Abstract
Assuring security and privacy is one of the key issues affecting the Internet of Things (IoT), mostly due to its distributed nature. Therefore, for the IoT to thrive, this problem needs to be tackled and solved. This paper describes a security-oriented architecture for managing IoT deployments. Our main goal was to deal with a fine-grained control in the access to IoT data and devices, to prevent devices from being manipulated by attackers and to avoid information leaking from IoT devices to unauthorized recipients. The access control is split: the management of authentication and access control policies is centered on special components (Authentication, Authorization, and Accounting Controllers), which can be distributed or centralized, and the actual enforcement of access control decisions happens on the entities that stay in the path to the IoT devices (Gateways and Device Drivers). The authentication in the entire system uses asymmetric cryptography and pre-distributed unique identifiers derived from public keys; no Public Key Infrastructure (PKI) is used. A Kerberos-like ticket-based approach is used to establish secure sessions.
Highlights
We are currently experiencing the evolutionary step of the Internet, widely known as the Internet of Things (IoT), where everyday objects are equipped with identifying, sensing, acting, networking and processing capabilities [1,2]
Desktop computers are used to run all the applications that control the exploitation of IoT devices (Clients, DH Managers (DHMs), and A3Cs), while mobile devices can use Web interfaces to interact with all those applications
The relationship between both sets of attributes is assured by the A3C Unique Identifiers (UUIDs) that is part of the attributes provided by the Device Drivers (DD)
Summary
We are currently experiencing the evolutionary step of the Internet, widely known as the Internet of Things (IoT), where everyday objects are equipped with identifying, sensing, acting, networking and processing capabilities [1,2]. The feverish race of companies to develop new IoT products has led to the creation of a security apocalypse resulting from the lack of consideration and application of security schemes during their design phase and after, once they are already sold and operating online ([4], Cap. 1). The whole IoT ecosystem is, by nature, exploitable. This is due to its inherent heterogeneity, with support for many different protocols and technologies and its large coverage area of connected devices. Most of these devices are meant to operate continuously and unattended, resulting in them being accessible and propitious to physical attacks. For the IoT to thrive, it is necessary to develop and adopt security and privacy schemes oriented for the IoT
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
