With exploding growth in information technology (IT), numerous services and applications having enhanced capabilities are coming into picture with an aim to serve the users. Internet of things (IoT) along with its enabling cutting-edge technologies is establishing a scenario where these services can be utilised effectively. However, with large number of users and applications, it becomes challenging to safeguard the identifying information being transmitted to provide access to these services. This paper presents a refined version of an integrated attribute-based access control and authentication mechanism using smart cards for cloud-based IoT applications. System-wide attributes not only restrict the users to access the remote cloud services, but also ensure user anonymity. We also implement the proposed mechanism on ACPT and AVISPA tool for its validation and to verify its correctness. Moreover, we present an analysis of its security and performance efficiency on the basis of different parameters.
Read full abstract