Yuanchao Shu,Yu (Jason) Gu,Jiming Chen

DOI: https://doi.org/10.1109/tpds.2013.153

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial, and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges cannot be transferred among trusted users. In this work, we introduce a dynamic authentication with sensory information for the access control systems. By combining sensory information obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss, stolen, and duplication. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with sensory information of different sensors and empirically demonstrate simple rotations can increase key space by more than 1,000,000 times with an authentication accuracy of 90 percent. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Yuanchao Shu,Yu Gu,Jiming Chen

DOI: https://doi.org/10.1109/MASS.2012.6502522

2012-01-01

Abstract:Access card authentication is critical and essential for many modern access control systems, which have been widely deployed in various government, commercial and residential environments. However, due to the static identification information exchange among the access cards and access control clients, it is very challenging to fight against access control system breaches due to reasons such as loss, stolen or unauthorized duplications of the access cards. Although advanced biometric authentication methods such as fingerprint and iris identification can further identify the user who is requesting authorization, they incur high system costs and access privileges can not be transferred among trusted users. In this work, we introduce a sensory-data-enhanced authentication for access control systems. By combining sensory-data obtained from onboard sensors on the access cards as well as the original encoded identification information, we are able to effectively tackle the problems such as access card loss and stolen. Our solution is backward-compatible with existing access control systems and significantly increases the key spaces for authentication. We theoretically demonstrate the potential key space increases with simple sensor data and empirically demonstrate simple rotations can increase key space by more than 30, 000 times with an authentication accuracy of 95%. We performed extensive simulations under various environment settings and implemented our design on WISP to experimentally verify the system performance.

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1109/ict.2019.8798859

2019-01-01

Abstract:Attribute-based encryption describes the access policy with the attribute information of users. In practice, attributes usually have a certain lifespan. The existing time-based access control methods directly relate attribute keys to time. Thus, under the constraint of fine-grained time, when the attribute expires, the update of key and policy adds a large additional burden to the data user and owner. In this paper, we propose a dynamic attribute-based access control scheme to set a fine-grained valid time period for each attribute, which not only facilitates dynamic data sharing, but also enables flexible attribute revocation. We use smart contract to set valid time period for attributes. It provides smart management on users' attributes and avoids the waiting time of CSP caused by manual operations. We also introduce trapdoor that are indirectly related to time and proxy decryption method to reduce computational cost on data owners and users. Extensive security and performance analysis shows the security strength and effectiveness of the proposed scheme.

Yuanyu Zhang,Shoji Kasahara,Yulong Shen,Xiaohong Jiang,Jianxiong Wan

DOI: https://doi.org/10.1109/jiot.2018.2847705

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

Yufan Tao,Fanping Zeng

DOI: https://doi.org/10.1109/bigcom61073.2023.00017

2023-01-01

Abstract:In modern society, smart home has become a part of people’s daily life. The smart home will generate a large amount of data to be shared inside and outside the home which is sensitive and private. Therefore, access control plays a critical role in the many issues that need to be addressed in the smart home. However, there is still a lack of an access control scheme suitable for the smart home to ensure the security of users’ data. Attribute-based access control(ABAC) is a flexible authorization model. It controls whether there is permission to operate objects through the attributes of entities, operation types, and related environments, but it cannot resist malicious attacks within the environment. Therefore, in this paper, we propose a trust-based ABAC model, which is extended on the basis of the ABAC model and applies the trust model to the smart home ABAC model to achieve fine-grained and effective access control. Our model can not only use the trust model to monitor the behavior deviation of devices in smart homes, and establish trust relationships between devices, but also control the permissions of each device. Finally, we test the trust model on the ns-3 platform and simulate the access control model on the small real Internet of Things(IoT). The results show that the trust model has good accuracy, convergence, and anti-attack, and the ABAC model has good applicability in smart home scenarios.

Yinghao He,Yun Zhang,Yuguo Sui,Jialiang Wen,Sizhu Chen

DOI: https://doi.org/10.1109/ICDSCA59871.2023.10393438

2023-10-27

Abstract:In the context of today's era, private and efficient identity recognition systems are widely applied, and more traditional security systems are moving towards intelligent and informational development. As a result, intelligent electronic locks have gradually entered people's lives, transforming from simple password locks to embody technological advancements, subtly changing people's habits. This design presents an intelligent electronic lock based on the STM32 microcontroller, which implements multiple unlocking methods such as password unlocking, fingerprint unlocking, RFID card unlocking, and Bluetooth unlocking. This intelligent electronic lock, controlled through touch and mobile devices like smartphones, greatly enhances the user experience in terms of control. Compared to traditional locks, it not only ensures the original security but also adds more functions that align with the present era, facilitating and enriching people's lives. It holds practical significance in real-world applications.

Computer Science,Engineering

Wei,Saiyu Qi,Xu Yang,Wenjia Zhao,Jun Gu,Kashif Saleem,Yong Qi

DOI: https://doi.org/10.1109/tvt.2024.3398062

IF: 6.8

2024-01-01

IEEE Transactions on Vehicular Technology

Abstract:Internet of Vehicles (IoV) is a promising technology to equip transportation management systems with digitalized ability. The deployed IoV devices allow traffic participants to generate and analyze the traffic information such as driving status and road condition. They can further share the collected traffic data through the centralized cloud service to improve road operation efficiency, safety and reduce economic losses. Storing sensitive traffic data in an untrusted cloud server, however, raises the requirement of data access control to protect valuable business issues. Unfortunately, using pure cryptographic access control schemes for traffic data faces several limitations. In this paper, we first develop a pure cryptographic construction to enforce attribute-based access control (ABAC) model in untrusted cloud for IoV system based on ciphertext policy-attribute based encryption (CP-ABE) and explore three limitations of it. By studying ABAC in the context of CP-ABE, we can effectively lower-bound the costs that would be incurred when using more advanced and more expensive predicate encryption schemes. We then propose a new attribute based access control system (AACS) for cloud-aided IoV system to overcome the barriers of CP-ABE by using trusted hardware (Intel Software Guard Extensions (SGX)). AACS uses a secure data division framework to achieve a small Trusted Computing Base (TCB) and integrates SGX with several cryptographic protocols as well as optimization techniques. We comprehensively evaluate AACS to show the design advantages of it

Tailin Wu,Xiaoyan Yun,Yuru Liu,Chanjuan Liang,Yonghui Xue,Yubo Liu

DOI: https://doi.org/10.54097/hset.v56i.10576

2023-07-14

Abstract:In recent years, with the continuous development of science and technology and artificial intelligence technology, intelligent household has come into the people work, life, widely used powerful, bring many benefits to people's life and work, "smart home", "intelligent" concept is deeply rooted in the hearts of the people, people improve the better life quality with the development of society, also greatly improve the happiness of people use furniture products. Among them, in the smart home, the smart door lock, as the most widely used category, due to the particularity and privacy of its own application scope, its security problem has always been the focus of people's attention. And the security door closely related to life can not meet people's needs for safety, intelligence, convenience and other aspects. At present, most of the security doors on the market still have the problems of single function, low anti-theft level and low degree of intelligence. According to the statistics of the public security department, in many big cities, up to 50 percent of burglary cases are committed by criminals using technology to open doors, while more than 20 percent are violent sabotage. These crimes reflect that the lock is the key point to protect the door house, and once the lock is broken, the door is opened. At present, the development of intelligent door lock has become increasingly mature, for the way of intelligent door lock, is not a simple way of unlock, but a variety of ways combined with each other. Therefore, the development of a safe, intelligent anti-theft door house system has become the need of The Times.

Yuanyu Zhang,Mirei Yutaka,Masahiro Sasabe,Shoji Kasahara

DOI: https://doi.org/10.48550/arXiv.2009.02933

2020-09-07

Abstract:Efficient and reliable access control in smart cities is critical for the protection of various resources for decision making and task execution. Existing centralized access control schemes suffer from the limitations of single point of failure, low reliability and poor scalability. This paper therefore proposes a distributed and reliable access control framework for smart cities by combining the blockchain smart contract technology and the Attribute-Based Access Control (ABAC) model. The framework consists of one Policy Management Contract (PMC) for managing the ABAC policies, one Subject Attribute Management Contract (SAMC) for managing the attributes of subjects (i.e., entities accessing resources), one Object Attribute Management Contract (OAMC) for managing the attributes of objects (i.e., resources being accessed), and one Access Control Contract (ACC) for performing the access control. To show the feasibility of the proposed framework, we construct a local private Ethereum blockchain system to implement the four smart contracts and also conduct experiments to evaluate the monetary cost as well as to compare the proposed framework with an existing Access Control List (ACL)-based scheme. The experimental results show that although the proposed scheme consumes more money than the ACL-based scheme at the deployment stage, it introduces less monetary cost during the system running especially for large-scale smart cities.

Cryptography and Security,Information Theory

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Wei Li,Hongrui Li,Aini Gong,Yining Ou,Menglu Li

DOI: https://doi.org/10.1088/1742-6596/1069/1/012134

2018-08-01

Journal of Physics: Conference Series

Abstract:With the rapid development of smart home systems, intelligent electronic locks have attracted much attention. In this paper, a novel intelligent electronic lock is proposed for remote-control system, based on the Narrow Band Internet of Things (NB-IoT), which has the advantages of strong link, high coverage and low power consumption. The intelligent electronic lock is composed of radio frequency identification (RFID) module, NB-IoT module, electronic lock and microcontroller. In the system, the non-contact terminal sends the identity information to the control board through serial port. By NB-IoT transferring, real-time identity information from the control board can be uploaded to the Cloud service platform, and the confirmation information can be downloaded to the control board in return. The intelligent electronic lock is characterized by identification and state monitoring, which is suitable for both public and household application.

A. Wendong Zhao,B. Hao Wang,C. Mengjie Shi,D. Yinghao Li,E. Yan Ma

DOI: https://doi.org/10.1155/2024/5699802

IF: 1.938

2024-01-08

International Journal of Distributed Sensor Networks

Abstract:With the development of IoT technology and the improvement of people’s living standards, smart locks have become prevalent in ordinary households. However, for enterprises and institutions requiring unified management and control capabilities for networked smart locks, the technology has been relatively lagging, and there is a lack of established brands. Existing products are mostly based on wireless low-power network protocols, leading to common issues of low stability, limited network scalability, and high maintenance efforts. This paper addresses the problems existing in current networked lock systems and leverages the centralized office characteristics of enterprises and institutions. By integrating IoT technology and Power over Ethernet- (PoE-) centralized power supply, we have developed a networked smart lock system with unified management and control capabilities. This system is primarily designed for applications in offices, collective dormitories, and hotels of enterprises, institutions, and schools. The test results demonstrate that even with a scale of over tens of thousands of networked locks under unified control, the system maintains fast response times and low packet loss rates. It also incorporates energy-saving and environmentally friendly features, as well as easy automatic updates, facilitating convenient postdeployment maintenance. Thus, it effectively meets the requirements for centralized management and control in different application scenarios with centralized use of rooms. In conclusion, this research has led to the development of a unified management and control networked smart lock system, which is well suited for enterprises, institutions, and schools. Its scalability, speed, energy efficiency, and ease of maintenance make it an excellent solution for various application scenarios requiring centralized management and control of access.

computer science, information systems,telecommunications

Dongkun Hou,Shiyuan Cheng,Jie Zhang,Yuji Dong,Jieming Ma,Xiaohui Zhu,Ka Lok Man

DOI: https://doi.org/10.1109/cw55638.2022.00053

2022-01-01

Abstract:A significant feature of smart door lock systems is the Temporary Key Function (TKF) for visitors. However, existing TKFs in smart door lock systems in use are either vulnerable to attacks or inconvenient for use. This paper thereby proposes elliptic curve cryptography (ECC)-based innovative authentication module for smart door lock systems which enables highly secure and convenient TKF. Based on the authentication module, two protocols are designed for the host and visitor respectively to unlock the door lock system. Security features for the two protocols are verified via Gong Needham Yahalom (GNY) logic. Besides, the proposed prototypes are realized, and the simulation experiments are carried out to study the performance of the protocols. The results show that our scheme is secure and efficient.

Qikun Zhang,Yongjiao Li,Chuanyang Zheng,Liang Zhu,Junling Yuan,Sikang Hu

DOI: https://doi.org/10.1002/ett.4060

IF: 3.6

2020-08-06

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Development of the Internet of things (IoT) is considered as one of the major events in modern manufacturing industry, and IoT devices are expected to create and exchange vast amounts of data, thereby bringing forth unprecedented challenges in terms of robust and vendor‐neutral data sharing. While access control is widely used to protect the security of data sharing, it still has some security flaws and limitations, such as privacy leakage, fixed access permissions, security vulnerabilities, and so on. Aiming at these problems, this article proposes a permission‐combination scalable access control (PCS‐AC) scheme, in which the methods of access permissions assignment, data encryption, and data access are given. In contrast to prior works, PCS‐AC differs in several significant ways: (1) it supports anonymous access and traceability. Anonymous access can prevent leakage of users' privacy. Traceability can track the illegally accessed entity when the resource is illegally accessed; (2) it supports scalable access to data resources. Users use a combination of attribute permissions to access data at different security levels; (3) it achieves high efficiency because the entity can quickly search ciphertext resources by plaintext keywords. After searching and downloading the ciphertext, decrypt it by group key to obtain the corresponding plaintext information. PCS‐AC is proven secure under the hardness assumption of Discrete Logarithm problem and Inverse Computational Diffe‐Hellman problem. The performance analysis shows that PCS‐AC has higher efficiency than the referred works.</p>

telecommunications

Xuanmei Qin,Yongfeng Huang,Zhen Yang,Xing Li

DOI: https://doi.org/10.1016/j.ins.2020.12.035

IF: 8.1

2021-01-01

Information Sciences

Abstract:Attribute-based encryption (ABE) is considered to be one of the most suitable schemes for cryptographic access control in the big data environment. But it still faces many challenges to be applied in the Internet of Things (IoT). ABE is implemented based on bilinear pairing, which is considered to be an expensive operation. However, there are lots of IoT devices with constrained resources. Proxy re-encryption methods based on the cloud are proposed to reduce computing overhead on the user side, but an untrusted cloud may give incorrect computing results to mislead users. To solve this problem, an access control scheme with lightweight decryption based on ABE and blockchain technologies is proposed. We assume that the cloud is untrusted, and guarantee the accuracy of proxy re-encryption calculation based on blockchain. In addition, how to encourage users to obtain authorization through blockchain and record access behavior on the blockchain is a problem worthy of attention. This paper proposes a user credibility incentive mechanism, which calculates the user's credibility according to the user's access behavior and gives a reputation score, so as to dynamically adjust the endorsement protocol. Security analysis and experimental results show that the proposed method is reliable and efficient. (C) 2020 Elsevier Inc. All rights reserved.

Yutong Liu,Linghe Kong,Yifeng Cao,Vahan Sarafian,Long Cheng,Guihai Chen

DOI: https://doi.org/10.1109/padsw.2018.8644559

2018-01-01

Abstract:Smart devices (e.g., smartphones or tablets) have become an indispensable part of our daily lives for conducting mobile payment transactions, and storing both corporate and personal sensitive data. As a result, unauthorized access to smart devices can result in a catastrophic security breach. Lock screen provides the first line of defense against unauthorized access to smart devices, where users typically use the PIN, the pattern of drawing, or biometric to unlock their devices. Unfortunately, recent studies have revealed that individual unlocking methods are insufficient to prevent unauthorized access to smart devices. In this paper, we aim to increase the security barrier of smart device unlocking. We present the Cp 3 , a combined unlocking framework to achieve highly secure and usable authentication for commodity smart devices. We address several challenges of combing unlocking methods from different modalities, such as the high reliability and low latency. We implement a prototype of our approach based on the Android platform, which selects the fingerPrint authentication, bluetooth transmission Power authentication and facial Pattern verification as our typical Combination for the secure unlocking. We have made the source code of our implementation public 1 1 https://goo.gl/oUwSfZ, Real-world experiments demonstrate the effectiveness of our solution. CP3 achieves 88 % accuracy and 2.88s operation latency, which guarantees both good user experience and high security level compared with existing methods.

Syed Yawar Abbas Zaidi,Munam Ali Shah,Hasan Ali Khattak,Carsten Maple,Hafiz Tayyab Rauf,Ahmed M. El-Sherbeeny,Mohammed A. El-Meligy

DOI: https://doi.org/10.3390/su131910556

IF: 3.9

2021-09-23

Sustainability

Abstract:With opportunities brought by the Internet of Things (IoT), it is quite a challenge to maintain concurrency and privacy when a huge number of resource-constrained distributed devices are involved. Blockchain have become popular for its benefits, including decentralization, persistence, immutability, auditability, and consensus. Great attention has been received by the IoT based on the construction of distributed file systems worldwide. A new generation of IoT-based distributed file systems has been proposed with the integration of Blockchain technology, such as the Swarm and Interplanetary File System. By using IoT, new technical challenges, such as Credibility, Harmonization, large-volume data, heterogeneity, and constrained resources are arising. To ensure data security in IoT, centralized access control technologies do not provide credibility. In this work, we propose an attribute-based access control model for the IoT. The access control lists are not required for each device by the system. It enhances access management in terms of effectiveness. Moreover, we use blockchain technology for recording the attribute, avoiding data tempering, and eliminating a single point of failure at edge computing devices. IoT devices control the user’s environment as well as his or her private data collection; therefore, the exposure of the user’s personal data to non-trusted private and public servers may result in privacy leakage. To automate the system, smart contracts are used for data accessing, whereas Proof of Authority is used for enhancing the system’s performance and optimizing gas consumption. Through smart contracts, ciphertext can be stored on a blockchain by the data owner. Data can only be decrypted in a valid access period, whereas in blockchains, the trace function is achieved by the storage of invocation and the creation of smart contracts. Scalability issues can also be resolved by using the multichain blockchain. Eventually, it is concluded from the simulation results that the proposed system is efficient for IoT.

environmental sciences,environmental studies,green & sustainable science & technology

Leepakshi Bindra,Kalvin Eng,Omid Ardakanian,Eleni Stroulia

DOI: https://doi.org/10.1080/23335777.2021.1922502

2020-10-16

Abstract:Large commercial buildings are complex cyber-physical systems containing expensive and critical equipment that ensure the safety and comfort of their numerous occupants. Yet occupant and visitor access to spaces and equipment within these buildings are still managed through unsystematic, inefficient, and human-intensive processes. As a standard practice, long-term building occupants are given access privileges to rooms and equipment based on their organizational roles, while visitors have to be escorted by their hosts. This approach is conservative and inflexible. In this paper, we describe a methodology that can flexibly and securely manage building access privileges for long-term occupants and short-term visitors alike, taking into account the risk associated with accessing each space within the building. Our methodology relies on blockchain smart contracts to describe, grant, audit, and revoke fine-grained permissions for building occupants and visitors, in a decentralized fashion. The smart contracts are specified through a process that leverages the information compiled from Brick and BOT models of the building. We illustrate the proposed method through a typical application scenario in the context of a real office building and argue that it can greatly reduce the administration overhead, while, at the same time, providing fine-grained, auditable access control.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yang Xu,Quanrun Zeng,Guojun Wang,Cheng Zhang,Ju Ren,Yaoxue Zhang

DOI: https://doi.org/10.1007/978-3-030-05345-1_31

2018-01-01

Abstract:The emerging attribute-based access control (ABAC) mechanism is an expressive, flexible, and manageable authorization technique that is particularly suitable for current distributed, inconstant and complex service-oriented scenarios. Unfortunately, the inevitable disclosure of attributes that carry sensitive information bring significant risks to users' privacy, which obstructs the further development and popularization of the ABAC severely. In this paper, we propose an effective privacy-preserving ABAC (P-ABAC) scheme to defend against privacy leakage risks of users' attributes. In the P-ABAC approach, the necessary sensitive attributes are securely handled on the service requester side by using the homomorphic encryption method for privacy protection. And meanwhile, the service provider is still able to make accurate access decisions according to the received attribute ciphertext and pre-set policies with the help of the homomorphic encryption-based secure multi-party computation techniques, while learning no privacy information. The theoretical analysis proves that our model contributes to making an efficient and effective ABAC model with the enhanced privacy-protection feature.

Wu Deming,Zhang Yu,Wang Lina,Hou Jian,Xiao Lei,Chen Wei,Zhou Qing

DOI: https://doi.org/10.1049/cje.2017.11.009

IF: 1.019

2018-01-01

Chinese Journal of Electronics

Abstract:To guarantee that electronic publications are accessible only to the authorized users via cloud, we propose an Efficient access control scheme（EACS） based on Attribute-based encryption（ABE）, which is suitable for fine-grained access control. Compared with existing stateof-the-art schemes, EACS is more practical by following functions. Considering the factor that the user membership may change frequently, EACS has the capability of coping with dynamic membership efficiently. Arbitrary-State is also supported to facilitate the system management and improve efficiency. Besides, we prove in the standard model that the security of EACS is based on the Decisional Bilinear Diffie-Hellman assumption. To evaluate the practicality of EACS, we provide a detailed theoretical performance analysis and a simulation comparison with existing schemes. Both the theoretical analysis and the experimental results show that our proposal is efficient and practical for electronic publishing under cloud environment.