research-article

Emergence-Based Access Control: New Approach to Secure the Internet of Things

Authors:

Anas Abou El Kalam,

Aissam Outchakoucht,

Hamza Es-SamaaliAuthors Info & Claims

DTUC '18: Proceedings of the 1st International Conference on Digital Tools & Uses Congress

Article No.: 15, Pages 1 - 11

https://doi.org/10.1145/3240117.3240136

Published: 03 October 2018 Publication History

Abstract

The security is becoming the most important challenge that threatens the development of the internet of things. In this respect, access control is considered as the cornerstone and core element that should be well designed and implemented. However, this mission becomes more complex in IoT environments as they have additional and specific requirements such as heterogeneity, limited capacities of storage and computing as well as the huge number of the devices. Dealing with this issue, this paper proposes an 'emergence based' process aiming to benefit from this tremendous number of smart objects and extract the significant features that we cannot pick up in systems with smallest number. Then, it proposes an access control framework dedicated to IoT environments based on three extremely powerful concepts: Blockchain networks, Reputation systems and Reinforcement Learning algorithms.

References

[1]

J. Gubbi et al. 2013. "Internet of Things (IoT): A vision, architectural elements, and future directions", Future Generation Computer Systems, Volume 29, Issue 7, P. 1645--1660.

Digital Library

[2]

J. Lopez, R. Rios, F. Bao and G. Wang. 2017. "Evolving Privacy: From Sensors to the Internet of Things", p. 1.

[3]

Kim Rowe. February 2016. "Internet of things requirements and protocols". IEEE standards university magazine.

[4]

E. N. Zalta, ed. 2012. "Emergent Properties". The Stanford Encyclopedia of Philosophy, Spring Edition.

[5]

S. Nakamoto. 2008. "Bitcoin?: A Peer-to-Peer Electronic Cash System," pp. 1--9.

[6]

S. Wilkinson, J. Lowry, and T. Boshevski. 2014. "Metadisk a Blockchain-based decentralized file storage application".

[7]

A. Schaub, R. Bazin, O. Hasan, and L. Brunie. 2016. "A trustless privacy- preserving reputation system," IFIP Int. Inf.

[8]

C. Fromknecht, D. Velicanu, and S. Yakoubov. 2014. "A Decentralized Public Key Infrastructure with Identity Retention" IACR Cryptol. ePrint.

[9]

T. O. Ayodele. 2010. "Introduction to Machine Learning", in New Advances in Machine Learning. Rijeka, Croatia: InTech.

[10]

Y. S. Abu-Mostafa, M. Magdon-Ismail, and H.-T. Lin. 2012. "Learning From Data", AMLBook.

Digital Library

[11]

F. Hendrikx et al. 2015. "Reputation system: A survey and taxonomy", J. Parallel Diist. Compt. 75, pp. 184--197.

Digital Library

[12]

"Part 1: Introduction and general model," in Common Criteria for Information Technology Security Evaluation Version 2.1, p. 11.

[13]

R. S. Sandhu. 1998. "Role-based Access Control," Adv. Comput., vol. 46, pp. 237--286.

[14]

Z. Guoping and T. Jiazheng. 2010. "An extended role based access control model for the Internet of Things". Information Networking and Automation (ICINA), International Conference on IEEE, p. V1-319-V1-323.

[15]

P. Spiess, S. Kamouskos, et al. 2009. "SOA-based Integration of the Internet of Things in EnterpriseServices". IEEE International Conference on Web Services, pp. 968--975.

Digital Library

[16]

L. Moreira Sa de Souza, et al.,"SOCRADES:A web Service Based Shop Floor Integration Infrastructure," C.Floerkemeieretal. (Eds.): IOT200S, LNCS4952, pp.50--67.

Digital Library

[17]

J. Jia, X. Qiu, C. Cheng. 2012. "Access control method for web of things based on role and sns", Computer and Information Technology (CIT), IEEE 12th International Conference on IEEE, p. 316--321.

Digital Library

[18]

A. A. E. Kalam el al. 2003. "Organization based access control," in Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks, pp. 120--131.

Digital Library

[19]

A. Abou El Kalam, Y. Deswarte, A. Baïna, and M. Kaâniche. 2009. "PolyOrBAC: A security framework for Critical Infrastructures," Int. J. Crit. Infrastruct. Prot., vol. 2, no. 4, pp. 154--169.

[20]

A. Ouaddah, I. Bouij-Pasquier, A. Abou Elkalam, and A. Ait Ouahman. 2015. "Security analysis and proposal of new access control model in the Internet of Thing". International Conference on Electrical and Information Technologies (ICEIT), pp. 30--35.

[21]

I. Bouij-Pasquier, A. A. El Kalam, A. A. Ouahman, and M. De Montfort. 2015. "A Security Framework for Internet of Things," Springer International Publishing, pp. 19--31.

[22]

E. Yuan and J. Tong. 2005. "Attributed based access control (ABAC) for Web services," in IEEE International Conference on Web Services (ICWS'05).

Digital Library

[23]

Webfarmr.eu. 2011. "XACML 3.0 enhancements," Nanoscale Res. Lett., vol. 6, no. 1, p. 297.

[24]

L. Seitz, G. Selander, and C. Gehrmann. 2013. "Authorization framework for the Internet-of-Things". IEEE 14th Int. Symp. a World Wireless, Mob. Multimed. Networks, WoWMoM.

[25]

J. Dennis and E. Van Horn. (1966). Programming semantics for multiprogrammed computations, Commun. ACM 9(3), pp. 143--155.

Digital Library

[26]

Mahalle, Parikshit N., Anggorojati, Bayu, Prasad, Neeli R., et al. 2013. Identity authentication and capability based access control (iacac) for the internet of things. Journal of Cyber Security and Mobility, vol. 1, no 4, p. 309--348.

[27]

J. Park and R. Sandhu. 2002. "Towards usage control models: beyond traditional access control," in Proceedings of the seventh ACM symposium on Access control models and technologies - SACMAT '02, p. 57.

Digital Library

[28]

A. Lazouski, F. Martinelli, and P. Mori. 2010. "Usage control in computer security: A survey," Comput. Sci. Rev., vol. 4, no. 2, pp. 81--99.

Digital Library

[29]

X. Zhang, M. Nakae, M. J. Covington, and R. Sandhu. Feb. 2008. "Toward a Usage-Based Security Framework for Collaborative Computing Systems," ACM Trans. Inf. Syst. Secur., vol. 11, no. 1, pp. 1--36.

Digital Library

[30]

D. H. (ed). October 2012. "The OAuth 2.0 Authorization Framework," IETF, RFC6749. Available at http://www.rfc-editor.org/rfc/rfc6749.txt.

[31]

Cirani, Simone, Picone, Marco, Gonizzi, Pietro, et al. 2015. IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios. Sensors Journal, IEEE, vol. 15, no 2, p. 1224--1234.

[32]

Hannes Tschofenig. 2015. "The OAuth 2.0 Bearer Token Usage over the Constrained Application Protocol (CoAP)" IETF Internet Draft, draft-tschofenig- ace-oauth-bt-01.txt

[33]

H. Tschofenig. 2014. "The OAuth 2.0 Internet of Things (IoT) Client Credentials Grant" IETF Internet Draft, draft-tschofenig-ace-oauth-iot-00.txt.

[34]

UMA Core Protocol Version 1.0, https://kantarainitiative.org/confluence/display/uma/UMA+1.0+Core+Protocol.

[35]

Hardjono, T., Maler, E., Machulak, M., and D. Catalano. February 2015. "User- Managed Access (UMA) Profile of OAuth 2.0", draft-hardjono-oauth-umacore- 12 (work in progress).

[36]

P. N. Mahalle, P. A. Thakre, N. R. Prasad, and R. Prasad. 2013. "A fuzzy approach to trust based access control in internet of things," in Wireless VITAE 2013, pp. 1--5.

[37]

A. Ouaddah, H. Mousannif, A. A. Elkalam, A. Ait Ouahman. 2017. "Access control in the Internet of Things: Big challenges and new opportunities", Computer Networks 112, pp. 237--262

Digital Library

[38]

A. Ouaddah. 2017. "FairAccess: A privacy-preserving access control framework based on the Blockchain technology to secure the Internet of Things", thesis.

[39]

A. Ouaddah, H. Mousannif, et al. 29 September -- 1 October 2016. Access Control in IoT: Survey & State of the Art In the Proceeding of the 5th International Conference on Multimedia Computing and Systems (ICMCS'16). Marrakech, Morocco.

[40]

A. Ouaddah, A. Abou Elkalam and A. Ait Ouahman. 2017. "FairAccess: a new Blockchain-based access control framework for the Internet of Things", Security and Communication Networks, pp. 1--22.

[41]

A. Ameziane El Hassani et al. 2014. "Integrity-OrBAC: a new model to preserve Critical Infrastructures integrity", Int. J. Inf. Secur, Springer-Verlag Berlin Heidelberg.

Digital Library

Cited By

Singh RKukreja DSharma D(2023)Blockchain-enabled access control to prevent cyber attacks in IoT: Systematic literature reviewFrontiers in Big Data10.3389/fdata.2022.10817705Online publication date: 12-Jan-2023
https://doi.org/10.3389/fdata.2022.1081770
Trnka MAbdelfattah AShrestha ACoffey MCerny T(2022)Systematic Review of Authentication and Authorization Advancements for the Internet of ThingsSensors10.3390/s2204136122:4(1361)Online publication date: 10-Feb-2022
https://doi.org/10.3390/s22041361
Fragkos GJohnson JTsiropoulou E(2022)Dynamic Role-Based Access Control Policy for Smart Grid Applications: An Offline Deep Reinforcement Learning ApproachIEEE Transactions on Human-Machine Systems10.1109/THMS.2022.316318552:4(761-773)Online publication date: Aug-2022
https://doi.org/10.1109/THMS.2022.3163185
Show More Cited By

Index Terms

Emergence-Based Access Control: New Approach to Secure the Internet of Things
1. Hardware
  1. Communication hardware, interfaces and storage
    1. Sensor devices and platforms
2. Security and privacy
  1. Security services
    1. Access control

Recommendations

Blockchain for IoT access control: Recent trends and future research directions
Abstract
With the rapid development of wireless sensor networks, smart devices, and traditional information and communication technologies, there is tremendous growth in the use of Internet of Things (IoT) applications and services in our ...
Enhanced authentication and access control in Internet of Things: a potential blockchain-based method

With the rapid growth of Internet of Things (IoT), it can be foreseen that IoT services will be influencing several use-cases. IoT brings along the security and privacy issues that may hinder its wide scale adoption. The scenarios in IoT applications are ...
Recent Reinforcement Learning and Blockchain Based Security Solutions for Internet of Things: Survey
Abstract
Users’ security is one of the most important issues in Internet of Things (IoT) due to the high number of IoT devices involved in different applications. Security threats are evolving at a rapid pace that make the current security and privacy ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

DTUC '18: Proceedings of the 1st International Conference on Digital Tools & Uses Congress

October 2018

148 pages

ISBN:9781450364515

DOI:10.1145/3240117

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

CNAM: Conservatoire des Arts et Métiers
Univ. of Turin: University of Turin
Université Paris 8: Université Paris 8

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 03 October 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

DTUC '18

DTUC '18: Digital Tools & Uses Congress

October 3 - 5, 2018

Paris, France

Acceptance Rates

DTUC '18 Paper Acceptance Rate 26 of 46 submissions, 57%;

Overall Acceptance Rate 48 of 88 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
247
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Singh RKukreja DSharma D(2023)Blockchain-enabled access control to prevent cyber attacks in IoT: Systematic literature reviewFrontiers in Big Data10.3389/fdata.2022.10817705Online publication date: 12-Jan-2023
https://doi.org/10.3389/fdata.2022.1081770
Trnka MAbdelfattah AShrestha ACoffey MCerny T(2022)Systematic Review of Authentication and Authorization Advancements for the Internet of ThingsSensors10.3390/s2204136122:4(1361)Online publication date: 10-Feb-2022
https://doi.org/10.3390/s22041361
Fragkos GJohnson JTsiropoulou E(2022)Dynamic Role-Based Access Control Policy for Smart Grid Applications: An Offline Deep Reinforcement Learning ApproachIEEE Transactions on Human-Machine Systems10.1109/THMS.2022.316318552:4(761-773)Online publication date: Aug-2022
https://doi.org/10.1109/THMS.2022.3163185
Giordano GPalomba FFerrucci F(2022)On the use of artificial intelligence to deal with privacy in IoT systems: A systematic literature reviewJournal of Systems and Software10.1016/j.jss.2022.111475193(111475)Online publication date: Nov-2022
https://doi.org/10.1016/j.jss.2022.111475
Tran NAli Babar MBoan J(2021)Integrating blockchain and Internet of Things systemsJournal of Network and Computer Applications10.1016/j.jnca.2020.102844173:COnline publication date: 1-Jan-2021
https://dl.acm.org/doi/10.1016/j.jnca.2020.102844
Lone ANaaz R(2021)Applicability of Blockchain smart contracts in securing Internet and IoT: A systematic literature reviewComputer Science Review10.1016/j.cosrev.2020.10036039(100360)Online publication date: Feb-2021
https://doi.org/10.1016/j.cosrev.2020.100360
Quiniou M(2019)ReferencesBlockchain10.1002/9781119629573.refs(119-131)Online publication date: 23-May-2019
https://doi.org/10.1002/9781119629573.refs

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents