Attribute-Based Access Control Scheme in Federated IoT Platforms
The Internet of Things (IoT) introduced the possibility to connect electronic things from everyday life to the Internet, while making them ubiquitously available. With advanced IoT services, based on a trusted federation among heterogeneous IoT platforms, new security problems (including authentication and authorization) emerge. This contribution aims at describing the main facets of the preliminary security architecture envisaged in the context of the symbIoTe project, recently launched by European Commission under the Horizon 2020 EU program. Our approach features distributed and decoupled mechanisms for authentication and authorization services in complex scenarios embracing heterogeneous and federated IoT platforms, by leveraging Attribute Based Access Control and token-based authorization techniques.
KeywordsInternet of Things Security mechanisms Attribute-Based Access Control Interoperability framework Macaroons JSON Web Token
This work is supported by the H2020 symbIoTe project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 688156. The authors would like to cordially thank the entire symbIoTe consortium for their valuable comments and discussions.
- 1.Ashton, K.: That Internet of Things thing. RFID J. 22, 97–114 (2009)Google Scholar
- 2.Gershenfeld, N., Krikorian, R., Cohen, D.: The Internet-of-Things. Technical report, Scientific American (2004)Google Scholar
- 3.Gross, M.: Smart house and home automation technologies. Technical report, Encyclopedia of Housing (1998)Google Scholar
- 5.Hu, V., Ferraiolo, D., Kuhn, R., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K.: Guide to Attribute Based Access Control (ABAC) definition and considerations. NIST special publication 800-162. NIST, January 2014Google Scholar
- 6.Khan, A.: Access control in cloud computing environment. ARPN J. Eng. Appl. Sci. 7(5), 613–615 (2012)Google Scholar
- 7.Juniper-Networks: Architecture for secure SCADA and distributed control system networks. Juniper Networks White Paper (2010)Google Scholar
- 10.Birgisson, A., Gibbs Politz, J., Erlingisson, U., Lentczner, M.: Macaroons: cookies with contextual caveats for decentralized authorization in the cloud. In: Proceedings of the Conference on Network and Distributed System Security Symposium (2014)Google Scholar
- 11.Jones, M., Bradley, J., Sakimura, N.: JSON Web Token (JWT). RFC 5719, IETF, May 2015Google Scholar
- 12.Seitz, L., Selander, G., Wahlstroem, E., Erdtman, S., Tschofenig, H.: Authorization for the Internet of Things for constrained environments draft-ietf-ace-oauth-authz-04. Internet draft, IETF (2016)Google Scholar
- 13.Hennebert, C., et al.: IoT governance. privacy and security issues. Technical report, European Research Cluster on the Internet of Things, January 2015Google Scholar
- 14.Hardt, D.: The OAuth 2.0 authorization framework. RFC 6749, IETF, October 2012Google Scholar
- 15.Dierks, T., Rescorla, E.: The transport layer security protocol Version 1.1. IETF, April 2006Google Scholar