Förderjahr 2020 / Stipendien Call #15 / ProjektID: 5294 / Projekt: Trustworthy Context-Aware Access Control in IoT Environments based on the Fog Computing Paradigm
Access Control is a well-researched area of Network Security and applied for decades in mainframe and Cloud computing. Therefore, traditional Access Control solutions are designed and developed around a single Access Control Domain and multiple clients (third-party server, applications) that are authenticated and authorized within Access Control Gateway (ACG) - Authentication/Authorization Server.
However, IoT systems are widely distributed, having the most information producers and consumers (sensors and actuators) in the networks' edge. Thus, traditional Access Control mechanisms need to be rethought to comply with the IoT networks and architecture.
IoT Access Control requirements
Requirements for building IoT Access Control systems are discussed in . Thereby, identified critical environments aim to distribute Access Control so that users can control their data through trustworthy, decentralized security policies enforcement. Moreover, non-functional requirements such as scalability, fine-granularity, reliability, fine-granularity have also been emphasized by authors. In its remainder, this blog analyses the Access Control distribution and modeling requirements.
Access Control Distribution
Distributing Access Control has gained significant attention in the previous years, allowing leveraging security policies management to the external third-party services. Distribution is mainly represented through Single Sign-On (SSO) and Federated Identity Management (FIM) principles and protocols: OAuth2, Kerberos, Shibboleth, etc. Having the goal of creating trustworthy connections between multiple ACGs, distribution relies on standardized approaches for trust management (encryption keys, digital certificates) and embodies them into secured session tokens, e.g., JWT and SAML.
However, SSO and FIM standards are currently mainly applied in Cloud environments, where connectivity, availability, and reliability are ensured through redundancy. Since this is not guaranteed in IoT networks, enlisted approaches require additional alignments to be applied on resource-constrained, highly distributed IoT devices.
Access Control Schemas for IoT
IoT systems require fine-grained and self-configuring access control mechanisms that adjust according to the dynamicity of the IoT environments' context. Thus, modeling security policies has to suit these requirements concerning its management and ability to bind multiple sources (users' and IoT environments' data) into the authorization process.
Firstly, policy management follows two approaches: Mandatory Access Control (MAC) and Discretionary Access Control (DAC). MAC model restricts policy management exclusively to a group or individual with authority to manage the domain's access rights. Thus, MAC is widely used in high-risk systems, e.g., military and government. In contrast, DAC enables the owner complete policy management for a resource. Due to its distributed nature and minimization of centralized access rights management, various systems utilize DAC, e.g., social networks, UNIX file systems. Thus, DAC is a better fit for IoT systems' distributed nature.
Secondly, integrating various information into security policies is represented through multiple models. Traditional Role-Based Access Control (RBAC) and Identity-Based Access Control (IBAC) represent simple ways to build security policies using user information. While these models satisfy the needs of numerous systems, they fail at providing fine-granularity and integration of IoT environment information into security policies. Thus, novel Access Control models have been proposed, such as Attribute-Based Access Control (ABAC) and Capability-Based Access Control (CAPBAC). Both novel models allow building security policies based on generic information - attributes and capabilities, hence support building fine-granular, multi-source security policies. What differentiates these models is the simplicity of distributing access control. ABAC is somewhat centralized since the complete access rights validation occurs once resource access is requested, while CAPBAC pre-computes access rights (capabilities) using user and IoT environments information. Thus, CAPBAC is a better candidate for further access control distribution.
 A. Ouaddah, H. Mousannif, A. A. Elkalam, and A. A. Ouahman. "Access control in the Internet of Things: Big challenges and new opportunities". In: Computer Networks 112 (Jan. 2017), pp. 237–262. issn: 1389-1286.