Toward a lightweight authentication and authorization framework for smart objects

IEEE Journal on Selected Areas in Communications

Volumn 33, Issue 4, 2015, Pages 690-702

  Hernandez Ramos, Jose L ^a   Pawlowski, Marcin Piotr ^b,c   Jara, Antonio J ^c   Skarmeta, Antonio F ^a   Ladid, Latif ^d  

^a UNIVERSITY OF MURCIA   (Spain)

^b JAGIELLONIAN UNIVERSITY   (Poland)

^c UNIVERSITY OF APPLIED SCIENCES WESTERN SWITZERLAND   (Switzerland)

^d UNIVERSITY OF LUXEMBOURG   (Luxembourg)

Author keywords

[No Author keywords available]

Indexed keywords

COMPLIANT MECHANISMS; INTERNET; INTERNET OF THINGS; LIFE CYCLE; MOBILE SECURITY; NETWORK ARCHITECTURE; NETWORK SECURITY;

APPLICATION OF STANDARDS; AUTHENTICATION AND AUTHORIZATION; CURRENT TECHNOLOGY; INTERNET INFRASTRUCTURE; INTERNET OF THING (IOT); LIGHTWEIGHT SECURITIES; SECURITY FRAMEWORKS; SECURITY TECHNOLOGY;

AUTHENTICATION;

EID: 84928015480     PISSN: 07338716     EISSN: None     Source Type: Journal    
DOI: 10.1109/JSAC.2015.2393436     Document Type: Article

References (63)

1. L. Atzori, A. Iera, and G. Morabito, "The Internet of things: A survey," Comput. Netw., vol. 54, no. 15, pp. 2787-2805, Oct. 2010.
2. V. Mayer-Schönberger and K. Cukier, Big Data: A Revolution That Will Transform How We Live, Work, and Think. Boston, MA, USA: Houghton Mifflin, 2013.
3. H. Schaffers et al., Smart Cities and the Future Internet: Towards Cooperation Frameworks for Open Innovation. New York, NY, USA: Springer-Verlag, 2011.
4. N. Kushalnagar, G. Montenegro, and C. Schumacher, "IPV6 over lowpower wireless personal area networks (6lowpans): Overview, assumptions, problem statement, goals," IETF, Fremont, CA, USA, RFC 4919, Aug. 2007, vol. 10.
5. A. J. Jara, M. A. Zamora, and A. Skarmeta, "GLoWBAL IP: An adaptive and transparent IPv6 integration in the Internet of things," Mobile Inf. Syst., vol. 8, no. 3, pp. 177-197, 2012.
6. Z. Shelby, K. Hartke, and C. Bormann, "The constrained application protocol (COAP)," IETF, Fremont, CA, USA, RFC 7252, Jun. 2014, vol. 10.
7. A. J. Jara et al., "Semantic web of things: An analysis of the application semantics for the IoT moving towards the IoT convergence," Int. J. Web Grid Serv., vol. 10, no. 2/3, pp. 244-272, Apr. 2014.
8. C. P. Mayer, "Security and privacy challenges in the Internet of things," Electron. Commun. Eur. Assoc. Sci. Technol., vol. 17, pp. 1-12, 2009.
9. C. M. Medaglia and A. Serbanati, "An overview of privacy and security issues in the Internet of things," in The Internet of Things. NewYork, NY, USA: Springer-Verlag, 2010, pp. 389-395.
10. D. Miorandi, S. Sicari, F. Pellegrini, and I. Chlamtac, "Internet of things: Vision, applications & research challenges," Ad Hoc Netw., vol. 10, no. 7, pp. 1497-1516, Sep. 2012.
11. R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed Internet of things," Comput. Netw., vol. 57, no. 10, pp. 2266-2279, Jul. 2013.
12. T. Heer et al., "Security challenges in the IP-based Internet of things," Wireless Pers. Commun., vol. 61, no. 3, pp. 527-542, Dec. 2011.
13. H. Yu, J. He, T. Zhang, P. Xiao, and Y. Zhang, "Enabling end-to-end secure communication between wireless sensor networks and the Internet," World Wide Web, vol. 16, no. 4, pp. 1-26, Jul. 2013.
14. Part 11: Wireless Lan Medium Access Control (MAC) and Physical Layer (PHY) Specifications, IEEE Std 802.11, 2004.
15. B. Aboba et al., "Extensible Authentication Protocol (EAP)," IETF, Fremont, CA, USA, RFC 3748, Jun. 2004.
16. C. Rigney, S. Willens, A. Rubens, and W. Simpson, "Remote authentication dial in user service," IETF, Fremont, CA, USA, RFC 2865, Jun. 2000.
17. E. Rissanen, "Extensible Access Control Markup Language (XACML) Version 3.0 oasis Standard," 2012.
18. J. L. Hernández-Ramos, A. J. Jara, L. Marín, and A. F. S. Gómez, "DCapBAC: Embedding authorization logic into smart things through ECC optimizations," Int. J. Comput. Math., pp. 1-22, May 2014.
19. A. Bassi et al., "Enabling Things to Talk," 2013.
20. S. Babar, P. Mahalle, A. Stango, N. Prasad, and R. Prasad, "Proposed security model and threat taxonomy for the Internet of things (IoT)," in Recent Trends in Network Security and Applications. New York, NY, USA: Springer-Verlag, 2010, pp. 420-429.
21. A. F. Skarmeta, J. L. Hernandez-Ramos, andM.Moreno, "A decentralized approach for security and privacy challenges in the Internet of things," in Proc. IEEE WF-IoT, 2014, pp. 67-72.
22. R. Roman, P. Najera, and J. Lopez, "Securing the Internet of things," Computer, vol. 44, no. 9, pp. 51-58, Sep. 2011.
23. R. H. Weber, "Internet of things-New security and privacy challenges," Comput. Law Security Rev., vol. 26, no. 1, pp. 23-30, Jan. 2010.
24. P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, and M. Ylianttila, "PAuthKey: A pervasive authentication protocol and key establishment scheme for wireless sensor networks in distributed IoT applications," Int. J. Distrib. Sensor Netw., vol. 14, 2014, Art. ID. 357430.
25. E. Rescola and N. Modadugu, "Datagram transport layer security (DTLS)," IETF, Fremont, CA, USA, RFC 4347, 2006.
26. A. Liu and P. Ning, "TinyECC: A configurable library for elliptic curve cryptography in wireless sensor networks," in Proc. IPSN, 2008, pp. 245-256.
27. B. Sarikaya, Y. Ohba, R. Moskowitz, Z. Cao, and R. Cragie, "Security bootstrapping solution for resource-constrained devices," IETF, Fremont, CA, USA, 2012, Draft-Sarikaya-Core-Sbootstrapping-05.
28. R. Hummen, J. Hiller, M. Henze, and K. Wehrle, "Slimfit-A HIP DEX compression layer for the IP-based Internet of things," in Proc. IEEE 9th Int. Conf. WiMob, 2013, pp. 259-266.
29. D. Forsberg, Y. Ohba, B. Patil, H. Tschofenig, and A. Yegin, "Protocol for carrying authentication for network access (PANA)," IETF, Fremont, CA, USA, RFC 5191, 2008.
30. EEE/ISO/IEC Information Technology-Telecommunications and Information Exchange Between Systems-Local and Metropolitan Area Networks-Part 1X: Port-Based Network Access Control, IEEE Std. 8802-1x-2013, Dec. 6, 2013. [Online]. Available: Http://dx.doi.org/10.1109/ieeestd.2013.6679204
31. O. Garcia-Morchon et al., "Securing the IP-based Internet of things with HIP and DTLS," in Proc. 6th ACM Conf. Security Privacy Wireless Mobile Netw., 2013, pp. 119-124.
32. P. M. Sanchez, R. M. Lopez, and A. F. G. Skarmeta, "PANATIKI: A network access control implementation based on PANA for IoT devices," Sensors, vol. 13, no. 11, pp. 14 888-14 917, Nov. 2013.
33. F. Bersani and H. Tschofenig, "The eap-psk protocol: A pre-shared key extensible authentication protocol (EAP) method," IETF, Fremont, CA, USA, RFC 4764, 2007.
34. J. Liu, Y. Xiao, and C. L. P. Chen, "Authentication and access control in the internet of things," in Proc. 32nd ICDCSW, Macau, China, Jun. 2012, pp. 588-592.
35. D. Ferraiolo, J. Cugini, and R. Kuhn, "Role-Based Access Control (RBAC): Features and motivations," in Proc. 11th Annu. Comput. Security Appl. Conf., 1995, pp. 241-248.
36. B. Ndibanje, H.-J. Lee, and S.-G. Lee, "Security analysis and improvements of authentication and access control in the Internet of things," Sensors, vol. 14, no. 8, pp. 14 786-14 805, Aug. 2014.
37. N. Ye, Y. Zhu, R. Chuan Wang, R. Malekian, and L. Qiao-min, "An efficient authentication and access control scheme for perception layer of Internet of things," Appl. Math. Inf. Sci., vol. 8, no. 4, pp. 1617-1624, Jul. 2014.
38. E. Yuan and J. Tong, "Attributed Based Access Control (ABAC) for web services," in Proc. 12th IEEE ICWS, Orlando, FL, USA, Jul. 2005, pp. 561-569.
39. P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, "Identity Establishment and Capability based Access Control (IECAC) scheme for Internet of things," in Proc. 15th Int. Symp. WPMC, Taipei, Taiwan, Sep. 2012, pp. 187-191.
40. S. Gusmeroli, S. Piccione, and D. Rotondi, "A capability-based security approach to manage access control in the Internet of things," Math. Comput. Model., vol. 58, no. 5/6, pp. 1189-1205, Sep. 2013.
41. L. Seitz, G. Selander, and C. Gehrmann, "Authorization framework for the Internet-of-things," in Proc. IEEE 14th Int. Symp. WoWMoM, Jun. 2013, pp. 1-6.
42. D. Crockford, "The application/json Media Type for Javascript Object Notation (JSON)," IETF, Fremont, CA, USA, RFC 4627, Jul. 2006. [Online]. Available: Http://www.ietf.org/rfc/rfc4627.txt
43. L. Marin, A. J. Jara, and A. F. Skarmeta, "Shifting primes: Optimizing elliptic curve cryptography for 16-bit devices without hardware multiplier," Math. Comput. Model., vol. 58, no. 5/6, pp. 1155-1174, Sep. 2013.
44. A. J. Jara, "Trust extension protocol for authentication in networks oriented to management (TEPANOM)," in Availability, Reliability, Security in Information Systems. New York, NY, USA: Springer-Verlag, 2014, pp. 155-165.
45. M. Bauer et al., The Internet of Things Initiative (IoT-I). Deliverable 1.5: Iot Reference Model White Paper, 2011.
46. S. Ziegler et al., Iot6-Moving to an IPV6-Based Future iot. NewYork, NY, USA: Springer-Verlag, 2013.
47. Butler. Deliverable 3.2: Integrated System Architecture and Initial Pervasive Butler Proof of Concept, 2013.
48. V. Tsiatsis et al., "The sensei real world Internet architecture," in Proc. Future Internet Assembly, 2010, pp. 247-256.
49. S. Sotiriadis et al., "An architecture for designing future Internet (FI) applications in sensitive domains: Expressing the software to data paradigm by utilizing hybrid cloud technology," in Proc. IEEE 13th Int. Conf. BIBE, 2013, pp. 1-6.
50. J. B. Bernabe, J. L. Hernández, M. V. Moreno, and A. F. S. Gomez, "Privacy-preserving security framework for a social-aware Internet of things," in Ubiquitous Computing and Ambient Intelligence. Personalisation and User Adapted Services. New York, NY, USA: Springer-Verlag, 2014, pp. 408-415.
51. L. Seitz and G. Selander, "Problem description for authorization in constrained environments," IETF, Fremont, CA, USA, 2014, Draft-Seitz-Ace-Problem-Description-01.
52. C. Kaufman, P. Hoffman, Y. Nir, and P. Eronen, "Internet key exchange protocol version 2 (ikev2)," IETF, Fremont, CA, USA, RFC 5996, Sep. 2010.
53. A. J. Jara, D. Fernandez, P. Lopez, M. A. Zamora, and A. F. Skarmeta, "Lightweight MIPv6 with IPSec support," Mobile Inf. Syst., vol. 10, no. 1, pp. 37-77, Jan. 2014.
54. S. Raza, T. Voigt, and V. Jutvik, "Lightweight IKEv2: A key management solution for both the compressed IPSec and the IEEE 802.15.4 security," in Proc. IETF Workshop Smart Object Security, 2012, pp. 1-2.
55. J. Dennis and E. V. Horn, "Programming semantics for multiprogrammed computations," Commun. ACM, vol. 9, no. 3, pp. 143-155, Mar. 1966.
56. L. Marin, A. J. Jara, and A. F. Gómez-Skarmeta, "Multiplication and squaring with shifting primes on OpenRISC processors with hardware multiplier," J. Universal Comput. Sci., vol. 19, no. 16, pp. 2368-2384, 2013.
57. S. Blake-Wilson, N. Bolyard, V. Gupta, C. Hawk, and B. Möller, "Elliptic curve cryptography (ECC) cipher suites for transport layer security (TLS). Internet engineering task force," IETF, Fremont, CA, USA, RFC 4492, 2006.
58. S. Gerdes, "Actors in the ACE architecture," IETF, Fremont, CA, USA, 2014, Draft-Gerdes-Ace-Actors-01.
59. E. Rissanen, "XACML v3.0 multiple decision profile version 1.0," OASIS Committee Specification 02, Burlington, MA, USA, 2014.
60. D. Simon, B. Aboba, and R. Hurst, "The EAP-TLS authentication protocol," IETF, Fremont, CA, USA, RFC 5216, 2008.
61. J. Daemen and V. Rijmen, The Design of Rijndael: AES-The Advanced Encryption Standard. New York, NY, USA: Springer-Verlag, 2002.
62. P. Szczechowiak, L. B. Oliveira, M. Scott, M. Collier, and R. Dahab, "NanoECC: Testing the limits of elliptic curve cryptography in sensor networks," in Wireless Sensor Networks. New York, NY, USA: Springer-Verlag, 2008, pp. 305-320.
63. L. Seitz, S. Gerdes, G. Selander, M. Mani, and S. Kumar, "ACE use cases," IETF, Fremont, CA, USA, 2014, Draft-Seitz-Ace-Usecases-01.