Authentication and Authorization for Interoperable IoT Architectures
Advances in technology have enabled the creation of “smart” Things, fostering the vision of the Internet of Things (IoT). Smart Things have connection capabilities, they support Internet protocols and they even come with operating systems and Application Programming Interfaces. The pursuit for a protocol stack that will support the IoT has resulted, so far, in an ecosystem of heterogeneous and non-compatible solutions that satisfy the requirements of particular vertical sectors (“silos”). For this reason, several research initiatives, driven by both academia and industry, investigate the potential of an interoperable IoT architecture, i.e., an architecture that will provide a common and horizontal communication abstraction, which will act as interconnection layer among all prominent IoT protocols and systems. Securing such an architecture, which includes many stakeholders with diverse interests and security requirements, is not a trivial task. In this paper, we present an authentication and authorization solution that facilitates the interoperability of existing IoT systems. This solution achieves endpoint authentication, encryption key establishment, and enables third parties to define fine-grained, domain-specific access control policies. Things store minimal information, perform only ultra-lightweight computations, and are oblivious about the business logic and processes involved in the authentication and authorization procedures. Furthermore, the proposed solution preserves end-user privacy and can be easily incorporated into existing systems.
This work was funded through INTER-IoT Collaboration Agreement #52 (ACHILLES), which is administered through AUEB-RC. INTER-IoT has received funding from the EC through programme H2020. The paper presents the views of the authors and not necessarily those of the EC or the INTER-IoT consortium.
- 1.Anti-Rivalry definition. https://wiki.p2pfoundation.net/Anti-Rivalry. Accessed 8 July 2018
- 2.Authentication plugin for Mosquitto with multiple back-ends. https://github.com/jpmens/mosquitto-auth-plug. Accessed 8 July 2018
- 3.Eclipse Keti. https://projects.eclipse.org/proposals/eclipse-keti. Accessed 8 July 2018
- 4.INTER-IoT project home page. http://www.inter-iot-project.eu. Accessed 8 July 2018
- 5.Blazquez, A., Tsiatsis, V., Vandikas, K.: Performance evaluation of openID connect for an IoT information marketplace. In: 2015 IEEE 81st Vehicular Technology Conference (VTC Spring), pp. 1–6 (2015)Google Scholar
- 7.Eronen, P., Tschofenig, H.: Pre-shared key ciphersuites for transport layer security (TLS). RFC 4729, IETF (2005)Google Scholar
- 9.Fotiou, N., Kotsonis, T., Marias, G.F., Polyzos, G.C.: Access control for the Internet of Things. In: 2016 ESORICS International Workshop on Secure Internet of Things (SIoT), pp. 29–38 (2016)Google Scholar
- 10.Gusmeroli, S., Piccione, S., Rotondi, D.: A capability-based security approach to manage access control in the Internet of Things. Math. Comput. Model. 58(5), 1189–1205 (2013). The Measurement of Undesirable Outputs: Models Development and Empirical Analyses and Advances in mobile, ubiquitous and cognitive computingCrossRefGoogle Scholar
- 11.Hardt, D. (ed.): The OAuth 2.0 Authorization Framework. RFC 6749, IETF (2012)Google Scholar
- 12.Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, DIM 2006, New York, NY, USA, pp. 11–16 (2006)Google Scholar
- 13.Rescorla, E., Modadugu, N.: Datagram transport layer security version 1.2. RFC 6347, IETF (2012)Google Scholar
- 14.Seitz, L., Selander, G., Gehrmann, C.: Authorization framework for the Internet-of-Things. In: 2013 IEEE 14th International Symposium and Workshops on a Mobile and Multimedia Networks (WoWMoM), World of Wireless, pp. 1–6. IEEE Computer Society, Los Alamitos (2013)Google Scholar
- 15.Shelby, Z., Hartke, K., Bormann, C.: The Constrained Application Protocol (CoAP). RFC 7252, IETF (2014)Google Scholar