Distributed Capability-based Access Control
for the Internet of Things

José L. Hernández-Ramos1*,Antonio J. Jara2, Leandro Marín1, and Antonio F. Skarmeta1
 

1Department of Information and Communications Engineering
Computer Science Faculty
University of Murcia, 30100 Murcia, Spain
{jluis.hernandez, leandro, skarmeta}@um.es

 

2Institute of Information Systems
University of Applied Sciences Western Switzerland (HES-SO)
Sierre, Switzerland
jara@ieee.org

 

Abstract

The evolution of the Internet towards the Internet of Things is being deployed in emerging cyberphysical systems such as access control solutions, alert networks, building automation, and the extension of all these systems into Smarter Cities. This extension and proliferation of the technology in our lives is also presenting security challenges, since the unexpected leaks of information, and illegitimate access to data and physical systems could present a high impact in our lives. This work proposes a cryptographic solution against insider threats through a distributed capability-based access control. This access control solution supports the management of certificates, authentication, and authorization processes. The capability-based approach offers benefits in terms of distributed management, support for delegation, traceability of the access, authentication chains to extend scalability and support of standard certificates based on Elliptic Curve Cryptography (ECC). Specifically, it has been designed a capability token for CoAP Resources, which is signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) in order to ensure end-to-end authentication, integrity and non-repudiation. This distributed solution allows the deployment of scenarios without the intervention of any intermediate entity, a distributed scenario with end-to-end access control validation has been implemented, deployed, and evaluated based on the Jennic/NXP JN5139 module. The results obtained through our experiments demonstrate the feasibility of the proposed approach, in numbers, this has required an average of 480 ms to carry out all the validation process (included signature validation in the smart objects).

 

Keywords: Security, Distributed access control, Cryptographic primitives, Internet of Things

 

+: Corresponding author: José L. Hernández-Ramos

Tel:  +34-868888771

 

Journal of Internet Services and Information Security (JISIS), 3(3/4): 1-16, November  2013 [pdf]