Abstract
The CBAC (Capability-Based Access Control) model where device owners issue subjects capability tokens, i.e., a set of access rights on objects in devices, is adopted to the IoT (Internet of Things). Objects are data resource in a device which are used to store sensor data and action data. A subject \(sb_i\) can get data of an object \(o_m^k\) in a device \(d_k\) by accessing an object \(o_n^l\) in another device \(d_l\) even if the subject \(sb_i\) is not allowed to get the data from the object \(o_m^k\). Here, information of the object \(o_m^k\) illegally flows to the subject \(sb_i\). In addition, a subject may get data of an object generated at time \(\tau \) when the subject is not allowed to get the data from the object. Here, since the data come to the subject later than expected by the subject to get the data, i.e., the data flow late to the subject. In our previous studies, protocols are implemented to interrupt operations implying both illegal and late types of information flow. Here, the request processing time takes longer as the number of capability tokens whose signatures are verified in devices increases. Hence, in this paper, an MRCTS (Minimum Required Capability Token Selection) algorithm to reduce the number of capability tokens used is proposed. In the evaluation, it is shown that the request processing time is shortened by the MRCTS algorithm.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Raspberry Pi3 Model B+. https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/
Raspbian, version 10.3, 13 February 2020. https://www.raspbian.org/. Accepted 11 Mar 2020
Date, C.J.: An Introduction to Database Systems, 8th edn. Addison Wesley, Boston (2003)
Denning, D.E.R.: Cryptography and Data Security. Addison Wesley, Boston (1982)
Hanes, D., Salgueiro, G., Grossetete, P., Barton, R., Henry, J.: IoT Fundamentals: Networking Technologies, Protocols, and Use Cases for the Internet of Things. Cisco Press, Indianapolis (2018)
Hernández-Ramos, J.L., Jara, A.J., MarÃn, L., Skarmeta, A.F.: Distributed capability-based access control for the Internet of Things. J. Internet Serv. Inf. Secur. 3(3/4), 1–16 (2013)
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)
Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: A read-write abortion protocol to prevent illegal information flow in role-based access control systems. Int. J. Space Based Situated Comput. 6(1), 43–53 (2016)
Nakamura, S., Enokido, T., Takizawa, M.: Causally ordering delivery of event messages in P2PPSO systems. Cogn. Syst. Res. 56, 167–178 (2019)
Nakamura, S., Enokido, T., Takizawa, M.: Information flow control based on the CapBAC (capability-based access control) model in the IoT. Int. J. Mob. Comput. Multimedia Commun, 10(4), 13–25 (2019)
Nakamura, S., Enokido, T., Takizawa, M.: Information flow control in object-based peer-to-peer publish/subscribe systems. Concurrency Comput. Pract. Exp. 32(8), e5118 (2020)
Nakamura, S., Enokido, T., Takizawa, M.: Time-based legality of information flow in the capability-based access control model for the Internet of Things. Concurrency Comput. Pract. Exp. (2020). https://doi.org/10.1002/cpe.5944
Nakamura, S., Enokido, T., Takizawa, M.: Implementation and evaluation of the information flow control for the Internet of Things. Concurrency Comput. Pract. Exp. (2021). https://doi.org/10.1002/cpe.6311
Nakamura, S., Enokido, T., Takizawa, M.: Information flow control based on capability token validity for secure IoT: implementation and evaluation. IoT Eng. Cyber Phys. Hum. Syst. (2021). https://doi.org/10.1016/j.iot.2021.100423
Nakamura, S., Ogiela, L., Enokido, T., Takizawa, M.: Flexible synchronization protocol to prevent illegal information flow in peer-to-peer publish/subscribe systems. In: Proceedings of the 11th International Conference on Complex, Intelligent, and Software Intensive Systems, pp. 82–93 (2017)
Oma, R., Nakamura, S., Duolikun, D., Enokido, T., Takizawa, M.: An energy-efficient model for fog computing in the Internet of Things (IoT). IoT Eng. Cyber Phys. Hum. Syst. 1–2, 14–26 (2018)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)
Shelby, Z., Hartke, K., Bormann, C.: Constrained application protocol (CoAP). IFTF Internet-draft (2013). http://tools.ietf.org/html/draft-ietf-core-coap-18
Tanganelli, G., Vallati, C., Mingozzi, E.: CoAPthon: easy development of CoAP-based IoT applications with Python. In: IEEE 2nd World Forum on Internet of Things, WF-IoT 2015, pp. 63–68 (2015)
Yuan, E., Tong, J.: Attributed based access control (ABAC) for web services. In: Proceedings of the IEEE International Conference on Web Services, ICWS 2005, p. 569 (2005)
Acknowledgements
This work was supported by Japan Society for the Promotion of Science (JSPS) KAKENHI Grant Number JP20K23336.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Nakamura, S., Enokido, T., Takizawa, M. (2022). A Capability Token Selection Algorithm for Lightweight Information Flow Control in the IoT. In: Barolli, L., Chen, HC., Enokido, T. (eds) Advances in Networked-Based Information Systems. NBiS 2021. Lecture Notes in Networks and Systems, vol 313. Springer, Cham. https://doi.org/10.1007/978-3-030-84913-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-84913-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-84912-2
Online ISBN: 978-3-030-84913-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)