Abstract

Due to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In particular, current OAuth-based access control frameworks that are widely used in IoT research have not been providing interoperability among IoT platforms even though sharing resources and services is a critical issue for IoT platforms. Therefore, we analyze the main requirements for an IoT access control framework to properly design our framework and propose an interoperable access control framework based on OAuth 2.0 and Role. Our approach describes a new extended authorization grant flow to issue an Interoperable Access Token (IAT) that has a global access scope across IoT platforms using multiple pairs of clients’ credentials. With the IAT and proposed framework, we can access client-specific domains in heterogeneous IoT platforms, then valuable resources (e.g., data and services) in the domains can be accessed by validating the roles, which will greatly simplify permission management. Furthermore, IAT supports a simple token management (e.g., token issuance, refreshing, and revocation) by managing only one token for diverse IoT platforms. In addition, we implement our interoperable access control framework on Mobius and FIWARE, which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation. Furthermore, the proposed framework is compared with other IoT access control approaches based on the selected requirements in this paper.

Highlights

  • The Internet of Things (IoT) is an environment in which things are connected to each other via the Internet and has been adopted as a promising technology by many companies such as Gartner, Cisco, and International Data Corporation (IDC)

  • We implement our interoperable access control framework on Mobius and Future Internet ware (FIWARE), which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation

  • This paper analyzes the requirements for the proper design of an IoT access control framework and proposes an interoperable access control framework for heterogeneous IoT platforms based on OAuth 2.0 and role

Read more

Summary

Introduction

The Internet of Things (IoT) is an environment in which things are connected to each other via the Internet and has been adopted as a promising technology by many companies such as Gartner, Cisco, and International Data Corporation (IDC). OAuth-based access control frameworks have been widely researched to limit unauthorized access in the IoT field, secure interoperability among IoT platforms has not been properly considered. This paper analyzes the requirements for the proper design of an IoT access control framework and proposes an interoperable access control framework for heterogeneous IoT platforms based on OAuth 2.0 and role. The extended authorization grant flow (i.e., Multiple Clients Credentials) issues an Interoperable Access Token (IAT) that has a global access scope across diverse IoT platforms using multiple pairs of clients’ credentials assigned in heterogeneous domains to access resources in the IoT platforms. The remainder of this paper is structured as follows: in Section 2, we analyze related works, and Section 3 describes target environment in which the proposed access control framework can be used as well as a role assignment request scenario proposed to mitigate scalability issue of roles.

Related Work
Target Environment for the Proposed Access Control Framework
Requirements for an Access
Flowchart
Implementation
InteroperabilityScenario
Anresponse
Forwarded
10. FIWARE
11. Mobius
Evaluations and Further Consideration
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call