IoT-OAS: An oauth-based authorization service architecture for secure services in IoT scenarios

IEEE Sensors Journal

Volumn 15, Issue 2, 2015, Pages 1224-1234

  Cirani, Simone ^a   Picone, Marco ^a   Gonizzi, Pietro ^a   Veltri, Luca ^a   Ferrari, Gianluigi ^a  

^a UNIVERSITY OF PARMA   (Italy)

Author keywords

authorization; communication protocols; Internet of Things; security

Indexed keywords

ACCESS CONTROL; DATA STORAGE EQUIPMENT; HTTP; HYPERTEXT SYSTEMS; INTERNET PROTOCOLS; LOW POWER ELECTRONICS; MOBILE TELECOMMUNICATION SYSTEMS; NETWORK ARCHITECTURE; NETWORK PROTOCOLS; SOCIAL NETWORKING (ONLINE);

AUTHORIZATION; CONSTRAINED APPLICATION PROTOCOL (COAP); INTERNET ENGINEERING TASK FORCES; INTERNET OF THING (IOTS); REPRESENTATIONAL STATE TRANSFER; RESOURCECONSTRAINED DEVICES; SECURITY; THIRD PARTY APPLICATION (APPS);

INTERNET OF THINGS;

EID: 84916934620     PISSN: 1530437X     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSEN.2014.2361406     Document Type: Article

References (39)

1. R. Fielding et al., Hypertext Transfer Protocol-HTTP/1.1, RFC 2616, Internet Engineering Task Force, Jun. 1999. [Online]. Available: Http://www.ietf.org/rfc/rfc2616.txt
2. E. Hammer-Lahav, The OAuth 1.0 Protocol, RFC 5849, Internet Engineering Task Force, Apr. 2010. [Online]. Available: Http://www.ietf.org/rfc/rfc5849.txt
3. T. Dierks and E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246, Internet Engineering Task Force, Aug. 2008. [Online]. Available: Http://www.ietf.org/rfc/rfc5246.txt
4. D. Hardt, The OAuth 2.0 Authorization Framework, RFC 6749, Internet Engineering Task Force, Oct. 2012. [Online]. Available: Http://www.ietf.org/rfc/rfc6749.txt
5. IPSO Alliance. [Online]. Available: Http://www.ipso-alliance.org/, accessed Oct. 15, 2014.
6. Connect All IP-Based Smart Objects (CALIPSO)-FP7 EU Project. [Online]. Available: Http://www.ict-calipso.eu/, accessed Oct. 15, 2014.
7. Z. Shelby, K. Hartke, and C. Bormann, The Constrained Application Protocol (CoAP), RFC 7252, Internet Engineering Task Force, Jun. 2014. [Online]. Available: Http://www.ietf.org/rfc/rfc7252.txt
8. Worldsensing, Barcelona, Spain. [Online]. Available: Http://wwww.worldsensing.com/
9. S. Cirani, G. Ferrari, and L. Veltri, "Enforcing security mechanisms in the IP-based internet of things: An algorithmic overview," Algorithms, vol. 6, no. 2, pp. 197-226, 2013. [Online]. Available: Http://www.mdpi.com/1999-4893/6/2/197
10. H. Ning, H. Liu, and L. T. Yang, "Cyberentity security in the internet of things," Computer, vol. 46, no. 4, pp. 46-53, Apr. 2013.
11. X. Yao, X. Han, X. Du, and X. Zhou, "A lightweight multicast authentication mechanism for small scale IoT applications," IEEE Sensors J., vol. 13, no. 10, pp. 3693-3701, Oct. 2013.
12. C. Lai, H. Li, X. Liang, R. Lu, K. Zhang, and X. Shen, "CPAL: A conditional privacy-preserving authentication with access linkability for roaming service," IEEE Internet Things J., vol. 1, no. 1, pp. 46-57, Feb. 2014.
13. F. Li and P. Xiong, "Practical secure communication for integrating wireless sensor networks into the internet of things," IEEE Sensors J., vol. 13, no. 10, pp. 3677-3684, Oct. 2013.
14. D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, and A. Yegin, Protocol for Carrying Authentication for Network Access (PANA), RFC 5191, Internet Engineering Task Force, May 2008. [Online]. Available: Http://www.ietf.org/rfc/rfc5191.txt
15. B. Aboba, L. Blunk, J. Vollbrecht, J. Carlson, and H. Levkowetz, Extensible Authentication Protocol (EAP), RFC 3748, Internet Engineering Task Force, Jun. 2004. [Online]. Available: Http://www.ietf.org/rfc/rfc3748.txt
16. P. Moreno-Sanchez, R. Marin-Lopez, and F. Vidal-Meca, "An open source implementation of the protocol for carrying authentication for network access: OpenPANA," IEEE Netw., vol. 28, no. 2, pp. 49-55, Mar. 2014.
17. United States Department of Defense, "Department of Defense Trusted Computer System Evaluation Criteria," U.S. Dept. Defense, Tech. Rep. DoD 5200.28-STD, Dec. 1985. [Online]. Available: Http://csrc.nist.gov/publications/history/dod85.pdf
18. D. Ferraiolo and R. Kuhn, "Role-based access controls," in Proc. 15th NIST-NCSC Nat. Comput. Security Conf., Baltimore, MD, USA, Oct. 1992, pp. 554-563.
19. D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and R. Chandramouli, "Proposed NIST standard for role-based access control," ACM Trans. Inf. Syst. Secur., vol. 4, no. 3, pp. 224-274, Aug. 2001. [Online]. Available: Http://doi.acm.org/10.1145/501978.501980
20. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Rolebased access control models," IEEE Comput., vol. 29, no. 2, pp. 38-47, Feb. 1996.
21. E. Yuan and J. Tong, "Attributed based access control (ABAC) for web services," in Proc. IEEE Int. Conf. Web Services (ICWS), vol. 856, Jul. 2005, p. 2.
22. J. Schiffman, X. Zhang, and S. Gibbs, "DAuth: Fine-grained authorization delegation for distributed web application consumers," in Proc. IEEE Int. Symp. Policies Distrib. Syst. Netw. (POLICY), Jul. 2010, pp. 95-102.
23. O. Garcia-Morchon and K. Wehrle, "Modular context-aware access control for medical sensor networks," in Proc. 15th ACM Symp. Access Control Models Technol. (SACMAT), New York, NY, USA, 2010, pp. 129-138. [Online]. Available: Http://doi.acm.org/10.1145/1809842. 1809864
24. S. Gerdes, O. Bergmann, and C. Bormann, "Delegated CoAP authentication and authorization framework (DCAF)," IETF Internet Draft, Tech. Rep. draft-gerdes-ace-dcaf-authorize-00, Jul. 2014. [Online]. Available: Http://tools.ietf.org/html/draft-gerdes-ace-dcaf-authorize-00
25. OpenID authentication 2.0-Final," OpenID Foundation, Tech. Rep., Dec. 2007. [Online]. Available: Http://openid.net/specs/openidauthentication-2-0.html
26. E. Rescorla and N. Modadugu Datagram Transport Layer Security Version 1.2, RFC 6347 (Proposed Standard), Internet Engineering Task Force, Jan. 2012. [Online]. Available: Http://www.ietf.org/rfc/rfc6347.txt
27. S. Kent and R. Atkinson, Security Architecture for the Internet Protocol, RFC 2401 (Proposed Standard), Internet Engineering Task Force, Nov. 1998. [Online]. Available: Http://www.ietf.org/rfc/rfc2401.txt
28. The Contiki Operating System. [Online]. Available: Http://www.contikios. org, accessed Oct. 15, 2014.
29. S. Raza, S. Duquennoy, T. Chung, D. Yazar, T. Voigt, and U. Roedig, "Securing communication in 6LoWPAN with compressed IPsec," in Proc. Int. Conf. Distrib. Comput. Sensor Syst. (DCOSS), Barcelona, Spain, Jun. 2011, pp. 1-8.
30. S. Raza, D. Trabalza, and T. Voigt, "6LoWPAN compressed DTLS for CoAP," in Proc. 8th IEEE Int. Conf. Distrib. Comput. Sensor Syst. (DCOSS), Hangzhou, China, May 2012, pp. 287-289.
31. M. Kovatsch, S. Duquennoy, and A. Dunkels, "A low-power CoAP for Contiki," in Proc. Workshop Internet Things Technol. Architect. (IoTech), Valencia, Spain, Oct. 2011, pp. 855-860.
32. H. Krawczyk, M. Bellare, and R. Canetti, HMAC: Keyed-Hashing for Message Authentication, RFC 2104 (Informational), Internet Engineering Task Force, Feb. 1997. [Online]. Available: Http://www.ietf.org/rfc/rfc2104.txt
33. G. Bertoni, J. Daemen, M. Peeters, and G. Van Assche, "The Keccak SHA-3 submission," in Submission to NIST (Round 3). National Institute of Standards and Technology (NIST), 2011. [Online]. Available: Http://keccak.noekeon.org/Keccak-submission-3.pdf
34. A. Dunkels, J. Eriksson, N. Finne, and N. Tsiftes, "Powertrace: Networklevel power profiling for low-power wireless networks," Swedish Institute. Comput. Sci., Kista, Sweden, Tech. Rep. T2011:05, Mar. 2011. [Online]. Available: Http://soda.swedish-ict.se/4112/1/T2011-05.pdf
35. O. Garcia-Morchon, S. Keoh, S. Kumar, R. Hummen, and R. Struik, "Security considerations in the IP-based internet of things," IETF Internet Draft, Tech. Rep., Mar. 2012. [Online]. Available: Http://tools.ietf.org/id/draft-garcia-core-security-04
36. D. Wheeler and R. Needham, "TEA, a tiny encryption algorithm," in Fast Software Encryption (Lecture Notes in Computer Science), vol. 1008, B. Preneel, Ed. Berlin, Germany: Springer-Verlag, 1995, pp. 363-366. [Online]. Available: Http://dx.doi.org/10.1007/3-540-60590-8-29
37. F.-X. Standaert, G. Piret, N. Gershenfeld, and J.-J. Quisquater, "SEA: A scalable encryption algorithm for small embedded applications," in Smart Card Research and Advanced Applications (Lecture Notes in Computer Science), vol. 3928, J. Domingo-Ferrer, J. Posegga, and D. Schreckling, Eds. Berlin, Germany: Springer-Verlag, 2006, pp. 222-236. [Online]. Available: Http://dx.doi.org/10.1007/11733447-16
38. A. Bogdanov et al., "PRESENT: An ultra-lightweight block cipher," in Cryptographic Hardware and Embedded Systems-CHES (Lecture Notes in Computer Science), vol. 4727, P. Paillier and I. Verbauwhede, Eds. Berlin, Germany: Springer-Verlag, 2007, pp. 450-466. [Online]. Available: Http://dx.doi.org/10.1007/978-3-540-74735-2-31
39. A. Bogdanov, G. Leander, C. Paar, A. Poschmann, M. J. Robshaw, and Y. Seurin, "Hash functions and RFID tags: Mind the gap," in Proc. 10th Int. Workshop Cryptograph. Hardw. Embedded Syst. (CHES), 2008, pp. 283-299. [Online]. Available: Http://dx.doi.org/10.1007/978-3-540-85053-3-18