Secure and Authenticated Access to LLN Resources Through Policy Constraints

Rantos, Konstantinos; Fysarakis, Konstantinos; Soultatos, Othonas; Askoxylakis, Ioannis

doi:10.1007/978-3-319-24018-3_18

Secure and Authenticated Access to LLN Resources Through Policy Constraints

Konstantinos Rantos¹⁵,
Konstantinos Fysarakis¹⁶,
Othonas Soultatos¹⁷ &
…
Ioannis Askoxylakis¹⁸

Conference paper
First Online: 24 October 2015

1343 Accesses
7 Altmetric

Part of the Lecture Notes in Computer Science book series (LNSC,volume 9311)

Abstract

Ubiquitous devices comprising several resource-constrained sensors and actuators while having the long desired Internet connectivity, are becoming part of many solutions that seek to enhance user’s environment smartness and quality of living. Their intrinsic resource limitations however constitute critical requirements, such as security, a great challenge. When these nodes are associated with applications that might have an impact in user’s privacy or even become life threatening, the security issues are of primary concern. Access to these resources should be appropriately controlled to ensure that such wearable nodes are adequately protected. On the other hand, it is very important to not restrict access to only a very closed group of entities. This work presents a service oriented architecture that utilizes policy-based, unified, cross-platform and flexible access control to allow authenticated entities consume the services provided by wearable nodes while protecting their valuable resources.

Keywords

Body sensor networks
Policy-based access control
XACML
SAML
DPWS
Web services
Security

Download conference paper PDF

References

Cui, A., Stolfo, S.J.: A quantitative analysis of the insecurity of embedded network devices: results of a wide-area scan. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 97–106. ACM, New York (2010). http://doi.acm.org/10.1145/1920261.1920276
Parducci, B., Lockhart, H., Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0, pp. 1–150 (2003). http://docs.oasis-open.org/xacml/3.0/
He, D., Bu, J., Zhu, S., Chan, S., Chen, C.: Distributed Access Control with Privacy Support in Wireless Sensor Networks. IEEE Transactions on Wireless Communications 10(10), 3472–3481 (2011)
CrossRef Google Scholar
Yu, S., Ren, K., Lou, W.: FDAC: Toward Fine-Grained Distributed Data Access Control in Wireless Sensor Networks. IEEE Transactions on Parallel and Distributed Systems 22(4), 352–362 (2011)
CrossRef Google Scholar
Askoxylakis, I.G., Markantonakis, K., Tryfonas, T., May, J., Traganitis, A.: A face centered cubic key agreement mechanism for mobile ad hoc networks. In: Granelli, F., Skianis, C., Chatzimisios, P., Xiao, Y., Redana, S. (eds.) MOBILIGHT 2009. LNICST, vol. 13, pp. 103–113. Springer, Heidelberg (2009)
CrossRef Google Scholar
Manifavas, C., Fysarakis, K., Rantos, K., Kagiambakis, K., Papaefstathiou, I.: Policy-based access control for body sensor networks. In: Naccache, D., Sauveron, D. (eds.) WISTP 2014. LNCS, vol. 8501, pp. 150–159. Springer, Heidelberg (2014)
Google Scholar
Serbanati, A., Segura, A.S., Oliverau, A., Saied, Y.B., Gruschka, N., Gessner, D., Gomez-Marmol, F.: Internet of Things Architecture, Concept and Solutions for Privacy and Security in the Resolution Infrastructure. EU project IoT-A, Project report D4.2 (2012). http://www.iot-a.eu/
El-Aziz, A., Kannan, A.: Access control for healthcare data using extended XACML-SRBAC model. In: 2012 International Conference on Computer Communication and Informatics, Dept. of Information Science & Technology, Anna University, pp. 1–4. IEEE, January 2012
Google Scholar
Zhu, Y., Keoh, S., Sloman, M., Lupu, E.: A lightweight policy system for body sensor networks. IEEE Transactions on Network and Service Management 6(3), 137–148 (2009)
CrossRef Google Scholar
Colitti, W., Steenhaut, K., De Caro, N.: Integrating wireless sensor networks with the web. In: Proc. of Extending the Internet to Low Power and Lossy Networks, Chicago, IL, USA (2011)
Google Scholar
Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., Huynh, A., Carlson, M., Perry, J., Waldbusser, S.: Terminology for Policy-Based Management, pp. 1–22 (2001). http://www.ietf.org/rfc/rfc3198.txt
Anderson, A., Lockhart, H.: SAML 2.0 Profile of XACML, Version 2.0 (2005). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-saml-profile-spec-os.pdf
Hughes, J., Cantor, S., Hodges, J., Hirsch, F., Mishra, P., Philpott, R., Maler, E.: Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005). http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf
Sun Microsystems Laboratories, XACML. http://sunxacml.sourceforge.net
Web Services for Devices (WS4D). http://ws4d.e-technik.uni-rostock.de
WS4D-JMEDS DPWS Stack. http://sourceforge.net/projects/ws4d-javame/
Dierks, T., Rescorla, E.: RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2, pp. 1–104 (2008). http://tools.ietf.org/rfc/rfc5246.txt
Rescorla, E., Modadugu, N.: Datagram Transport Layer Security, pp. 1–31 (2012). http://tools.ietf.org/rfc/rfc6347.txt
Rantos, K., Papanikolaou, A., Manifavas, C.: Ipsec over ieee 802.15.4 for low power and lossy networks. In: Proceedings of the 11th ACM International Symposium on Mobility Management and Wireless Access, MobiWac 2013, pp. 59–64. ACM, New York (2013)
Google Scholar
Rantos, K., Papanikolaou, A., Manifavas, C., Papaefstathiou, I.: Ipv6 security for low power and lossy networks. In: 2013 IFIP Wireless Days (WD), pp. 1–8, November 2013
Google Scholar
Raza, S., Duquennoy, S., Chung, T., Yazar, D., Voigt, T., Roedig, U.: Securing communication in 6LoWPAN with compressed IPsec. In: Proceedings of the 7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS 2011), Barcelona, Spain, June 2011
Google Scholar
Lawrence, K., Kaler, C., Nadalin, A., Monzilo, R., Hallam-Baker, P.: Web Services Security: SOAP Message Security 1.1, pp. 1–76 (2006). http://docs.oasis-open.org/wss/v1.1/
Lascelles, F., Flint, A.: WS-Security Performance (2006). http://websphere.sys-con.com/node/204424

Download references

Author information

Authors and Affiliations

Department of Computer and Informatics Engineering, Eastern Macedonia and Thrace Institute of Technology, Kavala, Greece
Konstantinos Rantos
Department of Electronic & Computer Engineering, Technical University of Crete, Chania, Crete, Greece
Konstantinos Fysarakis
Department of Computer Science, University of Crete, Heraklion, Crete, Greece
Othonas Soultatos
Institute of Computer Science, Foundation for Research and Technology - Hellas (FORTH), Heraklion, Greece
Ioannis Askoxylakis

Authors

Konstantinos Rantos
View author publications
You can also search for this author in PubMed Google Scholar
Konstantinos Fysarakis
View author publications
You can also search for this author in PubMed Google Scholar
Othonas Soultatos
View author publications
You can also search for this author in PubMed Google Scholar
Ioannis Askoxylakis
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Konstantinos Fysarakis .

Editor information

Editors and Affiliations

ISG-SCC, University of London, Egham, United Kingdom
Raja Naeem Akram
George Mason University, FAIRFAX, Virgin Islands, USA
Sushil Jajodia

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Rantos, K., Fysarakis, K., Soultatos, O., Askoxylakis, I. (2015). Secure and Authenticated Access to LLN Resources Through Policy Constraints. In: Akram, R., Jajodia, S. (eds) Information Security Theory and Practice. WISTP 2015. Lecture Notes in Computer Science(), vol 9311. Springer, Cham. https://doi.org/10.1007/978-3-319-24018-3_18

Download citation

DOI: https://doi.org/10.1007/978-3-319-24018-3_18
Published: 24 October 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24017-6
Online ISBN: 978-3-319-24018-3
eBook Packages: Computer ScienceComputer Science (R0)