Securing Complex IoT Platforms with Token Based Access Control and Authenticated Key Establishment

被引:15
|
作者
Claeys, Timothy [1 ]
Rousseau, Franck [1 ]
Tourancheau, Bernard [1 ]
机构
[1] Univ Grenoble Alpes, CNRS, Grenoble INP, LIG, F-38000 Grenoble, France
来源
2017 INTERNATIONAL WORKSHOP ON SECURE INTERNET OF THINGS (SIOT 2017) | 2017年
关键词
authorization; access tokens; key establishment; authentication;
D O I
10.1109/SIoT.2017.00006
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
In this paper we propose a new authorization and authentication framework for the IoT that combines the security model of OAuth 1.0a with the lightweight building blocks of ACE. By designing self-securing tokens the security of the framework no longer depends on the security of the network stack. We use basic PKI functionalities to bootstrap a chain-of-trust between the devices which simplifies future token exchanges. Finally, we propose an alternate key establishment scheme for use cases where devices cannot directly communicate. We test our proposal by implementing the critical aspects on a STM32L4 microcontroller. The results indicate that our framework guarantees a strong level of security for IoT devices with basic asymmetric cryptography capabilities.
引用
收藏
页码:1 / 9
页数:9
相关论文
共 50 条
  • [21] Blockchain-Based Data Access Control and Key Agreement System in IoT Environment
    Lee, JoonYoung
    Kim, MyeongHyun
    Park, KiSung
    Noh, SungKee
    Bisht, Abhishek
    Das, Ashok Kumar
    Park, Youngho
    [J]. SENSORS, 2023, 23 (11)
  • [22] A Personalized Access Control Based on IoT
    Jang, Jae J.
    Moon, Jaekun
    Jung, Im Y.
    [J]. 2015 IEEE 21ST PACIFIC RIM INTERNATIONAL SYMPOSIUM ON DEPENDABLE COMPUTING (PRDC), 2015, : 317 - 318
  • [23] A Blockchain based access control for IoT
    Riabi, Imen
    Dhif, Yosr
    Ben Ayed, Hella Kaffel
    Zaatouri, Khaled
    [J]. 2019 15TH INTERNATIONAL WIRELESS COMMUNICATIONS & MOBILE COMPUTING CONFERENCE (IWCMC), 2019, : 2086 - 2091
  • [24] Private Blockchain Envisioned Access Control System for Securing Industrial IoT-Based Pervasive Edge Computing
    Saha, Sourav
    Bera, Basudeb
    Das, Ashok Kumar
    Kumar, Neeraj
    Islam, Sk Hafizul
    Park, Youngho
    [J]. IEEE ACCESS, 2023, 11 : 130206 - 130229
  • [25] RRAC: Role based reputed access control method for mitigating malicious impact in intelligent IoT platforms
    Amoon, Mohammed
    Altameem, Torki
    Altameem, Ayman
    [J]. COMPUTER COMMUNICATIONS, 2020, 151 (151) : 238 - 246
  • [26] Method of Access Control Model Establishment for Marine Information Cloud Platforms Based on Docker Virtualization Technology
    Shu, Jianwen
    Wu, Yulan
    [J]. JOURNAL OF COASTAL RESEARCH, 2018, : 99 - 105
  • [27] Ensure the dynamic identity and PUF based authenticated key settlement approach for the IoT infrastructure
    Pramanik, Srabana
    Sakkari, Deepak S.
    Pramanik, Sudip
    [J]. PROCEEDINGS OF THE INDIAN NATIONAL SCIENCE ACADEMY, 2022, 88 (04): : 670 - 687
  • [28] Ensure the dynamic identity and PUF based authenticated key settlement approach for the IoT infrastructure
    Srabana Pramanik
    Deepak S. Sakkari
    Sudip Pramanik
    [J]. Proceedings of the Indian National Science Academy, 2022, 88 : 670 - 687
  • [29] PUF Based Authenticated Key Exchange Protocol for IoT Without Verifiers and Explicit CRPs
    Chuang, Yun-Hsin
    Lei, Chin-Laung
    [J]. IEEE ACCESS, 2021, 9 : 112733 - 112743
  • [30] Robust biometric-based three-party authenticated key establishment protocols
    Yoon, Eun-Jun
    Yoo, Kee-Young
    [J]. INTERNATIONAL JOURNAL OF COMPUTER MATHEMATICS, 2011, 88 (06) : 1144 - 1157
12345