Skip to main page content
Access keys NCBI Homepage MyNCBI Homepage Main Content Main Navigation
. 2018 Mar 20;18(3):917.
doi: 10.3390/s18030917.

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Affiliations
Free PMC article

Access Control Mechanism for IoT Environments Based on Modelling Communication Procedures as Resources

Luis Cruz-Piris et al. Sensors (Basel). .
Free PMC article

Abstract

Internet growth has generated new types of services where the use of sensors and actuators is especially remarkable. These services compose what is known as the Internet of Things (IoT). One of the biggest current challenges is obtaining a safe and easy access control scheme for the data managed in these services. We propose integrating IoT devices in an access control system designed for Web-based services by modelling certain IoT communication elements as resources. This would allow us to obtain a unified access control scheme between heterogeneous devices (IoT devices, Internet-based services, etc.). To achieve this, we have analysed the most relevant communication protocols for these kinds of environments and then we have proposed a methodology which allows the modelling of communication actions as resources. Then, we can protect these resources using access control mechanisms. The validation of our proposal has been carried out by selecting a communication protocol based on message exchange, specifically Message Queuing Telemetry Transport (MQTT). As an access control scheme, we have selected User-Managed Access (UMA), an existing Open Authorization (OAuth) 2.0 profile originally developed for the protection of Internet services. We have performed tests focused on validating the proposed solution in terms of the correctness of the access control system. Finally, we have evaluated the energy consumption overhead when using our proposal.

Keywords: Internet of Things; MQTT; OAuth; access control; security.

Conflict of interest statement

The authors declare no conflicts of interest.

Figures

Figure 1
Figure 1
Main entities of the Message Queuing Telemetry Transport (MQTT) protocol.
Figure 2
Figure 2
The main phases and entities of User-Managed Access (UMA). PAT: Protection API Token; RPT: Requesting Party Token.
Figure 3
Figure 3
The main diagram of the proposed solution. ADC: Analog to Digital Converter; DAC: Digital to Analog Converter; DEMUX: Demultiplexer; HTTP: Hypertext Transfer Protocol; IoT: Internet of Things; MUX: Multiplexer.
Figure 4
Figure 4
Sequence diagram for accessing the protected Message Queue Telemetry Transport (MQTT) flow.
Figure 5
Figure 5
Sequence diagram for Requesting Party Token (RPT) validation. DB: Database; MRF: Manufacturer; SN: serial number.

Similar articles

See all similar articles

References

    1. Gubbi J., Buyya R., Marusic S., Palaniswami M. Internet of Things (IoT): A vision, architectural elements, and future directions. Future Gener. Comput. Syst. 2013;29:1645–1660. doi: 10.1016/j.future.2013.01.010. - DOI
    1. Ashton K. That “Internet of Things” thing. RFiD J. 2009;22:97–114.
    1. Roman R., Zhou J., Lopez J. On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 2013;57:2266–2279. doi: 10.1016/j.comnet.2012.12.018. - DOI
    1. Maler E., Catalano D., Machulak M., Hardjono T. User-Managed Access (UMA) Profile of OAuth 2.0. Kantara Initiative; Wakefield, MA, USA: 2016.
    1. Hardt D. The OAuth 2.0 Authorization Framework. RFC, Internet Engineering Task Force (IETF); Fremont, CA, USA: 2012.
Feedback