Qikun Zhang,Yongjiao Li,Chuanyang Zheng,Liang Zhu,Junling Yuan,Sikang Hu

DOI: https://doi.org/10.1002/ett.4060

IF: 3.6

2020-08-06

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Development of the Internet of things (IoT) is considered as one of the major events in modern manufacturing industry, and IoT devices are expected to create and exchange vast amounts of data, thereby bringing forth unprecedented challenges in terms of robust and vendor‐neutral data sharing. While access control is widely used to protect the security of data sharing, it still has some security flaws and limitations, such as privacy leakage, fixed access permissions, security vulnerabilities, and so on. Aiming at these problems, this article proposes a permission‐combination scalable access control (PCS‐AC) scheme, in which the methods of access permissions assignment, data encryption, and data access are given. In contrast to prior works, PCS‐AC differs in several significant ways: (1) it supports anonymous access and traceability. Anonymous access can prevent leakage of users' privacy. Traceability can track the illegally accessed entity when the resource is illegally accessed; (2) it supports scalable access to data resources. Users use a combination of attribute permissions to access data at different security levels; (3) it achieves high efficiency because the entity can quickly search ciphertext resources by plaintext keywords. After searching and downloading the ciphertext, decrypt it by group key to obtain the corresponding plaintext information. PCS‐AC is proven secure under the hardness assumption of Discrete Logarithm problem and Inverse Computational Diffe‐Hellman problem. The performance analysis shows that PCS‐AC has higher efficiency than the referred works.</p>

telecommunications

Siwei Li,Hui Zhang,Hui Shi,Maode Ma,Cong Wang

DOI: https://doi.org/10.1007/s11227-024-06262-y

IF: 3.3

2024-06-04

The Journal of Supercomputing

Abstract:The distributed authentication of a large number of resource-constrained power terminal devices (PTDs) is crucial for ensuring the security of the power IoT communication. However, existing solutions are inadequate in terms of security (such as vulnerability to single point failures or insider attacks) and communication costs, which do not meet the requirements of the power IoT environment. Therefore, we propose a zero-trust-based mutual authentication scheme in cloud-edge-end collaboration power IoT environment based on blockchain technology. The proposed solution involves deploying a distributed multi-point zero-trust engine around dense PTDs to collect real-time identity information. Through the maintenance of an alliance blockchain, the edge server securely shares and traces identity information, preventing tampering and effectively blocking threats related to lost terminals during authentication. Additionally, a lightweight ECC key management scheme ensures the security of authentication information. The proposed scheme effectively defends against common attacks such as replay attacks and identity forgery attacks through informal security analysis, while its security is evaluated using the Canetti and Krawczyk (CK) adversary models. Performance evaluation results demonstrate that the proposed scheme achieves effectiveness without the compromising required security attributes, which obtains up to 58% improvement 58% improvement in computation delay and a 56.9% improvement in communication costs over previous state-of-the-art methods.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Peng Wang,Tao Xiang,Xiaoguo Li,Hong Xiang

DOI: https://doi.org/10.1016/j.ins.2020.09.004

IF: 8.1

2021-02-01

Information Sciences

Abstract:<p>With the increasing popularity of Internet of Energy (IoE), more and more physical devices connected to IoE depend on the information system for energy control and coordination. Under this condition, how to achieve information flow control in IoE becomes a great challenge. Access control encryption (ACE) is a promising technology to address the problem. However, existing ACE requires a centralized sanitizer, hindering its successful application in IoE. In this paper, we construct a new kind of ACE without sanitizers for IoE. We first construct a basic ACE scheme based on number-theoretic assumptions (i.e., DBDH assumption), and this scheme can control not only what users can read but also what they can write. To resist against the quantum attacks, we further construct a more secure ACE scheme based on learning with errors (LWE). We formally prove that our proposed two ACE schemes are secure under the proposed security definition, and we also evaluate the applicability and the efficiency of them in experiments.</p>

computer science, information systems

Peng Wang,Ning Xu,Haibin Zhang,Wen Sun,Abderrahim Benslimane

DOI: https://doi.org/10.1109/jiot.2021.3125091

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The Internet of Things (IoT), while providing comprehensive interconnection and ubiquitous services, poses security issues by enabling resources sharing among various devices from different untrusted authorities. Blockchain, as a distributed ledger, provides a traceable and verifiable platform to ensure the secure access control in IoT. The existing works based on blockchain may bring up intolerable computing overhead and delay to the lightweight IoT devices. In this article, we propose a dynamic and lightweight attribute-based access control framework for blockchain-empowered IoT, to achieve secure and fine-grained authorization. The proposed scheme allows access to resources by evaluating attributes, operations, and the environment relevant to a request. The access policy is executed through smart contract in blockchain for security and flexibility. To further adapt to IoT device constraints, we design a access control framework based on decentralized application (DApp), which can maintain tamper proof in a timely manner and be adapt to the delay-intolerant application. When delay-intolerant access is required, access can be allowed according to local replica of the blockchain, without a consensus of blockchain network. Considering the time-varying attributes of IoT devices, a trust management scheme is proposed based on the Markov chain to resist the security fluctuation caused by the vulnerability of IoT devices. In the experiments, we deploy our system prototype on Ethereum to evaluate the feasibility and effectiveness of the scheme. The results show the proposed scheme can achieve secure, high throughput, and flexible access control in IoT.

computer science, information systems,telecommunications,engineering, electrical & electronic

Leyou Zhang,Jun Wang,Yi Mu

DOI: https://doi.org/10.1109/jiot.2021.3071553

IF: 10.6

2021-10-01

IEEE Internet of Things Journal

Abstract:Along with the development of edge computing and the cloud, the Internet of Things (IoT) is affecting and changing people's lives. Data sharing has played an important role in the IoT, but the leakage of private user information poses a new security threat to the users. Thus, flexible fine-grained access control for such shared data is proposed in this article as an effective and secure method of eliminating vulnerabilities. However, the disclosure of access policies will also expose users' private information. Recently, Yang et al. attempted to solve this problem and proposed a framework based on attribute-based encryption for shared data onto IEEE IoT-J(DOI: 10.1109/JIOT.2016.2571718). They hide the access policies by using a bloom filter (BF) and attempt to address privacy preservation in IoT. However, we demonstrate several security weaknesses of their framework and point out its vulnerability to dictionary attacks and access policy guessing attacks. Then, an improved IoT solution is proposed. Under this proposal, the attribute values are stored in BF while the attribute names are embedded in the access policy. The proposed scheme can resist dictionary attacks and access policy guessing attacks. In addition, it simultaneously realizes large attribute sets, an efficient decryption algorithm, and adaptive security. Security analysis and performance evaluations show that the presented scheme achieves higher security and implementation simplicity in the IoT than other currently available schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wenlong Zhu,Changli Zhou,Linmei Jiang

DOI: https://doi.org/10.3390/electronics13061026

IF: 2.9

2024-03-09

Electronics

Abstract:With the rapid popularization of current Internet of Things (IoT) technology and 5G networks, as well as the continuous updating of new service lifestyles and businesses, the era of big data processing for the IoT has arrived. However, centralizing all data for processing in the cloud can lead to issues such as communication latency and privacy breaches. To solve these problems, edge computing, as a new network architecture close to terminal data sources and supporting low latency services, has gradually emerged. In this context, cloud edge collaborative computing has become an important network architecture. With the changing security requirements and communication methods of cloud edge collaborative network architecture, traditional authentication key agreement protocols are no longer applicable. Therefore, a new IoT authentication and key agreement protocol needs to be designed to solve this problem. This study proposes an IoT accessible solution for cloud edge collaboration. This scheme adopts a chaotic mapping algorithm to achieve efficient authentication. It ensures the anonymity and untraceability of users. Following this, we conducted strict security verification using BAN logic and Scyther tools. Through experimental comparative analysis, the research results show that the protocol performs better than other schemes while ensuring security. This indicates that the protocol can achieve efficient authentication and key negotiation in cloud edge collaborative network architecture, providing a secure and reliable solution for the accessibility of the IoT.

engineering, electrical & electronic,computer science, information systems,physics, applied

Yuanyu Zhang,Shoji Kasahara,Yulong Shen,Xiaohong Jiang,Jianxiong Wan

DOI: https://doi.org/10.1109/jiot.2018.2847705

IF: 10.6

2018-01-01

IEEE Internet of Things Journal

Abstract:This paper investigates a critical access control issue in the Internet of Things (IoT). In particular, we propose a smart contract-based framework, which consists of multiple access control contracts (ACCs), one judge contract (JC) and one register contract (RC), to achieve distributed and trustworthy access control for IoT systems. Each ACC provides one access control method for a subject-object pair, and implements both static access right validation based on predefined policies and dynamic access right validation by checking the behavior of the subject. The JC implements a misbehavior-judging method to facilitate the dynamic validation of the ACCs by receiving misbehavior reports from the ACCs, judging the misbehavior and returning the corresponding penalty. The RC registers the information of the access control and misbehavior-judging methods as well as their smart contracts, and also provides functions (e.g., register, update and delete) to manage these methods. To demonstrate the application of the framework, we provide a case study in an IoT system with one desktop computer, one laptop and two Raspberry Pi single-board computers, where the ACCs, JC and RC are implemented based on the Ethereum smart contract platform to achieve the access control.

Xiong Li,Tian Liu,Chaoyang Chen,Qingfeng Cheng,Xiaosong Zhang,Neeraj Kumar

DOI: https://doi.org/10.1109/jiot.2022.3165576

IF: 10.6

2022-01-01

IEEE Internet of Things Journal

Abstract:As an extension of cloud computing, edge computing has attracted the attention of academia and industry because of its characteristics of low latency, high bandwidth, and low energy consumption. However, due to limited terminal resources and insufficient security design, the edge computing environment still faces many challenges in terms of data security and privacy protection. Among them, how to effectively control access to outsourced data is one of the main issues. In this article, we propose a lightweight and verifiable ciphertext-policy attribute-based encryption (CP-ABE)-based multiauthority access control scheme for edge computing-assisted Internet of Things (IoT), which adopts the method of outsourcing decryption to mitigate the computational cost of data users with limited resources. In addition, our scheme realizes the feature of attribute revocation, and the design of the multiauthority mechanism enables our scheme to avoid the problem of key escrow. Therefore, our proposed scheme not only ensures data confidentiality but also can resist the collusion attack. Besides, our scheme is secure against the chosen plaintext attack in the random oracle model under the decision $q$ -BDHE assumption. Finally, we compared our scheme with some related work in performance, and the results demonstrate that our scheme is efficient in computation and communication. Because our scheme greatly mitigates the overhead of data users, it is very suitable for edge computing supported IoT applications with restricted computation resources.

Wenxin Lei,Zhibo Pang,Hong Wen,Wenjing Hou,Xiaoling Zhang

DOI: https://doi.org/10.1109/icps58381.2023.10127999

2023-01-01

Abstract:Motivated by the rapid advancement of industrial cyber-physical systems (ICPS) and rising voices in favor of zero trust (ZT) security, in this paper, we present an edge-enabled zero trust architecture (ZTA) for ICPS. ZT is thought to be relevant to ICPS with the spatial and temporal granularity in the suggested architecture. In addition to continuous authentication and a dynamic access-control mechanism at the temporal granularity, we recommend edge segmentation at the spatial granularity with microservices as the division units. Finally, we conduct a security assessment of the proposed architecture in the presence of threats faced by ICPS. Overall, our analysis shows that the proposed ZTA helps to promote the security of ICPS.

Hang Li,Keping Yu,Bin Liu,Chaosheng Feng,Zhiguang Qin,Gautam Srivastava

DOI: https://doi.org/10.1109/jbhi.2021.3075995

IF: 7.7

2021-01-01

IEEE Journal of Biomedical and Health Informatics

Abstract:The Internet of Health Things (IoHT) is a medical concept that describes uniquely identifiable devices connected to the Internet that can communicate with each other. As one of the most important components of smart health monitoring and improvement systems, the IoHT presents numerous challenges, among which cybersecurity is a priority. As a well-received security solution to achieve fine-grained access control, ciphertext-policy weighted attribute-based encryption (CP-WABE) has the potential to ensure data security in the IoHT. However, many issues remain, such as inflexibility, poor computational capability, and insufficient storage efficiency in attributes comparison. To address these issues, we propose a novel access policy expression method using 0-1 coding technology. Based on this method, a flexible and efficient CP-WABE is constructed for the IoHT. Our scheme supports not only weighted attributes but also any form of comparison of weighted attributes. Furthermore, we use offline/online encryption and outsourced decryption technology to ensure that the scheme can run on an inefficient IoT terminal. Both theoretical and experimental analyses show that our scheme is more efficient and feasible than other schemes. Moreover, security analysis indicates that our scheme achieves security against a chosen-plaintext attack.

computer science, interdisciplinary applications,mathematical & computational biology,medical informatics, information systems

Yue Sun,Qiang Li,Bo Zhou,Wei Chen,Xiaotian Xu,Gangjun Gong

DOI: https://doi.org/10.1088/1742-6596/1639/1/012085

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract Performing an in-depth study on the Power Internet of Things (IoT), it is known that the distribution network faces higher security risks due to a large number of terminals, various types of equipment, and the flexible access of each device to the distribution network structure and dynamic boundary. Therefore, it is urgent to make significant research on the security control mechanism for the power distribution Internet of Things, to realize the safe access of IoT devices in the Power IoT. Firstly, this paper analyses the shortage of power system security under the background of the IoT. Secondly, trusted computing technology is represented by the TrustZone and is deeply studied, and the feasibility of its application for the security of power distribution IoT is analyzed. Furthermore, the TrustZone-based security management and control architecture for power distribution novel IoT equipment is proposed, and its integrity measurement and trusted network connection process are analyzed. Finally, the security of this architecture is analyzed briefly.

Qinghua Gong,Jinnan Zhang,Zheng Wei,Xinmin Wang,Xia Zhang,Xin Yan,Yang Liu,Liming Dong

DOI: https://doi.org/10.3390/s24072267

IF: 3.9

2024-04-03

Sensors

Abstract:With the rapid growth of the Internet of Things (IoT), massive terminal devices are connected to the network, generating a large amount of IoT data. The reliable sharing of IoT data is crucial for fields such as smart home and healthcare, as it promotes the intelligence of the IoT and provides faster problem solutions. Traditional data sharing schemes usually rely on a trusted centralized server to achieve each attempted access from users to data, which faces serious challenges of a single point of failure, low reliability, and an opaque access process in current IoT environments. To address these disadvantages, we propose a secure and dynamic access control scheme for the IoT, named SDACS, which enables data owners to achieve decentralized and fine-grained access control in an auditable and reliable way. For access control, attribute-based control (ABAC), Hyperledger Fabric, and interplanetary file system (IPFS) were used, with four kinds of access control contracts deployed on blockchain to coordinate and implement access policies. Additionally, a lightweight, certificateless authentication protocol was proposed to minimize the disclosure of identity information and ensure the double-layer protection of data through secure off-chain identity authentication and message transmission. The experimental and theoretical analysis demonstrated that our scheme can maintain high throughput while achieving high security and stability in IoT data security sharing scenarios.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Wenxin Lei,Zhibo Pang,Hong Wen,Wenjing Hou,Wen Li

DOI: https://doi.org/10.1109/tii.2023.3321106

IF: 12.3

2024-01-01

IEEE Transactions on Industrial Informatics

Abstract:As security issues facing the industrial Internet of Things (IIoT) continue to emerge, industrial organizations are working to further improve the security system. Zero trust (ZT) is seen as the future of industrial security, with a rising voice, but currently, no concrete implementation technique is available. In this article, we start with the requirements of ZT security and attempt to design a ZT technical framework applicable to wireless IIoT. Specifically, a three-step ZT security framework is proposed that builds on the benefits of physical-layer security to enhance ZT in IIoT. Security zone formation is done first, which then facilitates a trusted environment for subsequent device authentication and cryptographic negotiation. By integrating physical-layer security, several promising techniques, including artificial noise, physical fingerprint, and key distribution, are well designed to accomplish the proposed framework. Our analysis reveals that the proposed framework and the designed particular implementation techniques are feasible to enhance ZT security in wireless IIoT.

Mengru Tsai,Shanhsin Lee,Shiuhpyng Winston Shieh

DOI: https://doi.org/10.1109/tr.2023.3345665

IF: 5.883

2024-03-09

IEEE Transactions on Reliability

Abstract:In recent years, due to the impact of the COVID-19 pandemic, enterprises have been forced to adapt their operation patterns to ensure resilience, transitioning from traditional office-based work to remote work from home. However, this sudden and unforeseen change has made enterprises unprepared, resulting in a dramatic increase in cybersecurity threats. The most significant challenge arises from the adjustment from working in previously trusted areas to that beyond the boundaries of protection. While employees used to work within the company's defense perimeter, malicious attacks were blocked and detected by boundary security gateways. Shifting to remote work moves employees out of the protective environment, thereby their devices connecting to the internal resources of a company become exploitable targets for threat actors, and weaknesses in the internal authentication, authorization, and access control mechanisms become evident. The zero trust architecture (ZTA) approach is primarily focused on resource protection. When users or services attempt to access resources, ZTA requires precise authentication, minimal authorization, and continuous verification (trust inference) to ensure legitimacy and authorization of the resource usage, eliminating any space for assumed or inherited trust. In this article, we will address the challenges in handling the threats and propose the strategies, implementation, and limitation of ZTA, aiming to shed light on its effectiveness and applicability in mitigating cybersecurity risks.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Zhen Qin,Jianfei Sun,Dajiang Chen,Hu Xiong

DOI: https://doi.org/10.1155/2017/7514867

2017-01-01

Mobile Information Systems

Abstract:Online healthcare social networks (OHSNs) play an essential role in sharing information among medical experts and patients who are equipped with similar experiences. To access other patients’ data or experts’ diagnosis anywhere and anytime, it is necessary to integrate the OHSN into the Internet as part of the Internet of Things (IoT). Therefore, it is crucial to design an efficient and versatile access control scheme that can grant and revoke a user to access the OHSN. In this paper, we propose novel attribute-based encryption (ABE) features with user revocation and verifiable decryption outsourcing to control the access privilege of the users. The security of the proposed ABE scheme is given in the well-studied random oracle model. With the proposed ABE scheme, the malicious users can be excluded from the system and the user can offload most of the overhead in the decryption to an untrusted cloud server in a verifiable manner. An access control scheme for the OHSN has been given in the context of the IoT based on the proposed ABE scheme. The simulation demonstrates that our access control mechanism is practical.

Jianfei Sun,Hu Xiong,Ximeng Liu,Yinghui Zhang,Xuyun Nie,Robert H. Deng

DOI: https://doi.org/10.1109/JIOT.2020.2974257

IF: 10.6

2020-01-01

IEEE Internet of Things Journal

Abstract:With the booming of Internet of Things (IoT), smart health (s-health) is becoming an emerging and attractive paradigm. It can provide an accurate prediction of various diseases and improve the quality of healthcare. Nevertheless, data security and user privacy concerns still remain issues to be addressed. As a high potential and prospective solution to secure IoT-oriented s-health applications, ciphertext policy attribute-based encryption (CP-ABE) schemes raise challenges, such as heavy overhead and attribute privacy of the end users. To resolve these drawbacks, an optimized vector transformation approach is first proposed to efficiently transform the access policy and user attribute set into respective vectors of shorter length while other approaches result in redundant and longer vectors. Our transformation approach can greatly relieve the costly overheard of key generation, encryption, and decryption phases. Then, based on the transformation approach and the offline/online computation technology, we propose a lightweight policy-hiding CP-ABE scheme for the IoT-oriented s-health application. With our proposed scheme, data users in the s-health system can perform lightweight encryption and decryption without leaking any sensitive privacy about the attributes of the user. Finally, the formal security analysis, the theoretic performance evaluation and experiment results indicate that the solution is secure and efficient.

Dongfeng Fang,Yi Qian,Rose Qingyang Hu

DOI: https://doi.org/10.1109/jiot.2020.2970974

IF: 10.6

2020-04-01

IEEE Internet of Things Journal

Abstract:Internet-of-Things (IoT) applications have been rapidly deployed into pervasive environment, where both challenges and opportunities abound. On the one hand, a large number of IoT devices and their rich functions contribute significant volumes of data, which has brought tremendous convenience to the daily lives of end users. On the other hand, the heterogeneous IoT devices and a large amount of private information transmitted through networks also bring serious security and privacy issues. It is a big challenge to model IoT systems and trust relationships between different entities with a large number of heterogeneous IoT devices. In this article, we study a general IoT system architecture with consideration of heterogeneous IoT devices. Different trust models are proposed and analyzed based on the trust relationships between different entities in the IoT system. We propose a flexible and efficient authentication scheme with a consideration of heterogeneous IoT devices based on the least trust-required model. The proposed scheme provides security and privacy to resource-limited IoT devices flexibly and efficiently by utilizing IoT devices with better storage and computational ability. Moreover, secure data transmission is presented with contextual privacy and data integrity services. The proposed scheme achieves not only the mutual authentication, initial session key agreement, and data integrity but also anonymity, contextual privacy, forward security, end-to-end security, and key escrow resilience. Security analysis is presented to provide verification of the proposed protocol and security objectives. Moreover, performance evaluation is presented with comparison to the other schemes in terms of security features, computational overhead, and communication overhead. The performance comparisons show that our proposed scheme provides flexible and efficient security by consideration of heterogeneous IoT devices. With the higher proportion of resource-limited IoT devic-s, our proposed scheme outperforms other similar schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Saiyu Qi,Youshui Lu,Wei Wei,Xiaofeng Chen

DOI: https://doi.org/10.1109/jiot.2020.3020979

IF: 10.6

2021-02-15

IEEE Internet of Things Journal

Abstract:The Industrial Internet of Things (IIoT) has provided a promising opportunity to build digitalized industrial systems. A fundamental technology of IIoT is the radio-frequency identification (RFID) technique, which allows industrial participants to identify items and anchor time-series IoT data for them. They can further share the IoT data through the cloud service to enable information exchange and support critical decisions in production operations. Storing IoT data in the cloud, however, requires a data access control mechanism to protect sensitive business issues. Unfortunately, using traditional cryptographic access control schemes for time-series IoT data face severe efficiency and key leakage problems. In this article, we design a secure industrial data access control scheme for cloud-assisted IIoT. Our scheme enables participants to enforce fine-grained access control policies for their IoT data via ciphertext policy-attribute-based encryption (CP-ABE) scheme. Our scheme adopts a hybrid cloud infrastructure for participants to outsource expensive CP-ABE tasks to the cloud service with strong privacy guarantees. Importantly, our scheme guarantees a new privacy notion named item-level data protection for IoT data to prevent key leakage problem. We achieve these goals via several encryption and optimization techniques. Our performance assessments combine system implementation with large-scale emulations and confirm the security and efficiency of our design.

computer science, information systems,telecommunications,engineering, electrical & electronic

Zehui Zhang,Futai Zou,Jianan Hong,Libo Chen,Ping Yi

DOI: https://doi.org/10.1109/jiot.2024.3400858

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:At present, there is less research on the detection of broken access control vulnerabilities in the Internet of Things (IoT) systems, mostly using state machines to analyse abnormal state transitions and no systematic tools have been developed. The main challenges include the inaccessibility of communication messages, a lack of effective detection for broken access control vulnerabilities, and excessive manual involvement. Moreover, due to the existence of encryption, signatures, and other fields, it is challenging to directly port the Web-based detection tools to IoT. In response to these challenges, we propose a framework for detecting broken access control vulnerabilities based on the interaction between the applications and cloud platforms. The framework employs man-in-the-middle techniques to obtain communication messages between the two entities, enabling fast and effective fuzz testing through the keyword extraction, database-guided fuzzing, and response-based detection algorithms. In addition, a combination of dynamic and static reverse analysis techniques are used to overcome anti-tampering measures, such as encryption and signatures. Following the detection framework, we implemented the semi-automated broken access control detector (BACDetector) system and tested it on six applications from four manufacturers. BACDetector discovered nine broken access control vulnerabilities, including risks of device hijacking and privacy leakage. This validated its effectiveness in detecting vulnerabilities in IoT.

Yunpeng Zhang,Xuqing Wu

DOI: https://doi.org/10.48550/arXiv.1610.01065

2016-10-05

Abstract:Cheating is a real problem in the Internet of Things. The fundamental question that needs to be answered is how we can trust the validity of the data being generated in the first place. The problem, however, isn't inherent in whether or not to embrace the idea of an open platform and open-source software, but to establish a methodology to verify the trustworthiness and control any access. This paper focuses on building an access control model and system based on trust computing. This is a new field of access control techniques which includes Access Control, Trust Computing, Internet of Things, network attacks, and cheating technologies. Nevertheless, the target access control systems can be very complex to manage. This paper presents an overview of the existing work on trust computing, access control models and systems in IoT. It not only summarizes the latest research progress, but also provides an understanding of the limitations and open issues of the existing work. It is expected to provide useful guidelines for future research.

Cryptography and Security,Networking and Internet Architecture,Systems and Control