Abstract
Handling the process of authentication for the hundred million of computer embedded devices in Internet of Things (IoT) is not achievable without considering inherent IoT characteristics like scalability, heterogeneity, dependency and dynamism. In one hand, traditional and emerging access control models cannot handle indeterminate data access scenarios in IoT by applying deterministic access policies. On the other hand, moving towards resilient access control paradigms needs new attitudes and current manual risk analysis methods that rely on vulnerability calculations do not fit in IoT. This holds true as considering vulnerability as the key player in risk assessment is no longer efficient way to tackle with indeterminate access scenarios due to complicated dependency and scalability of IoT environment. Moreover, most of the IoT devices are not patchable so by discovering new vulnerabilities the vulnerable devices need to be replaced. Therefore, IoT needs agile, resilient and automatic authentication process. This work suggests a novel authentication method based on our previous work in which uncertainty was introduced as one of the neglected challenges in IoT. Uncertainty in authentication derived from incomplete information about incident happening upon authenticating an entity. Part of IoT characteristics makes such an uncertainty worse. Therefore, we have proposed an uncertainty-aware authentication model based on Attribute-Based Access Control (ABAC). Our prediction model is able to consider the uncertainty factor of mobile entities as well as fixed ones in authentication. In doing so, we have built our prediction model using boosting classifiers (AdaBoost and Gradient Boosting algorithms) besides voting classifier. We have compared the results with our previous work. Our designated model (AdaBoost) can achieve authentication performance with 86.54% accuracy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Zhou, W., Jia, Y., Peng, A., Zhang, Y., Liu, P.: The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet Things J. 6(2), 1606–1616 (2018)
Bertino, E., Choo, K.-K.R., Georgakopolous, D., Nepal, S.: Internet of Things (IoT): smart and secure service delivery. ACM Trans. Internet Technol. 16(4), 22–29 (2016)
Restuccia, F., D’Oro, S., Melodia, T.: Securing the Internet of Things in the age of machine learning and software-defined networking. IEEE Internet Things 5(6), 4829–4842 (2018)
Zhang, C., Green, R.: Communication security in Internet of Thing: preventive measure and avoid DDoS attack over IoT network. In: IEEE Symposium on Communications & Networking (2015)
Stallings, W.: Access control. In: Computer Security, Principles and Practice. Pearson (2017)
Ouaddah, A., Mousannif, H., Abou, A., Abdellah, E.: Access control in the Internet of Things: big challenges and new opportunities. Comput. Netw. 112, 237–262 (2017)
Heydari, M., Mylonas, A., Katos, V., Gritzalis, D.: Towards indeterminacy-tolerant access control in IoT. In: Dehghantanha, A., Choo, K.-K.R. (eds.) Handbook of Big Data and IoT Security, pp. 53–71. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-10543-3_4
Rizvi, S.Z.R., Fong, P.W.L.: Interoperability of relationship - and role-based access model. In: Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (2016)
Kaiwen, S., Lihua, Y.: Attribute-role-based hybrid access control in the Internet of Things. In: Han, W., Huang, Z., Hu, C., Zhang, H., Guo, L. (eds.) APWeb 2014. LNCS, vol. 8710, pp. 333–343. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11119-3_31
Biswas, P., Sandhu, R., Krishnan, R.: Attribute transformation for attribute-based access control. In: Proceedings of the 2nd ACM International Workshop on Attribute-Based Access Control (2017)
Savinov, S.: A dynamic risk-based access control approach: model and implementation. Ph.D. thesis, University of Waterloo (2017)
Salim, F.: Approaches to access control under uncertainty. Ph.D. thesis, Queensland University of Technology (2012)
Ferreira, A., Cruz-Correia, R., Antunes, L.: How to break access control in a controlled manner. In: 19th IEEE International Symposium on Computer-Based Medical Systems (2006)
Maw, H.A., Xiao, H., Christianson, B., Malcolm, J.A.: BTG-AC: break-the-glass access control model for medical data in wireless sensor networks. IEEE J. Biomed. Health Inform. 20(3), 763–774 (2016)
Schefer-Wenzl, S., Strembeck, M.: Generic support for RBAC break-glass policies in process-aware information systems. In: 28th Annual ACM Symposium on Applied Computing (2013)
Povey, D.: Optimistic security: a new access control paradigm. In: ACM Workshop on New Security Paradigms (1999)
Molloy, I., Dickens, L., Morisset, C., Cheng, P.C., Lobo, J., Russo, A.: Risk-based security decisions under uncertainty. In: Proceedings of the Second ACM Conference on Data and Application Security and Privacy (2012)
Bijon, K.Z., Krishnan, R., Sandhu, R.: Risk-aware RBAC sessions. In: Venkatakrishnan, V., Goswami, D. (eds.) ICISS 2012. LNCS, vol. 7671, pp. 59–74. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35130-3_5
Baracaldo, N., Joshi, J.: A trust-and-risk aware RBAC framework: tackling insider threat. In: ACM Proceedings of the 17th Symposium on Access Control (2012)
Baracaldo, N., Joshi, J.: An adaptive risk management and access control framework to mitigate insider threats. J. Comput. Secur. 39, 237–254 (2013)
Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K.: Using trust and risk in role-based access control policies. In: ACM Symposium on Access Control Models and Technologies (SACMAT) (2014)
Bacon, J., Moody, K., Yao, W.: A model of OASIS role-based access control and its support for active security. ACM Trans. Inf. Syst. Secur. 5(4), 492–540 (2002)
Atlam, H.F., Alenezi, A., Walters, R.J., Wills, G.B., Daniel, J.: Developing an adaptive risk-based access control model for the Internet of Things. In: IEEE International Conference on Internet of Things (2017)
Nogoorani, S.D., Jalili, R.: TIRIAC: a trust-driven risk-aware access control framework for grid environments. Future Gener. Comput. Syst. 55, 238–254 (2016)
Nurse, J.R.C., Creese, S., De Roure, D.: Security risk assessment in Internet of Things systems. IT Prof. 19(5), 20–26 (2017)
Ghorbani, H.R., Ahmadzadegan, M.H.: Security challenges in Internet of Things: survey. In: IEEE Conference on Wireless Sensors (ICWiSe) (2017)
Frustaci, M., Pace, P., Aloi, G., Fortino, G.: Evaluating critical security issues of the IoT world: present and future challenges. IEEE Internet Things J. 5(4), 2327–4662 (2017)
Heydari, M., Mylonas, A., Katos, V., Balaguer-Ballester, E., Tafreshi, V.H.F., Benkhelifa, E.: Uncertainty-aware authentication model for fog computing in IoT. In: The Fourth IEEE International Conference on Fog and Mobile Edge Computing, Rome, Italy (2019)
Gallagher, P.D.: NISP SP800-30 guide for conducting risk assesment. In: NIST (2012)
Moses, T.: Extensible access control markup language (XACML). In: OASIS (2013)
User-Computer Authentication Associations in Time. Los Alamos National Laboratory. https://csr.lanl.gov/data/auth/. Accessed 13 Feb 2019
Lohweg, V.: Banknote authentication data set. Center for machine learning and intelligent systems, University of California. https://archive.ics.uci.edu/ml/datasets/banknote+authentication. Accessed 13 Feb 2019
Premarathne, U.S., Khalil, I., Atiquzzaman, M.: Location-dependent disclosure risk based decision support framework for persistent authentication in pervasive computing applications. Comput. Netw. 88, 161–177 (2015)
Marcus, P., Linnhoff-Popien, C.: Efficient evaluation of location predicates for access control systems. In: IEEE Sixth UKSim/AMSS European Symposium on Computer Modeling and Simulation (2012)
Chandrasekaran, G., Wang, N., Hassanpour, M., Xu, M., Tafazolli, R.: Mobility as a service (MaaS): a D2D-based information centric network architecture for edge-controlled content distribution. IEEE Access 6, 2110–2129 (2018)
Ekman, F., Keranen, A., Karvo, J., Ott, J.: Working day movement model. In: ACM Proceedings of the 1st ACM SIGMOBILE Workshop on Mobility Models (2008)
Keränen, A., Ott, J., Kärkkäinen, T.: The ONE simulator for DTN protocol evaluation. In: ACM Proceedings of the 2nd International Conference on Simulation Tools and Techniques (2009)
Aggarwal, C.C.: An introduction to data mining. Data Mining, pp. 1–26. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14142-8_1
Hu, W., Hu, W., Maybank, S.: AdaBoost-based algorithm for network intrusion detection. IEEE Trans. Syst. Man Cybern. Part B (Cybern.) 28(2), 577–583 (2008)
Punmiya, R., Choe, S.: Energy theft detection using gradient boosting theft detector with feature engineering-based preprocessing. IEEE Trans. Smart Grid 10(2), 2326–2329 (2019)
Raschka, S., Mirjalili, V.: Combining different models for ensemble learning. In: Python Machine Learning. Packt Publishing, pp. 219–233 (2017)
Ian, H., Frank, E., Hall, M.A., Pal, C.J.: Data mining: practical machine learning tools and techniques. Morgan Kaufmann Series in Data Management Systems (2016)
Fawcett, T.: An introduction to ROC analysis. Pattern Recogn. Lett. 27(8), 861–874 (2006)
Davis, J., Goadrich, M.: The relationship between precision-recall and ROC curves. In: Proceedings of the 23rd International Conference on Machine Learning, ICML 2006 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Heydari, M., Mylonas, A., Katos, V., Balaguer-Ballester, E., Altaf, A., Tafreshi, V.H.F. (2020). Uncertainty-Aware Authentication Model for IoT. In: Katsikas, S., et al. Computer Security. CyberICPS SECPRE SPOSE ADIoT 2019 2019 2019 2019. Lecture Notes in Computer Science(), vol 11980. Springer, Cham. https://doi.org/10.1007/978-3-030-42048-2_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-42048-2_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42047-5
Online ISBN: 978-3-030-42048-2
eBook Packages: Computer ScienceComputer Science (R0)