, analyzing HABACα and EGRBAC models against standard criteria for access control models. Our findings suggest that a hybrid model that combines both HABACα and EGRBAC capabilities may be the most suitable for smart-home IoT, and probably more generally.more » « less