516
Views
89
CrossRef citations to date
0
Altmetric
Articles

DCapBAC: embedding authorization logic into smart things through ECC optimizations

, , &
Pages 345-366 | Received 31 Dec 2013, Accepted 09 Apr 2014, Published online: 22 May 2014

References

  • A. Armando, D.A. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuéllar, P.H. Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron, The avispa tool for the automated validation of internet security protocols and applications, in CAV 2005, LNCS, Vol. 3576, K. Etessami and S.K. Rajamani, eds., Springer, Heidelberg, 2005, pp. 281–285.
  • L. Atzori, A. Iera, and G. Morabito, The internet of things: A survey, Comput. Netw. 54(15) (2010), pp. 2787–2805. doi: 10.1016/j.comnet.2010.05.010
  • S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, Proposed security model and threat taxonomy for the internet of things (iot), in Recent Trends in Network Security and Applications, N. Meghanathan, S. Boumerdasi, N. Chaki, and D. Nagamalai, eds., Springer, Berlin, Heidelberg, 2010, pp. 420–429. doi: 10.1007/978-3-642-14478-3_42
  • B. Bayu, P.N. Mahalle, N.R. Prasad, and R. Prasad, Capability-based access control delegation model on the federated IoT network, Proceedings of the 15th International Symposium on Wireless Personal Multimedia Communications (WPMC), Taipei, China, IEEE, September, 2012, pp. 604–608.
  • M. Castro, A. Jara, and A. Skarmeta, Smart lighting solutions for smart cities, Proceedings of the 27th International Conference on Advanced Information Networking and Applications Workshops (WAINA), Barcelona, Spain, IEEE, March, 2013, pp. 1374–1379.
  • B. Choi and K. Cho, Detection of insider attacks to the web server, J. Wirel. Mob. Netw. Ubiquitous Comput.Dependable Appl. 3(4) (2012), pp. 35–45, 12.
  • D. Crockford, RFC 4627: The application/json Media Type for Javascript Object Notation (JSON). IETF RFC 4627, July 2006. Available at http://www.ietf.org/rfc/rfc4627.txt.
  • J. Dennis and E. Van Horn, Programming semantics for multiprogrammed computations, Commun. ACM 9(3) (1966), pp. 143–155. doi: 10.1145/365230.365252
  • D. Dolev and A. Yao, On the security of public key protocols, IEEE Trans. Inform. Theory 29(2) (1983), pp. 198–208. doi: 10.1109/TIT.1983.1056650
  • D. Ferraiolo, J. Cugini, and R. Kuhn, Role-based access control (RBAC): Features and motivations, Proceedings of 11th Annual Computer Security Application Conference, 1995, pp. 241–248.
  • O. Garcia-Morchon, S.L. Keoh, S. Kumar, P. Moreno-Snchez, F. Vidal-Meca, and J.H. Ziegeldorf, Securing the IP-based internet of things with HIP and DTLS, Proceedings of the Sixth ACM Conference on Security and Privacy in Wireless and Mobile Networks, ACM, 2013, pp. 119–124.
  • O. Garcia-Morchon, S. Kumar, R. Struik, S. Keoh, and R. Hummen, Security Considerations in the Ip-Based Internet of Things, CoRE group, Internet Engineering Task Force (IETF), Internet-Draft, draft-garcia-core-security-06, September 2013.
  • V.C. Gungor, D. Sahin, T. Kocak, S. Ergt, C. Buccella, C. Cecati, and G. Hancke, Smart grid and smart homes: Key players and pilot projects, IEEE Ind. Electron. Mag. 6(4) (2012), pp. 18–34. doi: 10.1109/MIE.2012.2207489
  • S. Gusmeroli, S. Piccione, and D. Rotondi, A capability-based security approach to manage access control in the internet of things, Math. Comput. Model. 58(5–6) (2013), pp. 1189–1205. doi: 10.1016/j.mcm.2013.02.006
  • D. Hankerson, S. Vanstone, and A.J. Menezes, Guide to Elliptic Curve Cryptography, Springer, New York, 2004.
  • N. Hardy, The confused deputy: (Or why capabilities might have been invented), ACM SIGOPS Oper. Syst. Rev. 22(4) (1988), pp. 36–38. doi: 10.1145/54289.871709
  • T. Heer, O. Garcia-Morchon, R. Hummen, S.L. Keoh, S.S. Kumar, and K. Wehrle, Security challenges in the ip-based internet of things, Wirel. Pers. Commun. 61(3) (2011), pp. 527–542. doi: 10.1007/s11277-011-0385-5
  • J.L. Hernández-Ramos, A.J. Jara, L. Marın, and A.F. Skarmeta, Distributed capability-based access control for the internet of things, J. Internet Serv. Inf. Secur. 3(3/4) (2013), pp. 1–16.
  • A. Jara, M. Zamora, and A. Skarmeta, An internet of things – based personal device for diabetes therapy management in ambient assisted living (AAL), Pers. Ubiquitous Comput. 15(4) (2011), pp. 431–440. doi: 10.1007/s00779-010-0353-1
  • A.J. Jara, L. Ladid, and A.F. Skarmeta, The internet of everything through ipv6: An analysis of challenges, solutions and opportunities, J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. 4(3) (2013), pp. 97–118, 9.
  • A.J. Jara, M.A. Zamora-Izquierdo, and A.F. Skarmeta, Interconnection framework for mhealth and remote monitoring based on the internet of things, IEEE J. Sel. Areas Commun. 31(9) (2013), pp. 47–65. doi: 10.1109/JSAC.2013.SUP.0513005
  • C. Jennings, J. Arkko, and Z. Shelby, Media types for sensor markup language (SENML), Network Working group, Internet Engineering Task Force (IETF), Work in Progress, draft-jennings-senml-10, October 2012. Available at http://tools.ietf.org/html/draft-jennings-senml-10.
  • M. Jones, J. Bradley, and N.Sakimura, JSON Web Token (JWT), OAuth Working Group, Internet Engineering Task Force (IETF), work in progress, draft-ietf-oauth-json-web-token-11, July 2013. Available at http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-11.
  • A. Juels, Rfid security and privacy: A research survey, IEEE J. Sel. Areas Commun. 24(2) (2006), pp. 381–394. doi: 10.1109/JSAC.2005.861395
  • N. Kushalnagar, G. Montenegro, and C. Schumacher, Ipv6 Over Low-Power Wireless Personal Area Networks (6lowpans): Overview, Assumptions, Problem Statement, and Goals, RFC4919, August, 10, 2007.
  • S. Li, J. Hoebeke, F. Van den Abeele, and A. Jara, Conditional observe in CoAP, Constrained resources (CoRE) Working group, Internet Engineering Task Force (IETF), work in progress, draft-li-core-conditionalobserve-04, June 2013. Available at http://tools.ietf.org/html/draft-li-core-conditional-observe-04.
  • A. Liu and P. Ning, Tinyecc: A configurable library for elliptic curve cryptography in wireless sensor networks, Information Processing in Sensor Networks, 2008, IPSN’08, International Conference on, IEEE, 2008, pp. 245–256.
  • J. Liu, Y. Xiao, and C.L.P. Chen, Authentication and access control in the internet of things, Proceedings of the 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), Macau, China, IEEE, June 2012, pp. 588–592.
  • P.N. Mahalle, B. Anggorojati, N.R. Prasad, and R. Prasad, Identity driven capability based access control (ICAC) for the internet of things, Proceedings of the 6th IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), Bangalore, India, IEEE, December, 2012, pp. 49–54.
  • P.N. Mahalle, B. Anggorojati, N.R. Prasad, and R. Prasad, Identity establishment and capability based access control (iecac) scheme for internet of things, Proceedings of the 15th International Symposium on Wireless Personal Multimedia Communications (WPMC), Taipei, China, IEEE, September, 2012, pp. 187–191.
  • P.N. Mahalle, P. Thakre, N.R. Prasad, and R. Prasad, A fuzzy approach to trust based access control in internet of things, Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE), 3rd International Conference on, Atlantic City, NJ, USA, 2013, pp. 1–5. doi: 10.1109/VITAE.2013.6617083
  • L. Marin, A.J. Jara, and A.F. Skarmeta, Multiplication and squaring with shifting primes on openRISC processors with hardware multiplier, J. Univers. Comput. Sci. 19(16) (2013), pp. 2368–2384.
  • L. Marin, A.J. Jara, and A.F. Skarmeta, Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier, Math. Comput. Model. 58(5–6) (2013), pp. 1155–1174. doi: 10.1016/j.mcm.2013.02.008
  • C.P. Mayer, Security and privacy challenges in the internet of things, KiVS Workshop on Global Sensor Network, Kassel, Germany, 2009.
  • C.M. Medaglia and A. Serbanati, An overview of privacy and security issues in the internet of things, in The Internet of Things, D. Giusto, A. Iera, G. Morabito, and L. Atzori, eds., Springer, New York, 2010, pp. 389–395. doi: 10.1007/978-1-4419-1674-7_38
  • D. Miorandi, S. Sicari, F. Pellegrini, and I. Chlamtac, Internet of things: Vision, applications & research challenges, Ad Hoc Netw. 10(7) (2012), pp. 1497–1516. doi: 10.1016/j.adhoc.2012.02.016
  • M. Naedele, An access control protocol for embedded devices, Industrial Informatics, 2006 IEEE International Conference on, IEEE, 2006, pp. 565–569. doi: 10.1109/INDIN.2006.275623
  • OASIS Standard. eXtensible Access Control Markup Language (XACML) Version 3.0. January 2013; Software available at http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html.
  • Z. Qian, C. Chen, I. You, and S. Lu, Acsp: A novel security protocol against counting attack for UHF RFID systems, Comput. Math. Appl. 63(2) (2012), 492–500. doi: 10.1016/j.camwa.2011.08.030
  • R. Sandhu and J. Park, Usage control: A vision for next generation access control, in Computer Network Security. MMM-ACNS 2003, LNCS, Vol. 2776, V. Gorodetsky, L. Popyack, and V. Skormin, eds., Springer, Berlin, Heidelberg, pp. 17–31, 2003. doi: 10.1007/978-3-540-45215-7_2
  • J. Santa, M.A. Zamora-Izquierdo, A.J. Jara, and A.F. Skarmeta, Telematic platform for integral management of agricultural/perishable goods in terrestrial logistics, Comput. Electron. Agric. 80 (2012), pp. 31–40. doi: 10.1016/j.compag.2011.10.010
  • L. Seitz, G. Selander, and C. Gehrmann, Authorization framework for the internet-of-things, Proceedings of the 14th IEEE International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), Madrid, Spain, IEEE, June, 2013, pp. 1–6.
  • Z. Shelby, K. Hartke, and C. Bormann, Constrained application protocol (CoAP), Constrained Resources (CoRE) Working group, Internet Engineering Task Force (IETF), work in progress, draft-ietf-core-coap-18, June 2013. Available at http://tools.ietf.org/html/draft-ietf-core-coap-18.
  • Z. Shelby, S. Krco, and C. Bormann, Core Resource Directory, CoRE group, Internet Engineering Task Force (IETF), Internet-Draft, draft-ietf-core-resource-directory-01, December 2013.
  • H. Sundmaeker, P. Guillemin, P. Friess, and S. Woelffl, Vision and challenges for realising the internet of things, Cluster of European Research Projects on the Internet of Things, European Commission, Brussels, 2010.
  • P. Szczechowiak, L.B. Oliveira, M. Scott, M. Collier, and R. Dahab, Nanoecc: Testing the limits of elliptic curve cryptography in sensor networks, in Wireless Sensor Networks, LNCS, Vol. 4913, R. Verdone, ed., Springer, Berlin, Heidelberg, 2008, pp. 305–320.
  • D. Trabalza, S. Raza, and T. Voigt, Indigo: Secure COAP for smartphones, in Wireless Sensor Networks for Developing Countries, F.K. Shaikh, B.S. Chowdhry, H.M. Ammari, M.A. Uqaili, and A. Shah, eds., Wireless Sensor Networks for Developing Countries, Springer, Berlin, Heidelberg, 2013, pp. 108–119.
  • M. Weiser, The computer for the 21st century, Sci. Am. 265(3) (1991), pp. 94–104. doi: 10.1038/scientificamerican0991-94
  • H. Yu, J. He, T. Zhang, P. Xiao, and Y. Zhang, Enabling end-to-end secure communication between wireless sensor networks and the internet, World Wide Web 16(4) (2013), pp. 515–540. doi: 10.1007/s11280-012-0194-0
  • E. Yuan and J. Tong, Attributed based access control (ABAC) for web services, Proceedings of the 12th IEEE International Conference on Web Services (ICWS), Orlando, IEEE, July, 2005.
  • G. Zhang and W. Gong, The research of access control based on UCON in the internet of things, J. Softw. 6(4) (2011), pp. 724–731.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.