Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things
Keywords:access control, authentication, capability, Internet of Things
In the last few years the Internet of Things (IoT) has seen widespreadapplication and can be found in each field. Authentication and accesscontrol are important and critical functionalities in the context of IoTto enable secure communication between devices. Mobility, dynamicnetwork topology and weak physical security of low power devices in IoTnetworks are possible sources for security vulnerabilities. It ispromising to make an authentication and access control attack resistant andlightweight in a resource constrained and distributed IoT environment.This paper presents the Identity Authentication and Capability basedAccess Control (IACAC) model with protocol evaluation and performanceanalysis. To protect IoT from man-in-the-middle, replay and denial ofservice (Dos) attacks, the concept of capability for access control isintroduced. The novelty of this model is that, it presents an integratedapproach of authentication and access control for IoT devices. Theresults of other related study have also been analyzed to validate andsupport our findings. Finally, the proposed protocol is evaluated byusing security protocol verification tool and verification results showsthat IACAC is secure against aforementioned attacks. This paper alsodiscusses performance analysis of the protocol in terms of computationaltime compared to other existing solutions. Furthermore, this paper addresseschallenges in IoT and security attacks are modelled with the use casesto give an actual view of IoT networks.
ITU-T Internet Reports, Internet of Things, November 2005.
E. Zouganeli and I. E. Svinnset. Connected objects and the Internet of Things – Aparadigm shift, Photonics in Switching 2009, September 2009.
M. Weiser, The computer for the 21st century, Scientific American, 265: 66–75, 1991.
S. Sarma, D. L. Brock, and K. Ashton. The networked physical world. TR MIT-AUTOIDWH-001, MIT Auto-ID Center, 2000.
Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, and Marimuthu Palaniswami.Internet of Things (IoT): A vision, architectural elements, and future directions.Technical Report CLOUDS-TR-2012-2, Cloud Computing and Distributed SystemsLaboratory, The University of Melbourne, 29 June 2012.
Xiaodong Lin, Rongxing Lu, Xuemin Shen, Y. Nemoto, and N. Kato. Sage: A strongprivacy-preserving scheme against global eavesdropping for ehealth systems. IEEEJournal on Selected Areas in Communications, 27(4): 365–378, May 2009.
A. Gluhak, S. Krco, M. Nati, D. Pfisterer, N. Mitton, and T. Razafindralambo. A survey on facilities for experimental Internet of Things Research. IEEE Commun. Mag., 49:58–67, 2011.
P. Spiess, S. Karnouskos, D. Guinard, D. Savio, O. Baecker, L. Souza, and V. Trifa. SOA-based integration of the internet of things in enterprise services. In Proceedings of IEEEICWS 2009, Los Angeles, Ca, USA, July 2009.
I. F. Akyildiz, J. Xie, and S. Mohanty. A survey on mobility management in next generation All-IP based wireless systems. IEEE Wireless Communications Magazine,11(4):16–28, 2004.
C. Mayer. Security and privacy challenges in the IoT. WowKivs, Electronic Communic-ations of the EASST, Volume 17, Germany, 2009.
R. Prasad. My personal Adaptive Global NET (MAGNET). Signals and Communication Technology Book, Springer, The Netherlands, 2010.
D. M. Kyriazanos, G. I. Stassinopoulos, and N. R. Prasad. Ubiquitous access control andpolicy management in personal networks. In Third Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services, pp. 1–6, July 2006.
Michael Braun, Erwin Hess, and Bernd Meyer. Using elliptic curves on RFID tags.International Journal of Computer Science and Network Security, 8(2), 2008.
Sheikh Iqbal Ahamed, Farzana Rahman, and Endadul Hoque. ERAP: ECC based RFID authentication protocol. In 12th IEEE International Workshop on Future Trends of Distributed Computing Systems, 2008.
D. Balfanz, D. K. Smetters, P. Stewart, and H. C. Wong. Talking to strangers: Authentication in ad-hoc wireless networks. In Network and Distributed Systems Security Symposium (NDSS), February 2002.
Guanglei Zhao, Xianping Si, Jingcheng Wang, Xiao Long, and Ting Hu. A novel mutual authentication scheme for Internet of Things. In Proceedings of 2011 IEEE InternationalConference on Modelling, Identification and Control (ICMIC), pp. 563–566, 26–29 June2011.
C. Jiang, B. Li, and H. Xu. An efficient scheme for user authentication in wireless sensor networks. In 21st International Conference on Advanced Information Networking and Applications Workshops, pp. 438–442, 2007.
R. R. S. Verma, D. O’Mahony, and H. Tewari. Progressive authentication in ad hoc networks. In Proceedings of the Fifth European Wireless Conference, February 2004.
T. Suen and A. Yasinsac. Ad hoc network security: Peer identification and authentication using signal properties. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (IAW’05), pp. 432–433, 15–17 June 2005.
L. Venkatraman and D. P. Agrawal. A novel authentication scheme for ad hoc net-works. In Wireless Communications and Networking Conference (WCNC2000), vol.3,pp. 1268–1273. IEEE,2000.
B. Bing. Emerging Technologies in Wireless LANs – Theory, Design and Deployment.Cambridge University Press, 2008.
Best Current Practices for WISP Roaming, WiFi Alliance, 2003.
RFC 2865, Remote Authentication Dial in User Service (RADIUS).
Jian Feng. Analysis, implementation and extensions of RADIUS protocol. In International Conference on Networking and Digital Society (ICNDS’09), vol.1, pp. 154–157,30–31 May 2009.
RFC 5247, Extensible Authentication Protocol (EAP) Key Management Framework,August 2008.
A. M. El-Nagar, A. A. El-Hafez, and A. Elhnawy. A novel EAP – Moderate weight Extensible Authentication Protocol. In IEEE Seventh International Conference on Computer Engineering (ICENCO2011), pp. -1-6, 27–28 December 2011.
Wei Yuan, Liang Hu, Hong-tu Li, Kuo Zhao, Jiang-feng Chu, and Yuyu Sun. Key replicating attack on an identity-based three-party authenticated key agreement protocol.In IEEE International Conference on Network Computing and Information Security(NCIS), vol. 2, pp. 249–253, 14–15 May 2011.
Jun Lei, Xiaoming Fu, Dieter Hogrefe, and Jianrong Tan. Comparative studies on au-thentication and key exchange methods for 802.11 wireless LAN. Computers & Security,26(5): 401–409, August 2007.
OASIS.eXtensible Access Control Markup Language (XACML) Version 3.0, Working Draft 8, February 2009.
W3C Platform for Privacy Project: http://www.w3.org/privacy/.
The Shibboleth project: www.shibboleth.net.
The Liberty Alliance Project: www.projectliberty.org.
Ravi S. Sandhu. The typed access matrix model. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE CS Press, 1992.
T. Close. ACLs don’t. HP Laboratories Technical Report,February 2009.
L. Gong. A secure identity-based capability system. In Proceedings of 1989 IEEE Symposium on Security and Privacy, Oakland, CA, May. IEEE Computer Society Press, LosAlamitos, 1989.
Ravi S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based accesscontrol models. IEEE Computer, 29(2): 38–47, February 1996.
J. B. D. Joshi, E. Bertino, U.Latif, and A. Ghafoor. A generalized temporal role-based access control model. IEEE Transactions on Knowledge and Data Engineering, 17(1):4–23, January 2005.
R. Bhatti, E. Bertino, and A. Ghafoor. A trust-based context-aware access control model for web-services. Distributed and Parallel Databases, 18(1), July 2005.
Q. Ni, A. Trombetta, E. Bertino, and J. Lobo. Privacy-aware role based access control. In Proceedings of the 12th ACM Symposium on Access Control Models and Technologies(SACMAT’07), 2007.
E. Barka and R. Sandhu. A role-based delegation model and some extensions. In Proceedings of the 23rd National Information Systems Security Conference, 2000.
E. Barka and R. Sandhu. Role-based delegation model/hierarchical roles. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), 2004.
K. Hasebe, M. Mabuchi, and A. Matsushita. Capability-based delegation model in RBAC. In Proceedings of the 15th ACM Symposium on Access Control Models andTechnologies (SACMAT’10). ACM, 2010.
Y. G. Kim, C. J. Mon, D. Jeong, J. O. Lee, C. Y. Song, and D. K. Baik. Context-awareaccess control mechanism for ubiquitous applications. In Advances in Web Intelligence,LNCS, Vol. 3528, pp. 236–242. Springer, Heidelberg, 2005.
D. Kulkarni and A. Tripathi. Context-aware role-based access control in pervasive computing systems. In SACMAT’08, Estes Park, CO, 11–13 June 2008.
Kyungah Shim and Young-Ran Lee. Security flaws in authentication and key establishment protocols for mobile communications. Applied Mathematics and Computation,169(1): 62–74, October 2005.
G. Horn, K. M. Martin, and C. J. Mitchell. Authentication protocols for mobile network environment value added services. IEEE Transactions on Vehicular Technology, 51(2):383–392, 2002.
M. J. Beller, L. F. Chang, and Y. Yacobi. Privacy and authentication on a portable communications system. IEEE Journal on Selected Areas in Communications, 11: 821–829,1993.
C. Boyd and A. Mathuria. Key establishment protocols for Secure Mobile communications: A selective survey. In Information Security and Privacy, ACISP 98, LNCS, Vol.1438, pp. 344–355. Springer, Heidelberg, 1998.
A. Aziz and W. Diffie. Privacy and authentication for wireless local area networks. IEEE Personal Communications, 1: 25–31, 1994.
D. S. Wong and A. H. Chan. Efficient and mutually authenticated key exchange for low power mobile device. In Advances in Cryptology – Asiarcypt01, LNCS, Vol. 2248, pp.272–289. Springer-Verlag, Heidelberg, 2001.
N. Koblitz. Elliptic curve cryptosystems. Mathematics of Computation, 48: 203–209,1987.
Avispa – A tool for Automated Validation of Internet Security Protocols.http://www.avispa-project.org.
D. Dolev and A. C.-C. Yao. On the security of public key protocols. In FOCS, pp. 350–357. IEEE,1981.
R. Chakravorty. A programmable service architecture for mobile medical care. In 4th IEEE International Conference on Pervasive Computing and Communications, 2006.
C. Karlof, N. Sastry, and D. Wagner. Tinysec: Link layer security architecture for wire-less sensor networks. In SensSys, ACM Conference on Embedded Networked Sensor Systems, 2004.
N. Gura, A. Patel, A. Wander, H. Eberle, and S. C. Shantz. Comparing elliptic curve cryptography and RSA on 8-it CPUs. In CHES 2004, LNCS, Vol. 3156, pp. 119–132,Springer, Heidelberg, 2004. IACAC for the Internet of Things345
Y. L. Yin. The RC5 encryption algorithm: Two years on. CryptoBytes, 3(2), Winter 1997.
M. Bellare, J. Killan, and P. Rogaway. The security of cipher block chaining. In Y.Desmedt (Ed.), CRYPTO 1994. LNCS, Vol. 839, pp. 341–358. Springer, Heidelberg,1994.
H. Wang, B. Sheng, and Q. Li. Elliptic curve cryptography based access control in sensor networks. Int. J. Security and Networks, 1(3/4): 127–137, 2006.
Bela Ban. Adding group communication to Java in a non-intrusive way using the ensemble toolkit. Technical Report, Dept. of Computer Science, Cornell University,November 1997.
Bayu Anggorojati, Parikshit N. Mahalle, Neeli R. Prasad, and Ramjee Prasad.Capability-based access control delegation model on the federated IoT network. InIEEE 15th International Symposium on Wireless Personal Multimedia Communications(WPMC2012), Taipei, Taiwan, September 24–27, pp. 604–608, 2012.
Petar Popovski. On designing future communication systems: Some clean-slate perspectives. In R. Prasad, S. Dixit, R. Nee, and T. Ojanpera (Eds.), Globalization of Mobile and Wireless Communications, pp. 129–143. Springer Science+Business Media, 2011.
Alberto Leon-Garcia. Probability, Statistics, and Random Processes for ElectricalEngineering (3rd ed.). Prentice Hall, 2008.