Authorization Framework for the Internet-of-Things

This paper describes a framework that allows fine-grained and flexible access control to connected devices with very limited processing power and memory. We propose a set of security and performance requirements for this setting and derive an authorization framework distributing processing costs between constrained devices and less constrained back-end servers while keeping message exchanges with the constrained devices at a minimum. As a proof of concept we present performance results from a prototype implementing the device part of the framework

Fine-grained access control framework for Igor, a unified access solution to the Internet of Things

With the growing popularity of the Internet of Things (IoT), devices in households and offices are becoming information sharing "smart" devices controlled via network connections. The growth of collection, handling and distribution of data generated by IoT devices presents ethical and privacy issues. Users have no control over what information is kept or revealed, the interpretation of data collected, data ownership and who can access specific information generated by their IoT devices. This paper describes an approach to data ethical/privacy issues related to IoT using a fine-grained access-control framework on Igor, a centralized home and office automation solution. We designed a capability-based access control framework on top of Igor that allows agents, either human or machine, to access and change only the data to which they are authorised. The applicability of this to the European General Data Protection Regulation (GDPR) should be obvious. The implementation, expert evaluation and performance measurement results demonstrate that this is a promising solution for securing access to data generated by IoT devices

IoT-cloud authorization and delegation mechanisms for ubiquitous sensing and actuation

© 2016 IEEE.In the roadmap for the implementation of ubiquitous computing, ubiquitous sensing and actuation is a milestone still to be reached. It refers to providing sensing and actuation facilities anytime and everywhere. This does not just imply to interconnect sensors and actuators through the Internet, but also and mainly to provide this facilities. IoT-Cloud computing paradigms such as the sensing and actuation as a service one could be a proper way to address this problem. In past work we developed an SAaaS framework extending OpenStack with specific functionalities for resource constrained nodes, Stack4Things. In this paper we focus on access control, authorization and delegation mechanisms which are basic mechanisms for the implementation of the UbSA vision. Thus starting from Stack4Things, we describe how we adapted and extended mechanisms provided by OpenStack, with specific regard to Keystone, with new functionalities for delegation and access control. A use case in the smart city scenario of #SmartME describes the proposed solution in practice

A Study on Sanctuary and Seclusion Issues in Internet-of-Things

Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of seclusion loss and sanctuary issues. To secure the IoT devices, many research works have been con-ducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user�s seclusion and sanctuary requirements. The study consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the sanctuary issues in different layers

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT). As an access control scheme, we have selected User-Managed Access (UMA), an existing Open Authorization (OAuth) 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal.Ministerio de Economía y CompetitividadUniversidad de Alcal

Towards Flexible Integration of 5G and IIoT Technologies in Industry 4.0: A Practical Use Case

The Industry 4.0 revolution envisions fully interconnected scenarios in the manufacturing industry to improve the efficiency, quality, and performance of the manufacturing processes. In parallel, the consolidation of 5G technology is providing substantial advances in the world of communication and information technologies. Furthermore, 5G also presents itself as a key enabler to fulfill Industry 4.0 requirements. In this article, the authors first propose a 5G-enabled architecture for Industry 4.0. Smart Networks for Industry (SN4I) is introduced, an experimental facility based on two 5G key-enabling technologies—Network Functions Virtualization (NFV) and Software-Defined Networking (SDN)—which connects the University of the Basque Country’s Aeronautics Advanced Manufacturing Center and Faculty of Engineering in Bilbao. Then, the authors present the deployment of a Wireless Sensor Network (WSN) with strong access control mechanisms into such architecture, enabling secure and flexible Industrial Internet of Things (IIoT) applications. Additionally, the authors demonstrate the implementation of a use case consisting in the monitoring of a broaching process that makes use of machine tools located in the manufacturing center, and of services from the proposed architecture. The authors finally highlight the benefits achieved regarding flexibility, efficiency, and security within the presented scenario and to the manufacturing industry overall.This work was supported in part by the Spanish Ministry of Economy, Industry and Competitiveness through the State Secretariat for Research, Development and Innovation under the “Adaptive Management of 5G Services to Support Critical Events in Cities (5G-City)” TEC2016-76795-C6-5-R and “Towards zero touch network and services for beyond 5G (TRUE5G)” PID2019-108713RB-C54 projects and in part by the Department of Economic Development and Competitiveness of the Basque Government through the 5G4BRIS KK-2020/00031 research project

A Medical Records Managing and Securing Blockchain Based System Supported by a Genetic Algorithm and Discrete Wavelet Transform

The privacy of patients is jeopardised when medical records and data are spread or shared beyond the protected cloud of institutions. This is because breaches force them to the brink that they start abstaining from full disclosure of their condition. This type of condition has a negative effect on scientific research, patients and all stakeholders. A blockchain-based data sharing system is proposed to tackle this issue, which employs immutability and autonomy properties of the blockchain to sufficiently resolve challenges associated with access control and handle sensitive data. Our proposed system is supported by a Discrete Wavelet Transform to enhance the overall security, and a Genetic Algorithm technique to optimise the queuing optimization technique as well. Introducing this cryptographic key generator enhances the immunity and system access control, which allows verifying users securely in a fast way. This design allows further accountability since all users involved are already known and the blockchain records a log of their actions. Only when the users' cryptographic keys and identities are confirmed, the system allows requesting data from the shared queuing requests. The achieved execution time per node, confirmation time per node and robust index for block number of 0.19 s, 0.17 s and 20 respectively that based on system evaluation illustrates that our system is robust, efficient, immune and scalable