Authentication and Capability-based Access Control: An Integrated Approach for IoT Environment

User authentication and capability-based access control approaches have been widely studied in the past. These approaches make the perspective of effortlessly carrying out the authentication and authorization processes non-viable thus limiting their usability in the heterogeneous Internet-of-Things (IoTs). In this paper, we propose an integrated authentication and capability-based access control approach for increased usability in IoT environments. The important characteristic of the approach is that the capability metric generated during authentication is used to perform access control. The proposed approach allows lightweight operations to be performed on IoT devices and computation intensive operations on the cloud server. The security evaluation also shows that the proposed approach is secure against various attack vectors predominant in IoT. The experimental results show that the proposed approach incurs a maximum CPU usage of 29.35%, a maximum memory usage of 2.79% and total computational overhead of 809.26ms in a real IoT testbed which is quite acceptable. The bandwidth requirement for the proposed approach is less because of the comparatively reduced size of the longest message.