research-article

An Authentication and Authorization Infrastructure for the Web of Things

Authors:

Marlon C. Domenech,

Azzedine Boukerche,

Michelle S. WanghamAuthors Info & Claims

Q2SWinet '16: Proceedings of the 12th ACM Symposium on QoS and Security for Wireless and Mobile Networks

Pages 39 - 46

https://doi.org/10.1145/2988272.2988274

Published: 13 November 2016 Publication History

Abstract

Due to the distributed feature of the Web of Things (WoT) and its heterogeneous and constrained devices, it is a challenge to provide authentication and authorization mechanisms aligned to the requirements of the WoT scenario. This work presents an Authentication and Authorization Infrastructure for the WoT (AAI4WoT) based on SAML and XACML standards. AAI4WoT provides cross-domain single sign-on solutions for devices and users using different authentication mechanisms, as well as enabling service providers to use different access control models. AAI4WoT is appropriate for distributed applications involving M2M (Machine to Machine) communication. As a proof of concept, a prototype of AAI4WoT was developed and integrated into a WoT industrial application (real case study at an apparel factory). Functional testing and performance evaluation confirmed the feasibility of the solution in this case study.

References

[1]

H. Akram and M. Hoffmann. Supports for identity management in ambient environments-the hydra approach. In Proceedings..., pages 371--377. 3rd International Conference on Systems and Networks Communications, 2008. ICSNC'08, 2008.

Digital Library

[2]

S. Alam, M. M. Chowdhury, and J. Noll. Interoperability of security-enabled internet of things. Wireless Personal Communications, 61:567--586, 2011.

Digital Library

[3]

D. F. Aranha and C. P. L. Gouvêa. RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic, 2015.

[4]

L. Atzori, A. Iera, and G. Morabito. The internet of things: A survey. Computer Networks, 54(15):2787--2805, 2010.

Digital Library

[5]

A. Bhargav-Spantzel, J. Camenisch, T. Gross, and D. Sommer. User centricity: a taxonomy and open issues. Journal of Computer Security, 15(5):493--527, 2007.

Digital Library

[6]

C. Bormann, M. Ersue, and A. Keranen. Terminology for constrained-node networks. RFC 7228, 2014.

[7]

M. Colombo, A. Lazouski, F. Martinelli, and P. Mori. A proposal on enhancing xacml with continuous usage control features. In F. Desprez, V. Getov, T. Priol, and R. Yahyapour, editors, Grids, P2P and Services Computing, pages 133--146. Springer, 2010.

[8]

D. Conzon, T. Bolognesi, P. Brizzi, A. Lotito, R. Tomasi, and M. A. Spirito. The virtus middleware: An xmpp based architecture for secure iot communications. In Proceedings..., pages 1--6. 21st International Conference on Computer Communications and Networks (ICCCN), 2012, 2012.

[9]

M. Domenech, L. Rauta, M. Lopes, P. da Silva, R. da Silva, B. Mezger, and M. Wangham. Providing a smart industrial environment with the web of things and cloud computing. In Proceedings... 13th IEEE International Conference on Services Computing (SCC), 2016, 2016.

[10]

S. Graf, V. Zholudev, L. Lewandowski, and M. Waldvogel. Hecate, managing authorization with restful xml. In Proceeding..., pages 51--58. Second Intern. Workshop on RESTful Design, ACM, 2011.

Digital Library

[11]

S. Gusmeroli, S. Piccione, and D. Rotondi. A capability-based security approach to manage access control in the internet of things. Mathematical and Computer Modelling, 58(5-6):1189--1205, 2013.

[12]

P. Hanumanthappa and S. Singh. Privacy preserving and ownership authentication in ubiquitous computing devices using secure three way authentication. In Proceedings, pages 107--112. International Conference on Innovations in Information Technology (IIT), 2012.

[13]

ITU. Ngn identity management framework. Recommendation Y.2720, 2009.

[14]

Y.-P. Kim, S. Yoo, and C. Yoo. Daot: Dynamic and energy-aware authentication for smart home appliances in internet of things. In Consumer Electronics (ICCE), 2015 IEEE International Conference on, pages 196--197, Jan 2015.

[15]

J. Liu, Y. Xiao, and C. P. Chen. Authentication and access control in the internet of things. In Proceedings..., pages 588--592. 32nd International Conference on Distributed Computing Systems Workshops (ICDCSW), 2012, 2012.

Digital Library

[16]

J. Lopez, R. Oppliger, and G. Pernul. Authentication and authorization infrastructures (aais): a comparative survey. Computers & Security, 23(7):578--590, 2004.

Digital Library

[17]

G. Matharu, P. Upadhyay, and L. Chaudhary. The internet of things: Challenges & security issues. In Emerging Technologies (ICET), 2014 International Conference on, pages 54--59, Dec 2014.

[18]

T. Nguyen, A. Al-Saffar, and E. Huh. A dynamic id-based authentication scheme. In Proceedings..., pages 248--253. Sixth International Conference on Networked Computing and Advanced Information Management (NCM), 2010, 2010.

[19]

OASIS. Authentication context for the oasis security assertion markup language (saml) v2.0, mar 2005.

[20]

OASIS. Metadata for the oasis security assertion markup language (saml) v2.0 - errata composite - working draft 04, dec 2009.

[21]

OASIS. extensible access control markup language (xacml) version 3.0, jan 2013.

[22]

R. Sakai, K. Ohgishi, and M. Kasahara. Cryptosystems based on pairings. In The 2000 Symposium on Cryptography and Information Security, Okinawa, Japan, pages 135--148, 2000.

[23]

L. Seitz, G. Selander, and C. Gehrmann. Authorization framework for the internet-of-things. In Proceedings..., pages 1--6. IEEE 14th International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2013.

[24]

D. Zeng, S. Guo, and Z. Cheng. The web of things: A survey. Journal of Communications, 6(6), 2011.

[25]

K. Zhao and L. Ge. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, pages 663--667, Dec 2013.

Digital Library

Cited By

John Koilpillai YKumar R(2023)Token-Based Identity Model Using OpenID Connect For Unmanaged Systems2023 IEEE 5th International Conference on Cybernetics, Cognition and Machine Learning Applications (ICCCMLA)10.1109/ICCCMLA58983.2023.10346795(281-286)Online publication date: 7-Oct-2023
https://doi.org/10.1109/ICCCMLA58983.2023.10346795
Sudarsan SSchelen OBodin U(2021)Survey on Delegated and Self-Contained Authorization Techniques in CPS and IoTIEEE Access10.1109/ACCESS.2021.30933279(98169-98184)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3093327
Karim AAdnan M(2019)An OpenID Based Authentication Service Mechanisms for Internet of Things2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS)10.1109/CCOMS.2019.8821761(687-692)Online publication date: Feb-2019
https://doi.org/10.1109/CCOMS.2019.8821761
Show More Cited By

Index Terms

An Authentication and Authorization Infrastructure for the Web of Things
1. Computer systems organization
  1. Embedded and cyber-physical systems
    1. Embedded systems
2. Security and privacy
  1. Systems security
    1. Distributed systems security

Recommendations

Providing EAP-based Kerberos pre-authentication and advanced authorization for network federations

Kerberos is a well-known standard protocol which is becoming one of the most widely deployed for authentication and key distribution in application services. However, whereas service providers use the protocol to control their own subscribers, they do ...
Authentication and authorization infrastructures (AAIs): a comparative survey

In this article, we argue that traditional approaches for authorization and access control in computer systems (i.e., discretionary, mandatory, and role-based access controls) are not appropriate to address the requirements of networked or distributed ...
An XML standards based authorization framework for mobile agents
MADNES'05: Proceedings of the First international conference on Secure Mobile Ad-hoc Networks and Sensors

An outstanding security problem in mobile agent systems is resource access control, or authorization in its broader sense. In this paper we present an authorization framework for mobile agents. The system takes as a base distributed RBAC policies ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

Q2SWinet '16: Proceedings of the 12th ACM Symposium on QoS and Security for Wireless and Mobile Networks

November 2016

148 pages

ISBN:9781450345040

DOI:10.1145/2988272

General Chair:
Mirela S.M.A. Notare
FAERO/AeroTD -- Faculdade de Tecnologia em Transporte Aéreo, Brazil
,
Program Chairs:
Edmundo Monteiro
University of Coimbra, Portugal
,
Burak Kantarci
University of Ottawa, ON, Canada

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSIM: ACM Special Interest Group on Simulation and Modeling

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

CNPQ National Counsel of Technological and Scientific Development)
CAPES (Coordination for the Improvement of Higher Education Personnel)

Conference

MSWiM '16

Sponsor:

SIGSIM

MSWiM '16: 19th ACM International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems

November 13 - 17, 2016

Malta, Malta

Acceptance Rates

Overall Acceptance Rate 46 of 131 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
239
Total Downloads

Downloads (Last 12 months)22
Downloads (Last 6 weeks)4

Reflects downloads up to 16 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

John Koilpillai YKumar R(2023)Token-Based Identity Model Using OpenID Connect For Unmanaged Systems2023 IEEE 5th International Conference on Cybernetics, Cognition and Machine Learning Applications (ICCCMLA)10.1109/ICCCMLA58983.2023.10346795(281-286)Online publication date: 7-Oct-2023
https://doi.org/10.1109/ICCCMLA58983.2023.10346795
Sudarsan SSchelen OBodin U(2021)Survey on Delegated and Self-Contained Authorization Techniques in CPS and IoTIEEE Access10.1109/ACCESS.2021.30933279(98169-98184)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3093327
Karim AAdnan M(2019)An OpenID Based Authentication Service Mechanisms for Internet of Things2019 IEEE 4th International Conference on Computer and Communication Systems (ICCCS)10.1109/CCOMS.2019.8821761(687-692)Online publication date: Feb-2019
https://doi.org/10.1109/CCOMS.2019.8821761
Chien H(2018)Group-Oriented Range-Bound Key Agreement for Internet of Things ScenariosIEEE Internet of Things Journal10.1109/JIOT.2018.28170755:3(1890-1903)Online publication date: Jun-2018
https://doi.org/10.1109/JIOT.2018.2817075

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents