Abstract
We are marching towards the ubiquitous network era in which communication networks and networked devices are integral and pervasive. In this omnipresent computing and communication world, things like a fridge, a car and even a cup of tea is also connected to the network. New technologies like Radio Frequency Identification (RFID) and advancement in smart computing devices realizes the world of fully connected devices to provide the appropriate contents and services on the fly. Convergence of different wireless technologies results into wireless network of heterogeneous devices with self-configuring capability and is termed as Internet of Things (IoT). The vision of IoT is to connect every object with computing, communication and sensing ability to the Internet. IoT contains varied range of devices from RFID tags, sensor nodes to the even shoes. Thus, IoT enable nomadic collaboration and communication between users and devices, between devices themselves and devices to services. Due to rapid technological advancements in the wireless communications, information coming from uncountable applications and services converged on user devices, communication infrastructure and the Internet are integral part of today‟s networked user. In IoT, communication and information overload is magnified due to objects, smart devices, services, and sensors.
In such a world, the greater scale and scope of IoT increases the options in which a user can interact with the things in his/her physical and virtual environment. This broader scope of interactions enhances the need to extend current Identity Management (IdM) models to include how users interact with devices as well as devices interact with other devices. Users interact with their devices and consume services in IoT through verified identity. In IoT, this concept of identity extends to devices/things. Compared to today‟s world, where interactions with devices and services are restricted by ownership and subscription, IoT users are able to discover and use devices that are public, add things temporarily to their personal space, share their devices with others, devices that are public can be part of the personal space of multiple users at the same time. Secure interaction in and with IoT, secure data management and exchange, authentication, distributed access control and IdM of the devices are the main challenges.
The work carried out in the scope of this thesis addresses important areas of IdM by identifying unsolved problems and proposing novel techniques to solve these problems. The goal is to propose methods for efficient and effective IdM in order to achieve authentication, access control and trust management of the things or devices in IoT. The goal is also to propose threat analysis and attack modelling in IoT and propose mitigation techniques which are lightweight and attack resistant for distributed nature of IoT.
A novel decision theory-based device classification is proposed in first part of the thesis for the context management. This contextual information is used for the identity mapping, binding and access control solution. Proof of concept as well as the efficient framework for context management is also proposed in this part of the thesis. This part of the thesis also presents the design of new identifier format for nomadic devices in IoT and novel context-aware clustering with hierarchical addressing.
The second part of the thesis considers the trust management issues in IoT. The trust and the trust management plays important role in ubiquitous interaction between devices or things where identities are not known in advance. In IoT, the trust is dependent on multiple variable parameters and there is a need of special focus on this front. This part of the thesis explains the relationship between the trust and access control and presents fuzzy approach for the trust score
calculation. Novel framework for the trust-based access control is also presented in this part of the thesis.
In the third part of the thesis, novel approach is presented for mutual authentication and access control. The major challenge in the IdM for IoT devices is to design scalable and attack resistant solution for mutual authentication. Threat analysis and attack modelling in distributed IoT is most importance and this part the thesis explains detail analysis of the threats. Elliptical Curve
Cryptography (ECC)-based identity establishment and capability- based access control scheme is proposed and the verification of protocol by security protocol verification tool is also presented in this part of the thesis.
The last part of the thesis is focused on the access control problems in IoT and solution. The concept of capabilities for access control is introduced and identity-driven capability- based access control is presented in this part of the thesis. Implementation modules and details are given and the results obtained are compared with the existing solutions. Results show an increase
in the access time of the devices. Security analysis of this capability-based access control is also discussed in this part of the thesis.
The outcomes of this PhD thesis are the proposals for:
1. Decision theory-based device classification for context management.
2. Identifier format, identification and context-aware clustering with hierarchical addressing for IdM.
3. Fuzzy approach for trust score calculation and trust-based access control.
4. Novel and efficient protocol for mutual authentication and access control
5. New concept of capability for access control in IoT contecxt.
6. Identity-driven capability-based access control scheme.
In summary, this thesis addresses important issues of IdM including mutual authentication, context management based on the device classification, trust management and capability-based access control. The frameworks, methods and techniques proposed in this thesis are, for the most part, applicable to IoT networks and ubiquitous computing.
In such a world, the greater scale and scope of IoT increases the options in which a user can interact with the things in his/her physical and virtual environment. This broader scope of interactions enhances the need to extend current Identity Management (IdM) models to include how users interact with devices as well as devices interact with other devices. Users interact with their devices and consume services in IoT through verified identity. In IoT, this concept of identity extends to devices/things. Compared to today‟s world, where interactions with devices and services are restricted by ownership and subscription, IoT users are able to discover and use devices that are public, add things temporarily to their personal space, share their devices with others, devices that are public can be part of the personal space of multiple users at the same time. Secure interaction in and with IoT, secure data management and exchange, authentication, distributed access control and IdM of the devices are the main challenges.
The work carried out in the scope of this thesis addresses important areas of IdM by identifying unsolved problems and proposing novel techniques to solve these problems. The goal is to propose methods for efficient and effective IdM in order to achieve authentication, access control and trust management of the things or devices in IoT. The goal is also to propose threat analysis and attack modelling in IoT and propose mitigation techniques which are lightweight and attack resistant for distributed nature of IoT.
A novel decision theory-based device classification is proposed in first part of the thesis for the context management. This contextual information is used for the identity mapping, binding and access control solution. Proof of concept as well as the efficient framework for context management is also proposed in this part of the thesis. This part of the thesis also presents the design of new identifier format for nomadic devices in IoT and novel context-aware clustering with hierarchical addressing.
The second part of the thesis considers the trust management issues in IoT. The trust and the trust management plays important role in ubiquitous interaction between devices or things where identities are not known in advance. In IoT, the trust is dependent on multiple variable parameters and there is a need of special focus on this front. This part of the thesis explains the relationship between the trust and access control and presents fuzzy approach for the trust score
calculation. Novel framework for the trust-based access control is also presented in this part of the thesis.
In the third part of the thesis, novel approach is presented for mutual authentication and access control. The major challenge in the IdM for IoT devices is to design scalable and attack resistant solution for mutual authentication. Threat analysis and attack modelling in distributed IoT is most importance and this part the thesis explains detail analysis of the threats. Elliptical Curve
Cryptography (ECC)-based identity establishment and capability- based access control scheme is proposed and the verification of protocol by security protocol verification tool is also presented in this part of the thesis.
The last part of the thesis is focused on the access control problems in IoT and solution. The concept of capabilities for access control is introduced and identity-driven capability- based access control is presented in this part of the thesis. Implementation modules and details are given and the results obtained are compared with the existing solutions. Results show an increase
in the access time of the devices. Security analysis of this capability-based access control is also discussed in this part of the thesis.
The outcomes of this PhD thesis are the proposals for:
1. Decision theory-based device classification for context management.
2. Identifier format, identification and context-aware clustering with hierarchical addressing for IdM.
3. Fuzzy approach for trust score calculation and trust-based access control.
4. Novel and efficient protocol for mutual authentication and access control
5. New concept of capability for access control in IoT contecxt.
6. Identity-driven capability-based access control scheme.
In summary, this thesis addresses important issues of IdM including mutual authentication, context management based on the device classification, trust management and capability-based access control. The frameworks, methods and techniques proposed in this thesis are, for the most part, applicable to IoT networks and ubiquitous computing.
| Original language | English |
|---|---|
| Publisher | |
| Print ISBNs | 978-87-7152.031-6 |
| Publication status | Published - 2014 |