Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things


  • Parikshit N. Mahalle Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark
  • Bayu Anggorojati Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark
  • Neeli R. Prasad Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark
  • Ramjee Prasad Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark



access control, authentication, capability, Internet of Things


In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.


Download data is not yet available.

Author Biographies

Parikshit N. Mahalle, Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark

Parikshit N. Mahalle is IEEE member, ACM member, Life member ISTE and graduated in Computer Engineering from Amravati University,Maharashtra, India in 2000 and received Master in Computer Engineering from Pune University in 2007. From 2000 to 2005, he was working as lecturer in Vishwakarma Institute of technology, Pune, India. From August 2005, he was working as an Assistant Professor in Department of Computer Engineering, STES’s Smt. Kashibai Navale College of Engineering, and Pune, India. Currently he is pursuing his Ph.D. in wireless communication at Center for TeleInFrastruktur (CTIF), Aalborg University, Denmark. He has published 25 papers at national and international level. He has authored five books on subjects like Data Structures, Theory of Computations and Programming Languages. He is also the recipient of “Best Faculty Award” by STES and Cognizant Technologies Solutions. His research interests are Algorithms, IoT, Identity Management and Security.

Bayu Anggorojati, Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark

Bayu Anggorojati is currently pursuing his PhD at Center for TeleIn-Frastruktur (CTIF), Aalborg University. His main research interest is in access control for RFID system and IoT. During the period of his PhD work, he has been involved in several projects, especially the EC projects, such as ASPIRE, ISISEMD, LIFE2.0, and BETaaS.

Neeli R. Prasad, Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark

Neeli Rashmi Prasad, Ph.D., IEEE Senior Member, Director, Center For TeleInfrastructure USA (CTIF-USA), Princeton, USA. She is also Head of Research and Coordinator of Themantic area Network without Borders, Center for TeleInfrastruktur (CTIF) head office, Aalborg University, Aalborg, Denmark.
She is leading IoT Testbed at Easy Life Lab (IoT/M2M and eHealth) and Secure Cognitive radio network testbed at S-Cogito Lab (Network Manage-ment, Security, Planning , etc.). She received her Ph.D. from University of Rome “Tor Vergata”, Rome, Italy, in the field of “adaptive security for wireless heterogeneous networks” in 2004 and M.Sc. (Ir.) degree in Electrical Engineering from Delft University of Technology, the Netherlands, in the field of “Indoor Wireless Communications using Slotted ISMA Protocols” in 1997.
She has over 15 years of management and research experience both inindustry and academia. She has gained a large and strong experience into the administrative and project coordination of EU-funded and Industrial research projects. She joined Libertel (now Vodafone NL), The Netherlands in 1997. Until May 2001, she worked at Wireless LANs in Wireless Communications and Networking Division of Lucent Technologie, the Netherlands. From June2001 to July 2003, she was with T-Mobile Netherlands, the Netherlands.Subsequently, from July 2003 to April 2004, at PCOM:I3, Aalborg, Denmark. She has been involved in a number of EU-funded R&D projects, including FP7 CP Betaas for M2M & Cloud, FP7 IP ISISEMD ICt for Demetia, FP7 IP ASPIRE RFID and Middleware, FP7 IP FUTON Wired-Wireless Convergence, FP6 IP eSENSE WSNs, FP6 NoE CRUISE WSNs, FP6 IPMAGNET and FP6 IP Magnet Beyond Secure Personal Networks/Future Internet as the latest ones. She is currently the project coordinator of the FP7CIP-PSP LIFE 2.0 and IST IP ASPIRE and was project coordinator of FP6NoE CRUISE. She was also the leader of EC Cluster for Mesh and Sensor Networks and is Counselor of IEEE Student Branch, Aalborg. Her current research interests are in the area of IoT & M2M, Cloud, identity management,mobility and network management; practical radio resource management; security, privacy and trust. Experience in other fields includes physical layer techniques, policy based management, short-range communications. She has published over 160 publications ranging from top journals, international conferences and chapters in books. She is and has been in the organization and TPC member of several international conferences. She is the co-editoris chief ofJournal for Cyber Security and Mobilityby River Publishers andassociate editor of Social Media and Social Networkingby Springer.

Ramjee Prasad, Center for TeleInFrastruktur, Aalborg University, Aalborg, Denmark

Ramjee Prasad (R) is currently the Director of the Center for TeleIn-frastruktur (CTIF) at Aalborg University (AAU), Denmark and Professor, Wireless Information Multimedia Communication Chair. He is the Founding Chairman of the Global ICT Standardisation Forum for India ( established in 2009. GISFI has the purpose of increasing the collaboration between European, Indian, Japanese, North-American, andother worldwide standardization activities in the area of Information and Communication Technology (ICT) and related application areas. He was the Founding Chairman of the HERMES Partnership – a network of leading independent European research centres established in 1997, of which he is now the Honorary Chair.
Ramjee Prasad is the founding editor-in-chief of the Springer International Journal on Wireless Personal Communications.He is a member of the editorial board of several other renowned international journals, including those of River Publishers. He is a member of the Steering, Advisory, and Technical Program committees of many renowned annual international conferences, including Wireless Personal Multimedia Communications Sym-posium (WPMC) and Wireless VITAE. He is a Fellow of the Institute of Electrical and Electronic Engineers (IEEE), USA, the Institution of Electronics and Telecommunications Engineers (IETE), India, the Institution of Engineering and Technology (IET), UK, and a member of the Netherlands Electronics and Radio Society (NERG) and the Danish Engineering Society(IDA). He is also a Knight (“Ridder”) of the Order of Dannebrog (2010), a distinguishment awarded by the Queen of Denmark.


ITU-T Internet Reports, Internet of Things, November 2005.

E. Zouganeli and I. E. Svinnset. Connected objects and the Internet of Things – Aparadigm shift, Photonics in Switching 2009, September 2009.

M. Weiser, The computer for the 21st century, Scientific American, 265: 66–75, 1991.

S. Sarma, D. L. Brock, and K. Ashton. The networked physical world. TR MIT-AUTOIDWH-001, MIT Auto-ID Center, 2000.

Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami.Internet of Things (IoT): A vision, architectural elements, and future directions.Technical Report CLOUDS-TR-2012-2, Cloud Computing and Distributed SystemsLaboratory, The University of Melbourne, 29 June 2012.

Xiaodong Lin, Rongxing Lu, Xuemin Shen, Y. Nemoto, and N. Kato. Sage: A strongprivacy-preserving scheme against global eavesdropping for ehealth systems. IEEEJournal on Selected Areas in Communications, 27(4): 365–378, May 2009.

A. Gluhak, S. Krco, M. Nati, D. Pfisterer, N. Mitton, and T. Razafindralambo. A survey on facilities for experimental Internet of Things Research. IEEE Commun. Mag., 49:58–67, 2011.

P. Spiess, S. Karnouskos, D. Guinard, D. Savio, O. Baecker, L. Souza, and V. Trifa. SOA-based integration of the internet of things in enterprise services. In Proceedings of IEEEICWS 2009, Los Angeles, Ca, USA, July 2009.

I. F. Akyildiz, J. Xie, and S. Mohanty. A survey on mobility management in next generation All-IP based wireless systems. IEEE Wireless Communications Magazine,11(4):16–28, 2004.

C. Mayer. Security and privacy challenges in the IoT. WowKivs, Electronic Communic-ations of the EASST, Volume 17, Germany, 2009.

R. Prasad. My personal Adaptive Global NET (MAGNET). Signals and Communication Technology Book, Springer, The Netherlands, 2010.

D. M. Kyriazanos, G. I. Stassinopoulos, and N. R. Prasad. Ubiquitous access control andpolicy management in personal networks. In Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, pp. 1–6, July 2006.

Michael Braun, Erwin Hess, and Bernd Meyer. Using elliptic curves on RFID tags.International Journal of Computer Science and Network Security, 8(2), 2008.

Sheikh Iqbal Ahamed, Farzana Rahman, and Endadul Hoque. ERAP: ECC based RFID authentication protocol. In 12th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2008.

D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed Systems Security Symposium (NDSS), February 2002.

Guanglei Zhao, Xianping Si, Jingcheng Wang, Xiao Long, and Ting Hu. A novel mutual authentication scheme for Internet of Things. In Proceedings of 2011 IEEE InternationalConference on Modelling, Identification and Control (ICMIC), pp. 563–566, 26–29 June2011.

C. Jiang, B. Li, and H. Xu. An efficient scheme for user authentication in wireless sensor networks. In 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 438–442, 2007.

R. R. S. Verma, D. O’Mahony, and H. Tewari. Progressive authentication in ad hoc networks. In Proceedings of the Fifth European Wireless Conference, February 2004.

T. Suen and A. Yasinsac. Ad hoc network security: Peer identification and authentication using signal properties. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (IAW’05), pp. 432–433, 15–17 June 2005.

L. Venkatraman and D. P. Agrawal. A novel authentication scheme for ad hoc net-works. In Wireless Communications and Networking Conference (WCNC2000), vol.3,pp. 1268–1273. IEEE,2000.

B. Bing. Emerging Technologies in Wireless LANs – Theory, Design and Deployment.Cambridge University Press, 2008.

Best Current Practices for WISP Roaming, WiFi Alliance, 2003.

RFC 2865, Remote Authentication Dial in User Service (RADIUS).

Jian Feng. Analysis, implementation and extensions of RADIUS protocol. In International Conference on Networking and Digital Society (ICNDS’09), vol.1, pp. 154–157,30–31 May 2009.

RFC 5247, Extensible Authentication Protocol (EAP) Key Management Framework,August 2008.

A. M. El-Nagar, A. A. El-Hafez, and A. Elhnawy. A novel EAP – Moderate weight Extensible Authentication Protocol. In IEEE Seventh International Conference on Computer Engineering (ICENCO2011), pp. -1-6, 27–28 December 2011.

Wei Yuan, Liang Hu, Hong-tu Li, Kuo Zhao, Jiang-feng Chu, and Yuyu Sun. Key replicating attack on an identity-based three-party authenticated key agreement protocol.In IEEE International Conference on Network Computing and Information Security(NCIS), vol. 2, pp. 249–253, 14–15 May 2011.

Jun Lei, Xiaoming Fu, Dieter Hogrefe, and Jianrong Tan. Comparative studies on au-thentication and key exchange methods for 802.11 wireless LAN. Computers & Security,26(5): 401–409, August 2007.

OASIS.eXtensible Access Control Markup Language (XACML) Version 3.0, Working Draft 8, February 2009.

W3C Platform for Privacy Project:

The Shibboleth project:

The Liberty Alliance Project:

Ravi S. Sandhu. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE CS Press, 1992.

T. Close. ACLs don’t. HP Laboratories Technical Report,February 2009.

L. Gong. A secure identity-based capability system. In Proceedings of 1989 IEEE Symposium on Security and Privacy, Oakland, CA, May. IEEE Computer Society Press, LosAlamitos, 1989.

Ravi S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based accesscontrol models. IEEE Computer, 29(2): 38–47, February 1996.

J. B. D. Joshi, E. Bertino, U.Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4–23, January 2005.

R. Bhatti, E. Bertino, and A. Ghafoor. A trust-based context-aware access control model for web-services. Distributed and Parallel Databases, 18(1), July 2005.

Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies(SACMAT’07), 2007.

E. Barka and R. Sandhu. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference, 2000.

E. Barka and R. Sandhu. Role-based delegation model/hierarchical roles. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), 2004.

K. Hasebe, M. Mabuchi, and A. Matsushita. Capability-based delegation model in RBAC. In Proceedings of the 15th ACM Symposium on Access Control Models andTechnologies (SACMAT’10). ACM, 2010.

Y. G. Kim, C. J. Mon, D. Jeong, J. O. Lee, C. Y. Song, and D. K. Baik. Context-awareaccess control mechanism for ubiquitous applications. In Advances in Web Intelligence,LNCS, Vol. 3528, pp. 236–242. Springer, Heidelberg, 2005.

D. Kulkarni and A. Tripathi. Context-aware role-based access control in pervasive computing systems. In SACMAT’08, Estes Park, CO, 11–13 June 2008.

Kyungah Shim and Young-Ran Lee. Security flaws in authentication and key establishment protocols for mobile communications. Applied Mathematics and Computation,169(1): 62–74, October 2005.

G. Horn, K. M. Martin, and C. J. Mitchell. Authentication protocols for mobile network environment value added services. IEEE Transactions on Vehicular Technology, 51(2):383–392, 2002.

M. J. Beller, L. F. Chang, and Y. Yacobi. Privacy and authentication on a portable communications system. IEEE Journal on Selected Areas in Communications, 11: 821–829,1993.

C. Boyd and A. Mathuria. Key establishment protocols for Secure Mobile communications: A selective survey. In Information Security and Privacy, ACISP 98, LNCS, Vol.1438, pp. 344–355. Springer, Heidelberg, 1998.

A. Aziz and W. Diffie. Privacy and authentication for wireless local area networks. IEEE Personal Communications, 1: 25–31, 1994.

D. S. Wong and A. H. Chan. Efficient and mutually authenticated key exchange for low power mobile device. In Advances in Cryptology – Asiarcypt01, LNCS, Vol. 2248, pp.272–289. Springer-Verlag, Heidelberg, 2001.

N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48: 203–209,1987.

Avispa – A tool for Automated Validation of Internet Security Protocols.

D. Dolev and A. C.-C. Yao. On the security of public key protocols. In FOCS, pp. 350–357. IEEE,1981.

R. Chakravorty. A programmable service architecture for mobile medical care. In 4th IEEE International Conference on Pervasive Computing and Communications, 2006.

C. Karlof, N. Sastry, and D. Wagner. Tinysec: Link layer security architecture for wire-less sensor networks. In SensSys, ACM Conference on Embedded Networked Sensor Systems, 2004.

N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz. Comparing elliptic curve cryptography and RSA on 8-it CPUs. In CHES 2004, LNCS, Vol. 3156, pp. 119–132,Springer, Heidelberg, 2004. IACAC for the Internet of Things345

Y. L. Yin. The RC5 encryption algorithm: Two years on. CryptoBytes, 3(2), Winter 1997.

M. Bellare, J. Killan, and P. Rogaway. The security of cipher block chaining. In Y.Desmedt (Ed.), CRYPTO 1994. LNCS, Vol. 839, pp. 341–358. Springer, Heidelberg,1994.

H. Wang, B. Sheng, and Q. Li. Elliptic curve cryptography based access control in sensor networks. Int. J. Security and Networks, 1(3/4): 127–137, 2006.

Bela Ban. Adding group communication to Java in a non-intrusive way using the ensemble toolkit. Technical Report, Dept. of Computer Science, Cornell University,November 1997.

Bayu Anggorojati, Parikshit N. Mahalle, Neeli R. Prasad, and Ramjee Prasad.Capability-based access control delegation model on the federated IoT network. InIEEE 15th International Symposium on Wireless Personal Multimedia Communications(WPMC2012), Taipei, Taiwan, September 24–27, pp. 604–608, 2012.

Petar Popovski. On designing future communication systems: Some clean-slate perspectives. In R. Prasad, S. Dixit, R. Nee, and T. Ojanpera (Eds.), Globalization of Mobile and Wireless Communications, pp. 129–143. Springer Science+Business Media, 2011.

Alberto Leon-Garcia. Probability, Statistics, and Random Processes for ElectricalEngineering (3rd ed.). Prentice Hall, 2008.







Most read articles by the same author(s)

1 2 > >>