Abstract
The Internet of Things (IoT) is becoming the future of the Internet with a large number of connected devices that are predicted to reach about 50 billion by 2020. With proliferation of IoT devices and need to increase information sharing in IoT applications, risk-based access control model has become the best candidate for both academic and commercial organizations to address access control issues. This model carries out a security risk analysis on the access request by using IoT contextual information to provide access decisions dynamically. This model solves challenges related to flexibility and scalability of the IoT system. Therefore, we propose an adaptive risk-based access control model for the IoT. This model uses real-time contextual information associated with the requesting user to calculate the security risk regarding each access request. It uses user attributes while making the access request, action severity, resource sensitivity and user risk history as inputs to analyze and calculate the risk value to determine the access decision. To detect abnormal and malicious actions, smart contracts are used to track and monitor user activities during the access session to detect and prevent potential security violations. In addition, as the risk estimation process is the essential stage to build a risk-based model, this paper provides a discussion of common risk estimation methods and then proposes the fuzzy inference system with expert judgment as to be the optimal approach to handle risk estimation process of the proposed risk-based model in the IoT system.
Highlights
The Internet of Things (IoT) has the ability to connect and communicate billions of things simultaneously
This paper provides a review of most common risk estimation methods that are used in related risk-based models to determine the optimal approach to implement the risk estimation process for the IoT system
The IoT has brought unlimited benefits, but at the same time raises several security issues. This is because current access control models with rigid and static structure and predefined rules that always give the same result in different situations cannot provide the required level of security for the IoT system
Summary
The Internet of Things (IoT) has the ability to connect and communicate billions of things simultaneously. The IoT is considered as a universal existence that contains different types of objects that can be connected whether using wireless and wired connections. These objects have a unique addressing scheme that allow them to communicate and interact together to create novel services in various IoT applications such as smart grid, agriculture, smart cities, wearables, transportation, traffic management and others [2, 3]. ITU defines the IoT as: Ba global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on, existing and evolving, interoperable information and communication technologies^ [6]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
