Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Access Control Models and Frameworks for the IoT Environment: Review, Challenges, and Future Direction

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The rapid growth of the Internet of Things and the massive growth of sensitive data created by user equipment have headed to resilient demand for additional security and privacy measures. The data produced by the IoT devices are often sensitive & personal, which raises new concerns about security measurement. The development & adoption of IoT and the security aspects of the IoT are not going at the same pace. The future IoT architecture must emphasize enough security concerns and provides adequate measures to prevent devices/data from being accessed by unauthorized means. This work encompasses a comprehensive analysis of frameworks & models of access control for the IoT environment. In this review paper, the analysis of access control solutions is done in four parts: the first part compares various existing review articles with our work, the second part encompasses architecture-based access control mechanisms, the third part comprises access control models, and the fourth part contains few emergent solutions including blockchain-based solutions. Subsequently, prevalent solutions are mapped to vital requirements of the IoT environment. Eventually, security obligations for the IoT environment, probable challenges, and forthcoming research directions are highlighted. This research explores the growing literature on access control for IoT, emphasizing its security requirements.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig.4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

Data Availability

Data sharing is not applicable to this article as no datasets were generated or analysed during the current study.

References

  1. Sun, S., Du, R., Chen, S., & Li, W. (2021). Blockchain-based iot access control system: towards security, lightweight, and cross-domain. IEEE Access, 9, 36868–36878.

    Article  Google Scholar 

  2. Cui, H., Paulet, R., Nepal, S., Yi, X., & Mbimbi, B. (2021). Two-factor decryption: A better way to protect data security and privacy. The Computer Journal, 64(4), 550–563.

    Article  MathSciNet  Google Scholar 

  3. Fotohi, R., & Pakdel, H. (2021). A Lightweight and scalable physical layer attack detection mechanism for the internet of things (IoT) using Hybrid security schema. Wireless personal communications, 1–18.

  4. Ali, M. S., Vecchio, M., & Antonelli, F. (2021). A Blockchain-Based Framework for IoT Data Monetization Services. The Computer Journal, 64(2), 195–210.

    Article  Google Scholar 

  5. Putra, G. D., Dedeoglu, V., Kanhere, S. S., Jurdak, R., & Ignjatovic, A. (2021). Trust-based blockchain authorization for IoT. arXiv preprint arXiv:2104.00832.

  6. Chaudhry, S. A., Yahya, K., Al-Turjman, F., & Yang, M. H. (2020). A secure and reliable device access control scheme for IoT-based sensor cloud systems. IEEE Access, 8, 139244–139254.

    Article  Google Scholar 

  7. Mishra, R., & Yadav, R. (2020). Access control in IoT networks: Analysis and open challenges. Available at SSRN 3563077.

  8. Rubí, J. N. S., & de Lira Gondim, P. R. (2021). An IoT-based platform for environment data sharing in smart cities. International Journal of Communication Systems, 34(2), e4515.

    Article  Google Scholar 

  9. Zhu, X., Han Thung, K., & Kim, M. (2021). Privacy-preserving multimedia data analysis. The Computer Journal, 64(7), 991–992.

    Article  Google Scholar 

  10. Abd El-Aziz, A.A., and A. Kannan. (2013). A comprehensive presentation to XACML. In Third international conference on computational intelligence and information technology (CIIT 2013), (pp. 155–161).

  11. Hardt, D. (2012) The OAuth 2.0 authorization framework,” Internet Requests for Comments, RFC Editor, RFC 6749.

  12. Kantara Initiative, Inc., (2017) User-managed access (Uma),” https://kantarainitiative.org/confluence/display/uma/Home, Apr 2017, visited on 5 Apr 2017.

  13. Jones, M., Bradley, J., & Sakimura, N. (2015) JSON Web Token (JWT), IETF, RFC 5719, May. 2015.

  14. Hunt, P., Richer, J., Mills, W., Mishra, P., & Tschofenig, H. (2016). OAuth 2.0 Proof-of-Possession (PoP) Security Architecture draft-IETF-OAuth-pop architecture-08.txt. IETF, Internet-Draft, Jul. 2016.

  15. Jones, M., Wahlstroem, E., Erdtman, S., & Tschofenig, H. (2018). CBOR Web Token (CWT), RFC 8392, Standards Track, IETF.

  16. Fang, B. X., Yan, J., Li, X. Y., Li, A. P., & Wu, X. D. (2017). Big search in cyberspace. IEEE Transactions on Knowledge and Data Engineering, 29(9), 1793–1805.

    Article  Google Scholar 

  17. Abdi, A. I., Eassa, F. E., Jambi, K., & AlmarhabiAL-Ghamdi, K. A. S. A. (2020). Blockchain platforms and access control classification for IoT systems. Symmetry, 12(10), 1663.

    Article  Google Scholar 

  18. An Introduction to Ethereum Smart Contracts. Accessed: Jan. 31, 2018. [Online]. Available: http://solidity.readthedocs.io/en/develop/introduction-to-smart-contracts.html

  19. Saxena, S., Bhushan, B., & Ahad, M. A. (2021). Blockchain-based solutions to secure IoT: Background, integration trends and a way forward. Journal of Network and Computer Applications. https://doi.org/10.1016/j.jnca.2021.103050

    Article  Google Scholar 

  20. Qiu, J., Tian, Z., Du, C., Zuo, Q., Su, S., & Fang, B. (2020). A survey on access control in the age of the internet of things. IEEE Internet of Things Journal. https://doi.org/10.1109/JIOT.2020.2969326

    Article  Google Scholar 

  21. Ravidas, S., Lekidis, A., Paci, F., & Zannone, N. (2019). Access control in Internet-of-Things: A survey. Journal of Network and Computer Applications, 144, 79–101. https://doi.org/10.1016/j.jnca.2019.06.017

    Article  Google Scholar 

  22. HaddadPajouh, H., Dehghantanha, A., Parizi, R. M., Aledhari, M., & Karimipour, H. (2019). A survey on internet of things security: Requirements, challenges, and solutions. Internet of Things. https://doi.org/10.1016/j.iot.2019.100129

    Article  Google Scholar 

  23. Hou, J., Qu, L., & Shi, W. (2019). A survey on internet of things security from data perspectives. Computer Networks, 148, 295–306. https://doi.org/10.1016/j.comnet.2018.11.026

    Article  Google Scholar 

  24. Sfar, A. R., Natalizio, E., Challal, Y., & Chtourou, Z. (2018). A roadmap for security challenges in the Internet of Things. Digital Communications and Networks, 4(2), 118–137. https://doi.org/10.1016/j.dcan.2017.04.003

    Article  Google Scholar 

  25. Webfarmr, E. U. (2011). XACML 30 enhancements. Nanoscale Res Lett. https://doi.org/10.1186/1556-276X-6-297

    Article  Google Scholar 

  26. Atlam, H. F., Alassafi, M. O., Alenezi, A., Walters, R. J., & Wills, G. B. (2018). XACML for building access control policies in the internet of things. In IoTBDS (pp. 253–260).

  27. Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., & Bianchi, G. (2017). OAuth-IoT: An access control framework for the Internet of Things based on open standards. In 2017 IEEE symposium on computers and communications (ISCC) (pp. 676–681). https://doi.org/10.1109/ISCC.2017.8024606

  28. Cirani, S., Picone, M., Gonizzi, P., Veltri, L., & Ferrari, G. (2014). IoT-OAS: An OAuth-based authorization service architecture for secure services in IoT scenarios. IEEE sensors journal., 15(2), 1224–1234. https://doi.org/10.1109/JSEN.2014.2361406

    Article  Google Scholar 

  29. Cruz-Piris, L., Rivera, D., Marsa-Maestre, I., De La Hoz, E., & Velasco, J. R. (2018). Access control mechanism for IoT environments based on modeling communication procedures as resources. Sensors, 18(3), 917.

    Article  Google Scholar 

  30. Barka, E., Mathew, S.S., Atif, Y. (2015). Securing the Web of Things with Role-Based Access Control. In: El Hajji S., Nitaj A., Carlet C., Souidi E. (eds) Codes, Cryptology, and Information Security. C2SI 2015. Lecture Notes in Computer Science, Springer, Cham

  31. Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C. and Trouessin, G. (2003). Organization-based access control. In Proceedings POLICY 2003. IEEE 4th International workshop on policies for distributed systems and networks (pp. 120–131). https://doi.org/10.1109/POLICY.2003.1206966

  32. Hu, V.C., Ferraiolo, D., Kuhn, R., Friedman, A.R., Lang, A.J., Cogdell, M.M., Schnitzer, A., Sandlin, K., Miller, R., and Scarfone, K. (2013). Guide to attribute-based access control (ABAC) definition and considerations (draft). NIST special publication, 800(162).

  33. Ye, N., Zhu, Y., Wang, R. C., Malekian, R., & Qiao-Min, L. (2014). An efficient authentication and access control scheme for the perception layer of the internet of things. Applied Mathematics and Information Sciences, 8(4), 1617.

    Article  Google Scholar 

  34. Bezawada, B., Haefner, K., & Ray, I. (2018). Securing home IoT environments with attribute-based access control. In Proceedings of the Third ACM Workshop on attribute-based access control (pp. 43–53).

  35. Zhang, X., Parisi-Presicce, F., Sandhu, R., & Park, J. (2005). Formal model and policy specification of usage control. ACM Transactions on Information and System Security (TISSEC), 8(4), 351–387. https://doi.org/10.1145/1108906.1108908

    Article  Google Scholar 

  36. Park, J., and Sandhu, R., 2002, June. Towards usage control models: beyond traditional access control. In Proceedings of the seventh ACM symposium on access control models and technologies, ACM pp. 57–64. https://doi.org/10.1145/507711.507722

  37. Riad, K., & Yan, Z. (2017). Multi-factor synthesis decision-making for trust-based access control on the cloud. International Journal of Cooperative Information Systems, 26(04), 1750003. https://doi.org/10.1142/S0218843017500034

    Article  Google Scholar 

  38. Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the internet of things. Mathematical and Computer Modelling, 58(5–6), 1189–1205. https://doi.org/10.1016/j.mcm.2013.02.006

    Article  Google Scholar 

  39. Bouij-Pasquier, I., Ouahman, A.A., El Kalam, A.A. and de Montfort, M.O., 2015, November. SmartOrBAC security and privacy in the Internet of Things. In 2015 IEEE/ACS 12th international conference of computer systems and applications (AICCSA) pp. 1–8. https://doi.org/10.1109/AICCSA.2015.7507098

  40. El Bouanani, S., El Kiram, M. A., Achbarou, O., & Outchakoucht, A. (2019). Pervasive-based access control model for iot environments. IEEE Access, 7, 54575–54585. https://doi.org/10.1109/ACCESS.2019.2912975

    Article  Google Scholar 

  41. Li, W., Wang, Y., Li, J., & Au, M. H. (2020). Toward a blockchain-based framework for challenge-based collaborative intrusion detection. International Journal of Information Security, 1–13.

  42. Maesa, D.D.F., Mori, P. and Ricci, L. (2017). Blockchain-based access control. In IFIP International conference on distributed applications and interoperable systems, Springer, Cham (pp. 206–220).

  43. Ding, S., Cao, J., Li, C., Fan, K., and Li, H., 2019. A novel attribute-based access control scheme using blockchain for IoT. IEEE Access, 7, (pp.38431–38441). https://doi.org/10.1109/ACCESS.2019.2905846

  44. Ouaddah, A., Abou Elkalam, A., & Ait Ouahman, A. (2016). FairAccess: A new Blockchain-based access control framework for the internet of things. Security and Communication Networks, 9(18), 5943–5964. https://doi.org/10.1002/sec.1748

    Article  Google Scholar 

  45. Xue, J., Xu, C., & Zhang, Y. (2018). Private blockchain-based secure access control for smart home systems. KSII Transactions on Internet and Information Systems (TIIS), 12(12), 6057–6078.

    Google Scholar 

  46. Xu, R., Chen, Y., Blasch, E., & Chen, G. (2018). Blendcac: A smart contract enabled decentralized capability-based access control mechanism for the IoT. Computers, 7(3), 39.

    Article  Google Scholar 

  47. Fotiou, N., Pittaras, I., Siris, V. A., Voulgaris, S., & Polyzos, G. C. (2019). Secure IoT access at scale using blockchains and smart contracts. In 2019 IEEE 20th international symposium on a world of wireless, mobile and multimedia networks (WoWMoM) (pp. 1–6). IEEE.

  48. Patil, A. S., Tama, B. A., Park, Y., & Rhee, K. H. (2017). A framework for blockchain-based secure smart greenhouse farming. In Advances in Computer Science and Ubiquitous Computing (pp. 1162–1167). Springer, Singapore.

  49. Dorri, A., Kanhere, S. S., Jurdak, R., & Gauravaram, P. (2019). LSB: A Lightweight Scalable Blockchain for IoT security and anonymity. Journal of Parallel and Distributed Computing, 134, 180–197.

    Article  Google Scholar 

  50. Novo, O. (2018). Blockchain meets IoT: An architecture for scalable access management in IoT. IEEE Internet of Things Journal, 5(2), 1184–1195.

    Article  Google Scholar 

  51. Hwang, D., Choi, J., & Kim, K.-H. (2018) Dynamic access control scheme for IoT devices using blockchain. In 2018 International conference on information and communication technology convergence (ICTC). IEEE, 2018, (pp. 713–715). https://doi.org/10.1109/ICTC.2018.8539659

  52. Zhang, Y., Kasahara, S., Shen, Y., Jiang, X., & Wan, J. (2018). Smart contract-based access control for the internet of things. IEEE Internet of Things Journal, 6(2), 1594–1605. https://doi.org/10.1109/JIOT.2018.2847705

    Article  Google Scholar 

  53. Liu, H., Han, D., & Li, D. (2020). Fabric-IoT: A blockchain-based access control system in IoT. IEEE Access., 21(8), 18207–18218. https://doi.org/10.1109/ACCESS.2020.2968492

    Article  Google Scholar 

  54. Pinno, OJ., Gregio, AR., De Bona LC. (2017) Control Chain: Blockchain as a central enabler for access control authorizations in the IoT. In GLOBECOM 2017–2017 IEEE global communications conference 2017 Dec 4 (pp. 1–6). IEEE. https://doi.org/10.1109/GLOCOM.2017.8254521

  55. Paillisse, J., Subira, J., Lopez, A., Rodriguez-Natal, A., Ermagan, V., Maino, F., Cabellos, A. (2019) Distributed access control with blockchain, arXiv preprint arXiv:1901.03568, 2019. https://doi.org/10.1109/ICC.2019.8761995

  56. Pal, S., Rabehaja, T., Hill, A., Hitchens, M., & Varadharajan, V. (2019). On the integration of blockchain to the internet of things for enabling access right delegation. IEEE Internet of Things Journal, 7(4), 2630–2639. https://doi.org/10.1109/JIOT.2019.2952141

    Article  Google Scholar 

  57. Alphand, O., Amoretti, M., Claeys, T., Dall'Asta, S., Duda, A., Ferrari, G., Rousseau, F., Tourancheau, B., Veltri, L. and Zanichelli, F. (2018). April. IoTChain: A blockchain security architecture for the Internet of Things. In 2018 IEEE wireless communications and networking conference (WCNC) IEEE pp. 1–6. https://doi.org/10.1109/WCNC.2018.8377385

  58. Siris, V. A., Dimopoulos, D., Fotiou, N., Voulgaris, S., & Polyzos, G. C. (2020). Decentralized authorization in constrained IoT environments exploiting inter ledger mechanisms. Computer Communications., 15(152), 243–251. https://doi.org/10.1016/j.comcom.2020.01.030

    Article  Google Scholar 

  59. Outchakoucht, A., Hamza, E. S., & Leroy, J. P. (2017). Dynamic access control policy based on blockchain and machine learning for the internet of things. International Journal of Advanced Computer Science and Applications, 8(7), 417–424.

    Article  Google Scholar 

  60. Wang, S., Zhang, Y., & Zhang, Y. (2018). A blockchain-based framework for data sharing with fine-grained access control in decentralized storage systems. Ieee Access, 6, 38437–38450.

    Article  Google Scholar 

  61. Mishra, R. K., Yadav, R. K., & Nath, P. (2023). Blockchain DrivenAccess control architecture for the internet of things. Multimedia Tools and Applications, 82(20), 31397–31421.

    Article  Google Scholar 

  62. Oktian, Y. E., & Lee, S. G. (2020). BorderChain: Blockchain-based access control framework for the internet of things endpoint. IEEE Access.

  63. Abduljabbar, T. A., Tao, X., Zhang, J., Zhou, X., Li, L., & Cai, Y. (2021). A survey of privacy solutions using blockchain for recommender systems: current status, classification, and open issues. The Computer Journal. https://doi.org/10.1093/comjnl/bxab065

    Article  Google Scholar 

  64. Mishra, R. K., Yadav, R. K., & Nath, P. (2023). Secure IoT data management and sharing architecture for information security using cryptographic technique. Journal of Intelligent and Fuzzy Systems. https://doi.org/10.3233/JIFS-232483

    Article  Google Scholar 

  65. Kouicem, D. E., Imine, Y., Bouabdallah, A., & Lakhlef, H. (2020). A Decentralized Blockchain-Based Trust Management Protocol for the Internet of Things. IEEE Transactions on Dependable and Secure Computing. https://doi.org/10.1109/TDSC.2020.3003232

    Article  Google Scholar 

  66. Butun, I., & Österberg, P. (2020). A review of distributed access control for blockchain systems towards securing the internet of things. ieee access.

  67. Tanwar, S., Parekh, K., & Evans, R. (2020). Blockchain-based electronic healthcare record system for healthcare 4.0 applications. Journal of Information Security and Applications, 50, 102407.

    Article  Google Scholar 

  68. Jamil, F., Ahmad, S., Iqbal, N., & Kim, D.-H. (2020). Towards remote monitoring of patient vital signs based on IoT-based blockchain integrity management platforms in smart hospitals. Sensors, 20(8), 2195.

    Article  Google Scholar 

  69. Mishra, R. K., Yadav, R. K., & Nath, P. (2021). Blockchain-based decentralized authorization technique for data sharing in the internet of things. In 2021 5th international conference on information systems and computer networks (ISCON) (pp. 1–6). IEEE.

  70. Kavallieratos, G., Katsikas, S., & Gkioulos, V. (2018). Cyber-attacks against the autonomous ship, In Computer security (pp. 20–36). Cham: Springer.

    Google Scholar 

  71. Collen, A., Nijdam, N. A., Augusto-Gonzalez, J., Katsikas, S. K., Giannoutakis, K. M., Spathoulas, G., & Dimas, M. (2018). Ghost-safe-guarding home IoT environments with personalised real-time risk control,

  72. Mishra, R. K., Yadav, R. K., & Nath, P. (2023, November). Blockchain powered iot access control model for secure data sharing and management: performance analysis. In 2023 second international conference on informatics (ICI) (pp. 1–6). IEEE.

Download references

Funding

The authors have not disclosed any funding.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Delhi Technological University, Delhi, India

    Rajiv Kumar Mishra

  2. Department of Computer Science and Engineering, Delhi Technological University, Delhi, India

    Rajesh K. Yadav

  3. Department of Computer Science and Engineering, HNB Garhwal University, Uttarakhand, India

    Prem Nath

Authors
  1. Rajiv Kumar Mishra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajesh K. Yadav
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Prem Nath
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

Rajiv Mishra Conceptualization, Writing—Original draft preparation, Resources, Visualization. Aastha Maheshwari Writing—Reviewing and Editing, Visualization. Rahul Kumar Writing—Reviewing and Editing.

Corresponding author

Correspondence to Rajiv Kumar Mishra.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mishra, R.K., Yadav, R.K. & Nath, P. Access Control Models and Frameworks for the IoT Environment: Review, Challenges, and Future Direction. Wireless Pers Commun 138, 1671–1701 (2024). https://doi.org/10.1007/s11277-024-11568-4

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-024-11568-4

Keywords

Search

Navigation