Abstract
The Internet of Things (IoT) brings plenty of opportunities to enhance society’s activities, from improving a factory’s production chain to facilitating people’s household tasks. However, it has also brought new security breaches, compromising privacy and authenticity. IoT devices are vulnerable to being accessed from the Internet; they lack sufficient resources to face cyber-attack threats. Keeping a balance between access control and the devices’ resource consumption has become one of the highest priorities of IoT research. In this paper, we evaluate an access control architecture based on the IAACaaS (IoT application-Scoped Access Control as a Service) model with the aim of protecting IoT devices that communicate using the Publish/Subscribe pattern. IAACaaS is based on the OAuth 2.0 authorization framework, which externalizes the identity and access control infrastructure of applications. In our evaluation, we implement the model using FIWARE Generic Enablers and deploy them for a smart buildings use case with a wireless communication. Then, we compare the performance of two different approaches in the data-sharing between sensors and the Publish/Subscribe broker, using Constrained Application Protocol (CoAP) and Hypertext Transfer Protocol (HTTP) protocols. We conclude that the integration of Publish/Subscribe IoT deployments with IAACaaS adds an extra layer of security and access control without compromising the system’s performance.
Highlights
The automotive industry used to design and build cars that could only carry their own load and that of passengers disregarding their protection
With respect to Internet of Things (IoT) applications protocols and Constrained Application Protocol (CoAP), we found that some research develops a Kerberos-based access control model [23,24]
We evaluated the scenario in terms of central processing unit (CPU), bandwidth, memory, latency and reliability and in 4 scenarios explained in the previous section: CoAPs, OAuth 2.0 over CoAPs, Hypertext Transfer Protocol (HTTP) and OAuth 2.0 over HTTPs
Summary
The automotive industry used to design and build cars that could only carry their own load and that of passengers disregarding their protection. We can establish an analogy of this fact relating to the current state of IoT (Internet of Things) devices. IoT is in the process of reaching a balance between hardware resources and security guarantee. Some current security technologies could be applied to IoT to enhance the “highway” and preserve the “passengers” safety
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
