Abstract
Internet of Things (IoT) is currently deployed across applications, most of them connected to the Internet or at least connected to a gateway (superior processing capabilities) which is in turn connected to the Internet. The wireless sensor networks (WSNs) refer to a group of spatially dispersed and dedicated sensors for monitoring or recording data and collecting the same in a centralized location. Much research has been done to address the problem of security arising due to concern of authentication, avoidance of DOS attacks, identity hijacking, spoofing, etc. Some even went in depth to address issues related to authentication in a heterogeneous environment, i.e., solves authentication among devices of different make and model deployed in different networks and still trying to connect, addressing multiple authentication or certification (chain of) authorities. However, much less of research has focused on trying to address the true identity of the device. This paper proposes a scheme in post-authentication to explore and validate the identity of the device and later take a decision that needs to be done as necessary for the dynamic authorization phase. Here, we propose the post-authentication using dynamic authorization—Nonce (one-time credential) for a device which is not associated nor owned by system to perform limited use privilege operation on sensitive resource.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk W (2008) Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile RFC 5280
Gubbi J, Buyya R, Marusic S, Palaniswami M (2013) Internet of things (IoT): a vision architectural elements and future directions. Futur Gener Comput Syst 29(7):1645–1660
Pacheco J, Hariri S (2016) IoT Security framework for smart cyber infrastructures. In: IEEE 1st International workshops on foundations and applications of self* systems (FAS*W). pp 242–247
Olesia V, Leonid Kupershtein, Olga Shulyatitska, Viktor Malyushytskyy, The authentication method in wireless sensor networks based on trust model. In: IEEE first Ukraine conference on electrical and computer engineering (UKRCON), pp 993–997
Porambage P, Schmitt C, Gurtov A, Gerdes S (2014) PAuthKey: A pervasive authentication protocol and key establishment scheme for wireless sensor networks in distributed IoT applications. Int J Distrib Sens Netw (357430)
Kim H (2017) Securing the internet of things via locally centralized, globally distributed authentication and authorization. In: EECS Department, University of California, Berkeley, Technical Report No. UCB/EECS-2017–139
Hernández-Ramos J, Pawlowski M, Jara AJ, Skarmeta A, Ladid L (2015) Toward a lightweight authentication and authorization framework for smart objects. IEEE J Sel Areas Commun 33:690–702
EcheverrĂa S, Lewis GA, Klinedinst D, Seitz L (2019) Authentication and authorization for IoT devices in disadvantaged environments. In: IEEE 5th World forum on internet of things (WF-IoT), Limerick, Ireland, pp 368–373
Mahalle PN, Anggorojati B, Prasad NR, Prasad R (2013) Identity authentication and capability-based access control (IACAC) for the internet of things. J Cyber Secur Mobil 1(4):309–348
IEEE (2011) 802.15.4–2011 IEEE Standard for local and metropolitan area networks—Part 15.4: low-rate wireless personal area networks (LR-WPANs), pp 1–314
ZigBee Specification Version 1.0, ZigBee Alliance, https://www.zigbee.org/home.aspx (2008)
Kushalnagar N, Montenegro G, Schumacher C (2007) IPv6 over low-power wireless personal area networks (6LoWPANs): overview assumptions problem statement and Go. RFC 4919
Shin S, Shon T, Yeh H, Kim K (2014) An effective authentication mechanism for ubiquitous collaboration in heterogeneous computing environment. Peer-To-Peer Netw Appl 7(4):612–619
Liu Y, Li J, Guizani M (2012) PKC based broadcast authentication using signature amortization for WSNs. IEEE Trans Wireless Commun 11(6):2106–2115
Rescorla E, Modadugu N (2006) Datagram transport layer security. In: IETF RFC 4347
Lu R, Li X, Liang X, Shen X, Lin X (2011) GRS: the green, reliability, and security of emerging machine to machine communications. IEEE Commun Mag 49(4):28–35
Li CT, Hwang MS, Chu YP (2009) An efficient sensor-to sensor authenticated path-key establishment scheme for secure communications in wireless sensor networks. Int J Innov Comput Info Control 5(8):2107–2124
Icon of truck used in figure 2 made by Freepik from www.flaticon.com.
Trnka M, Cerny T, Stickney N (2018) Survey of authentication and authorization for the internet of things. Hindawi Secur Commun Netw 2018(ID 4351603):1–17
Kim H, Lee EA (2017) Authentication and authorization for the internet of things. IT Professional 19(5):27–33
Moosavi SR, Gia TN, Rahmani AM, Nigussie E, Virtanen S, Isoaho J, Tenhunen J (2015) SEA: a secure and efficient authentication and authorization architecture for iot-based healthcare using smart gateways procedia computer science. pp 452–459
Humayed A, Lin J, Li F, Luo B (2017) Cyber-physical systems security—a survey. IEEE Internet Things J 4(6):1802–1831
Lee S-H, Huang K-W, Yang C-S (2017) TBAS: token-based authorization service architecture in internet of things scenarios. Int J Distrib Sens Netw 13
Tanwar S, Tyagi S, Kumar N (2019) Multimedia big data computing for IoT applications: concepts, paradigms and solutions. In: Intelligent systems reference library, Springer Nature Singapore Pte Ltd., Singapore, pp 1–425
Singh PK, Pawłowski W, Tanwar S, Kumar N, Rodrigues JJ, Obaidat MS (Eds) In: Proceedings of first international conference on computing, communications, and cyber-security (IC4S 2019). vol 121. Springer
Singh PK, Kar AK, Singh Y, Kolekar MH, Tanwar S (Eds) In: Proceedings of ICRIC 2019: recent innovations in computing. vol 597. Springer
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Sinha, N., Sundaram, M., Sinha, A. (2021). Instinctive and Effective Authorization for Internet of Things. In: Singh, P.K., Wierzchoń, S.T., Tanwar, S., Ganzha, M., Rodrigues, J.J.P.C. (eds) Proceedings of Second International Conference on Computing, Communications, and Cyber-Security. Lecture Notes in Networks and Systems, vol 203. Springer, Singapore. https://doi.org/10.1007/978-981-16-0733-2_40
Download citation
DOI: https://doi.org/10.1007/978-981-16-0733-2_40
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-0732-5
Online ISBN: 978-981-16-0733-2
eBook Packages: EngineeringEngineering (R0)