Yu Liu,Kaiping Xue,Peixuan He,David S. L. Wei,Mohsen Guizani

DOI: https://doi.org/10.1109/jiot.2020.2975140

IF: 10.6

2020-07-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT) has set off a new information technology revolution due to its convenience and efficiency. An IoT enables sharing economy, as more people are willing to share their own things (mostly mobile devices) to leverage the under-used value. In such a situation where owners and users are often not familiar with each other, an efficient access control mechanism is needed to deal with the trust issue and support service accountability to help owners accurately get their deserved profits. Besides, in such a sharing economy environment, the mobility of most shared IoT devices and their privacy preserving should also be taken into account. Regrettably, the existing schemes cannot achieve all of the aforementioned goals simultaneously and only few schemes were implemented to evaluate the claimed performance. In this article, we propose an efficient, accountable, and privacy-preserving access control solution for IoT in a sharing economy environment. In our scheme, we utilize the one-time signature to achieve anonymous authentication and let gateways store the signatures as service credentials for accountability. Meanwhile, we adopt the identity-based authentication to exclude malicious gateways and shared devices from the system and design a specialized protocol for those devices moving with the users. We conduct a detailed security analysis to show that our scheme can effectively defend against potential attacks, and also implement a prototype system to demonstrate that our design is indeed an efficient one.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jianhong Zhang,Wenle Bai,Yuehai Wang

DOI: https://doi.org/10.1109/access.2019.2899828

IF: 3.9

2019-01-01

IEEE Access

Abstract:The Internet of Things (IoT) is the internetworking of terminal physical devices depends on application programming interfaces and sensors to be connected to the Internet for collecting and exchanging data. According to the characteristics of IoT, it can provide rich services for the terminal user. However, the centralized cloud computing-based storage architecture in IoT faces many challenges, such as data security, identity privacy, and high latency. To overcome these challenges, this paper introduces an IoT network storage architecture based on mobile edge computing, which not only achieves low-latency message response and computation offloading of the terminal user but also preserves identity-privacy of the terminal user. Afterward, we presented a novel non-interactive pairing-free ID-based proxy re-signature scheme (ID-PRS), which is a kernel technique to construct the aforementioned storage architecture. Compared with most of proxy re-signature schemes constructed based on traditional public-key-infrastructure, the proposed scheme avoids expensive pairing operation and intricate certificate-maintenance. And it is demonstrated to be provably secure under the classic security assumptions: integer factoring problem and the RSA assumption. Finally, in contrast to the other two ID-PRS schemes, the proposed ID-PRS scheme has more advantages in terms of security, functionability, and computation costs. Thus, it is very suitable to be applied to the resource-constrained mobile users.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Jun Wu,Mianxiong Dong,Kaoru Ota,Jianhua Li,Bei Pei

DOI: https://doi.org/10.1109/uic-atc-scalcom.2014.140

2014-01-01

Abstract:The integration of Internet of Things (IoT) and social networks is the important trend of new network technologies, which is Social Internet of Tings (SIoT). In many application scenarios, SIoT are controlled by different authorities. And the network nodes belong to different domain can share the sensor data by standard protocols. Moreover, in a mission-critical application scenario various types of data generate by all kinks of the nodes of SIoT may belong to different security levels, and thus are meant to be accessed only by selected types of users. Therefore, a fine-grained cross-domain access is the core problem for it. To address this, this paper focus on the fine-grained cross-domain access control mechanism of SIoT, which including trust model for certificate authority, user login protocol, cross-domain secure authentication protocol, and cross-domain fine-grained access control. The simulation results show the feasibility and effectiveness of the proposed scheme, which provide strong support for integrating IoT and social networks securely.

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Jianhua Li,Jiong Jin,Lingjuan Lyu,Dong Yuan,Yingying Yang,Longxiang Gao,Chao Shen

DOI: https://doi.org/10.48550/arXiv.2011.06325

2020-11-12

Abstract:Numerous resource-limited smart objects (SOs) such as sensors and actuators have been widely deployed in smart environments, opening new attack surfaces to intruders. The severe security flaw discourages the adoption of the Internet of things in smart living. In this paper, we leverage fog computing and microservice to push certificate authority (CA) functions to the proximity of data sources. Through which, we can minimize attack surfaces and authentication latency, and result in a fast and scalable scheme in authenticating a large volume of resource-limited devices. Then, we design lightweight protocols to implement the scheme, where both a high level of security and low computation workloads on SO (no bilinear pairing requirement on the client-side) is accomplished. Evaluations demonstrate the efficiency and effectiveness of our scheme in handling authentication and registration for a large number of nodes, meanwhile protecting them against various threats to smart living. Finally, we showcase the success of computing intelligence movement towards data sources in handling complicated services.

Cryptography and Security,Networking and Internet Architecture

Bai Liu,Xiangyi Zhang,Runhua Shi,Mingwu Zhang,Guoxing Zhang

DOI: https://doi.org/10.3390/math10122120

IF: 2.4

2022-01-01

Mathematics

Abstract:The rapid development of the Internet of Things (IoT), big data and artificial intelligence (AI) technology has brought extensive IoT services to entities. However, most IoT services carry the risk of leaking privacy. Privacy-preserving set intersection in IoT is used for a wide range of basic services, and its privacy protection issues have received widespread attention. The traditional candidate protocols to solve the privacy-preserving set intersection are classical encryption protocols based on computational difficulty. With the emergence of quantum computing, some advanced quantum algorithms may undermine the security and reliability of traditional protocols. Therefore, it is important to design more secure privacy-preserving set intersection protocols. In addition, identity information is also very important compared to data security. To this end, we propose a quantum privacy-preserving set intersection protocol for IoT scenarios, which has higher security and linear communication efficiency. This protocol can protect identity anonymity while protecting private data.

Sensen Li,Yicai Huang,Bin Yu

DOI: https://doi.org/10.1016/j.comnet.2024.110426

IF: 5.493

2024-05-09

Computer Networks

Abstract:With the explosive development of the Internet of Things (IoT), its security has become a critical concern. As a lightweight hardware primitive, Physical Unclonable Function (PUF) provides a promising solution for IoT security. Nevertheless, as per the knowledge of the authors, most of the existing PUF-based anonymous authentication protocols for IoT are not suitable for end-to-end IoT applications due to their flexibility or security. Specifically, there are two main issues with existing related protocols: (1) the end-to-end anonymous authentication between IoT devices requires the participation of a trusted third party, which seriously affects the flexibility of interaction; (2) most related protocols provide weak anonymity, that is, they are anonymous against only eavesdroppers. To solve these problems, a new PUF-based end-to-end anonymous authentication protocol is proposed. Without needing the real-time participation of the third party, the proposed protocol realizes end-to-end direct mutual authentication and session key agreement while maintaining strong anonymity. It also provides an online dynamic updating mechanism for security parameters. The security analysis shows that the proposed protocol has perfect forward secrecy while resisting various known attacks including physical attacks and modeling attacks. Meanwhile, it outperforms related protocols in terms of protocol rounds and communication costs.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Khan Reaz,Gerhard Wunder

2024-03-18

Abstract:The existing high-friction device onboarding process hinders the promise and potentiality of Internet of Things (IoT). Even after several attempts by various device manufacturers and working groups, no widely adopted standard solution came to fruition. The latest attempt by Fast Identity Online (FIDO) Alliance promises a zero touch solution for mass market IoT customers, but the burden is transferred to the intermediary supply chain (i.e. they have to maintain infrastructure for managing keys and digital signatures called `Ownership Voucher' for all devices). The specification relies on a `Rendezvous Server' mimicking the notion of Domain Name System (DNS) server'. This essentially means resurrecting all existing possible attack scenarios associated with DNS, which include Denial of Service (DoS) attack, and Correlation attack. `Ownership Voucher' poses the risk that some intermediary supply chain agents may act maliciously and reject the transfer of ownership or sign with a wrong key. Furthermore, the deliberate use of the weak elliptic curve SECP256r1/SECP384r1 (also known as NIST P-256/384) in the specification raises questions. We introduce ASOP: a sovereign and secure device onboarding protocol for IoT devices without blindly trusting the device manufacturer, supply chain, and cloud service provider. The ASOP protocol allows onboarding an IoT device to a cloud server with the help of an authenticator owned by the user. This paper outlines the preliminary development of the protocol and its high-level description. Our `zero-trust' and `human-in-the-loop' approach guarantees that the device owner does not remain at the mercy of third-party infrastructures, and it utilises recently standardized post-quantum cryptographic suite (CRYSTALS) to secure connection and messages.

Cryptography and Security,Networking and Internet Architecture

Hu Xiong,Qian Mei,Yanan Zhao,Li Peng,Hao Zhang

DOI: https://doi.org/10.1109/jsen.2019.2919508

IF: 4.3

2019-01-01

IEEE Sensors Journal

Abstract:To ensure the normal work of the whole system in the context of the Internet of Things (IoT), remote attestation for each smart device should be guaranteed. However, considering the huge number of smart devices, the traditional individual attestation schemes cannot meet the requirements in terms of efficiency. In addition, protecting the sensitive identity information related to the devices also needs to be supported. Furthermore, avoiding security risks caused by the secret key exposures is very important in the context of the IoT, where the compromise of terminal devices frequently occurs. To solve these challenges, in this paper, we present a new network attestation scheme that, for the first time, provides scalability, forward-security, and privacy preserving simultaneously. The new scheme allows anyone to publicly verify a collective attestation, and any identity information of the provers will not be revealed to the verifier. Moreover, it provides unforgeability and confidentiality of the previous messages even though the current secret key is exposed. Considering the limited resources of lightweight devices in the context of the IoT, our scheme outsources the main computational task to an untrusted cloud server. Finally, our security proof and performance evaluation show that our scheme is secure and feasible.

He Fang,Angie Qi,Xianbin Wang

DOI: https://doi.org/10.48550/arXiv.1907.12092

2019-07-28

Abstract:Security provisioning has become the most important design consideration for large-scale Internet of Things (IoT) systems due to their critical roles to support diverse vertical applications by connecting heterogenous devices, machines and industry processes. Conventional authentication and authorization schemes are insufficient in dealing the emerging IoT security challenges due to their reliance on both static digital mechanisms and computational complexity for improving security level. Furthermore, the isolated security designs for different layers and link segments while ignoring the overall protection lead to cascaded security risks as well as growing communication latency and overhead. In this article, we envision new artificial intelligence (AI) enabled security provisioning approaches to overcome these issues while achieving fast authentication and progressive authorization. To be more specific, a lightweight intelligent authentication approach is developed by exploring machine learning at the gateway to identify the access time slots or frequencies of resource-constraint devices. Then we propose a holistic authentication and authorization approach, where online machine learning and trust management are adopted for analyzing the complex dynamic environment and achieving adaptive access control. These new AI enabled approaches establish the connections between transceivers quickly and enhance security progressively, so that communication latency can be reduced and security risks are well-controlled in large-scale IoT. Finally, we outline several areas for AI-enabled security provisioning for future researches.

Cryptography and Security

Xuefei Yin,Song Wang,Muhammad Shahzad,Jiankun Hu

DOI: https://doi.org/10.1109/jiot.2021.3131956

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Identity authentication has become an essential component for access control in the Internet of Things (IoT) environment. To overcome the inherent weakness of password-based authentication, many present IoT devices (e.g., commercial banking smart cards) are equipped with the fingerprint authentication mechanism. However, due to the resource constraints of IoT devices, oversimplified authentication schemes are deployed, which compromise system performance significantly. Moreover, fingerprint templates in these existing schemes are unprotected. To address these issues, we propose an IoT-oriented privacy-preserving fingerprint authentication system. The proposed system is composed of four main components: 1) minutiae extraction; 2) the minutia cylinder-code (MCC)-based cancelable binary template, generated by the proposed normalized random projection; 3) the lightweight, privacy-preserving template, built by novel pairwise Boolean operations; and 4) fingerprint matching. Our system can effectively mitigate preimage and hill-climbing attacks. A prototype of the proposed system is developed using a popular open-source platform (i.e., Open Virtual Platforms). Comprehensive experimental results on eight benchmark data sets validate the effectiveness of the proposed IoT-oriented fingerprint authentication system. Our system also achieves equivalent authentication accuracy to that of the unprotected fingerprint authentication systems deployed in the resource-rich, non-IoT environment. More importantly, our system prototype is deployable to commercially available low-cost smart cards, such as Atmel AT24C256C Memory Smart Card 256K Bits. To the best of our knowledge, the proposed system is the first privacy-preserving, cancelable fingerprint authentication system developed in such a resource-constrained IoT setting.

computer science, information systems,telecommunications,engineering, electrical & electronic

Junhui Zhao,Huanhuan Hu,Fanwei Huang,Yingxuan Guo,Longxia Liao

DOI: https://doi.org/10.3390/electronics12081812

IF: 2.9

2023-04-12

Electronics

Abstract:This paper mainly summarizes three aspects of information security: Internet of Things (IoT) authentication technology, Internet of Vehicles (IoV) trust management, and IoV privacy protection. Firstly, in an industrial IoT environment, when a user wants to securely access data from IoT sensors in real-time, they may face network attacks due to the data being transmitted through an open channel. In order to solve this problem, we innovatively propose a user and device authentication model integrated with cloud computing, introduce an algorithm related to protocol design, and summarize the research direction of developing a more lightweight algorithm when designing security protocols in the future. Secondly, for mobile IoT applications, such as IoV, information collection and distribution is realized by establishing a network between vehicles and infrastructure. IoV will face security threats such as information insecurity and privacy disclosure. We introduce a typical trust management model for the IoV, which solves the problem of information unreliability by storing vehicle trust values. In the future, we are committed to making the process of computing node credibility using a trust model more robust. Finally, aiming at the privacy protection of the IoV, we propose a cross-domain anonymous authentication system model based on blockchain. The user's auxiliary authentication information is stored in the blockchain, and the auxiliary authentication information of any registered user can be obtained from the blockchain. The privacy protection of cross-domain authentication can be realized through anonymous authentication, which greatly saves the communication cost of cross-domain authentication. In the future, we will try to use deep learning or federated learning to integrate with blockchain for actual deployment.

engineering, electrical & electronic,computer science, information systems,physics, applied

Inderpal Singh,Balraj Singh

DOI: https://doi.org/10.1007/s40998-024-00748-4

2024-09-11

Iranian Journal of Science and Technology Transactions of Electrical Engineering

Abstract:Internet of Things (IoT) applications are popularly involved in day-to-day life. The increase in utilization leads to an increase in network traffic. The incoming users have different intentions in the network and hence security is essential. The data user accesses the data in the cloud that is collected from IoT devices. A large-scale IoT environment has challenges in the provisioning of security as well as the management of access control mechanisms. The problem is a generation of policies and authenticating devices with minimum credentials. In this paper, Blockchain-based decentralized authentication and access control systems are designed. The process of authentication is conducted for the data owner and data user by considering identity, device type, IP address and signature, PUF, and biometric respectively. PUF stands for Physical Unclonable Function, which is a hardware-based security feature that generates a unique identifier for a device based on its physical properties, SALSA20 and PRESENT are encryption algorithms used in the proposed system to encrypt data chunks. SALSA20 is a stream cipher that generates a keystream to encrypt data, while PRESENT is a block cipher that encrypts data in fixed-size blocks These authentication credentials are managed in the blockchain. The credentials are stored in encrypted form using the Key schedule PRESENT algorithm. In the authentication of data users, the number of credentials is selected using fuzzy logic that improves security. To assure data storage security, the data is split into two chunks, and it is encrypted using SALSA20 and PRESENT algorithm. The proposed model is developed in an ifogsim simulator, and the performance metrics are evaluated in terms of authentication time, storage efficiency, running time, throughput, latency, and blocksize.

engineering, electrical & electronic

Bo Tang,Hongjuan Kang,Jingwen Fan,Qi Li,Ravi Sandhu

DOI: https://doi.org/10.1145/3322431.3326327

2019-01-01

Abstract:Internet-of-Things (IoT) is a rapidly-growing transformative expansion of the Internet with increasing influence on our daily life. Since the number of "things" is expected to soon surpass human population, control and automation of IoT devices has received considerable attention from academia and industry. Cross-platform collaboration is highly desirable for better user experience due to fragmentation of user needs and vendor products with time. Centralized approaches have been used to build federated trust among platforms and devices, but limit diversity and scalability. We propose a decentralized trust framework, called IoT Passport, for cross-platform collaborations using blockchain technology. IoT Passport is motivated by the familiar use of passports for international travel but with greater dynamism. It enables platforms to establish arbitrary trust relations with each other containing specific rules for intended collaborations, enforced by a combination of smart contracts. Each interaction among devices is signed by the participants and recorded on the blockchain. The records are utilized as attributes for authorization and as proofs of incentive plans. This approach incorporates the preferences of participating platforms and end users, and opens new avenues for collaborative edge computing as well as research on blockchain-based access control mechanism for IoT environments.

Qingshui Xue,Xingzhong Ju,Haozhi Zhu,Haojin Zhu,Fengying Li,Xiangwei Zheng

DOI: https://doi.org/10.1007/978-3-030-22971-9_12

2019-01-01

Abstract:IoT is an important part of the new generation of information technologies and the next big thing in the IT industry after the computer and the internet. The IoT has great development potential and a wide range of possible applications, especially commercial applications. And information security of the IoT is the key to the long-term development of the whole industry. Currently, the two most significant factors in the development of the IoT are user identity authentication and privacy protection. This paper contains an analysis on the current picture of inter-device user identity authentication in the IoT and proposes an inter-device biometric authentication solution for the IoT that’s designed to work with larger devices, addressing the shortcomings of the traditional user identity authentication technologies including security and efficiency problems. A strategy for further solution optimization is also included. This paper elaborates on the specific process of user identity authentication carried out by users on devices and between devices making use of fingerprints. We’ll demonstrate the security of this solution against existing attack methods and in the last part, we enumerate various possible applications of this solution in smart homes.

Leyou Zhang,Jun Wang,Yi Mu

DOI: https://doi.org/10.1109/jiot.2021.3071553

IF: 10.6

2021-10-01

IEEE Internet of Things Journal

Abstract:Along with the development of edge computing and the cloud, the Internet of Things (IoT) is affecting and changing people's lives. Data sharing has played an important role in the IoT, but the leakage of private user information poses a new security threat to the users. Thus, flexible fine-grained access control for such shared data is proposed in this article as an effective and secure method of eliminating vulnerabilities. However, the disclosure of access policies will also expose users' private information. Recently, Yang et al. attempted to solve this problem and proposed a framework based on attribute-based encryption for shared data onto IEEE IoT-J(DOI: 10.1109/JIOT.2016.2571718). They hide the access policies by using a bloom filter (BF) and attempt to address privacy preservation in IoT. However, we demonstrate several security weaknesses of their framework and point out its vulnerability to dictionary attacks and access policy guessing attacks. Then, an improved IoT solution is proposed. Under this proposal, the attribute values are stored in BF while the attribute names are embedded in the access policy. The proposed scheme can resist dictionary attacks and access policy guessing attacks. In addition, it simultaneously realizes large attribute sets, an efficient decryption algorithm, and adaptive security. Security analysis and performance evaluations show that the presented scheme achieves higher security and implementation simplicity in the IoT than other currently available schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Weichu Deng,Jin Li,Hongyang Yan,Arthur Sandor Voundi Koe,Teng huang,Jianfeng Wang,Cong Peng

DOI: https://doi.org/10.1016/j.jisa.2024.103885

IF: 4.96

2024-09-14

Journal of Information Security and Applications

Abstract:In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper's motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

computer science, information systems

Teng Hu,Siqi Yang,Yanping Wang,Gongliang Li,Yulong Wang,Gang Wang,Mingyong Yin

DOI: https://doi.org/10.3390/s23208535

2023-10-18

Abstract:With the rapid advancement of network communication and big data technologies, the Internet of Things (IoT) has permeated every facet of our lives. Meanwhile, the interconnected IoT devices have generated a substantial volume of data, which possess both economic and strategic value. However, owing to the inherently open nature of IoT environments and the limited capabilities and the distributed deployment of IoT devices, traditional access control methods fall short in addressing the challenges of secure IoT data management. On the one hand, the single point of failure issue is inevitable for the centralized access control schemes. On the other hand, most decentralized access control schemes still face problems such as token underutilization, the insecure distribution of user permissions, and inefficiency.This paper introduces a blockchain-based access control framework to address these challenges. Specifically, the proposed framework enables data owners to host their data and achieves user-defined lightweight data management. Additionally, through the strategic amalgamation of smart contracts and hash-chains, our access control scheme can limit the number of times (i.e., n-times access) a user can access the IoT data before the deadline. This also means that users can utilize their tokens multiple times (predefined by the data owner) within the deadline, thereby improving token utilization while ensuring strict access control. Furthermore, by leveraging the intrinsic characteristics of blockchain, our framework allows data owners to gain capabilities for auditing the access records of their data and verifying them. To empirically validate the effectiveness of our proposed framework and approach, we conducted extensive simulations, and the experimental results demonstrated the feasibility and efficiency of our solution.

Qikun Zhang,Yongjiao Li,Chuanyang Zheng,Liang Zhu,Junling Yuan,Sikang Hu

DOI: https://doi.org/10.1002/ett.4060

IF: 3.6

2020-08-06

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Development of the Internet of things (IoT) is considered as one of the major events in modern manufacturing industry, and IoT devices are expected to create and exchange vast amounts of data, thereby bringing forth unprecedented challenges in terms of robust and vendor‐neutral data sharing. While access control is widely used to protect the security of data sharing, it still has some security flaws and limitations, such as privacy leakage, fixed access permissions, security vulnerabilities, and so on. Aiming at these problems, this article proposes a permission‐combination scalable access control (PCS‐AC) scheme, in which the methods of access permissions assignment, data encryption, and data access are given. In contrast to prior works, PCS‐AC differs in several significant ways: (1) it supports anonymous access and traceability. Anonymous access can prevent leakage of users' privacy. Traceability can track the illegally accessed entity when the resource is illegally accessed; (2) it supports scalable access to data resources. Users use a combination of attribute permissions to access data at different security levels; (3) it achieves high efficiency because the entity can quickly search ciphertext resources by plaintext keywords. After searching and downloading the ciphertext, decrypt it by group key to obtain the corresponding plaintext information. PCS‐AC is proven secure under the hardness assumption of Discrete Logarithm problem and Inverse Computational Diffe‐Hellman problem. The performance analysis shows that PCS‐AC has higher efficiency than the referred works.</p>

telecommunications