2 research outputs found
Access Management in Lightweight IoT: A Comprehensive review of ACE-OAuth framework
With the expansion of Internet of Things (IoT), the need for secure and scalable authentication and
authorization mechanism for resource-constrained devices is becoming increasingly important. This
thesis reviews the authentication and authorization mechanisms in resource-constrained Internet of
Things (IoT) environments. The thesis focuses on the ACE-OAuth framework, which is a lightweight
and scalable solution for access management in IoT. Traditional access management protocols are not
well-suited for the resource-constrained environment of IoT devices. This makes the lightweight
devices vulnerable to cyber-attacks and unauthorized access. This thesis explores the security
mechanisms and standards, the protocol flow and comparison of ACE-OAuth profiles. It underlines
their potential risks involved with the implementation. The thesis delves into the existing and
emerging trends technologies of resource-constrained IoT and identifies limitations and potential
threats in existing authentication and authorization methods.
Furthermore, comparative analysis of ACE profiles demonstrated that the DTLS profile enables
constrained servers to effectively handle client authentication and authorization. The OSCORE
provides enhanced security and non-repudiation due to the Proof-of-Possession (PoP) mechanism,
requiring client to prove the possession of cryptographic key to generate the access token.
The key findings in this thesis, including security implications, strengths, and weaknesses for ACE
OAuth profiles are covered in-depth. It shows that the ACE-OAuth framework’s strengths lie in its
customization capabilities and scalability. This thesis demonstrates the practical applications and
benefits of ACE-OAuth framework in diverse IoT deployments through implementation in smart
home and factory use cases. Through these discussions, the research advances the application of
authentication and authorization mechanisms and provides practical insights into overcoming the
challenges in constrained IoT settings
Internet of Things for system integrity: a comprehensive survey on security, attacks and countermeasures for industrial applications
The growth of the Internet of Things (IoT) offers numerous opportunities for developing industrial applications such as smart grids, smart cities, smart manufacturers, etc. By utilising these opportunities, businesses engage in creating the Industrial Internet of Things (IIoT). IoT is vulnerable to hacks and, therefore, requires various techniques to achieve the level of security required. Furthermore, the wider implementation of IIoT causes an even greater security risk than its benefits. To provide a roadmap for researchers, this survey discusses the integrity of industrial IoT systems and highlights the existing security approaches for the most significant industrial applications. This paper mainly classifies the attacks and possible security solutions regarding IoT layers architecture. Consequently, each attack is connected to one or more layers of the architecture accompanied by a literature analysis on the various IoT security countermeasures. It further provides a critical analysis of the existing IoT/IIoT solutions based on different security mechanisms, including communications protocols, networking, cryptography and intrusion detection systems. Additionally, there is a discussion of the emerging tools and simulations used for testing and evaluating security mechanisms in IoT applications. Last, this survey outlines several other relevant research issues and challenges for IoT/IIoT security