Access Control in IoT/M2M - Cloud Platform

Bayu Anggorojati

Research output: Book/ReportPh.D. thesisResearch

1931 Downloads (Pure)

Abstract

Billions of devices are connected to the Internet nowadays, and the number
will continue to grow in the future thanks to the advances in the electronics
and telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity and
quality of life. This paradigm, which is often called Internet of Things (IoT)
or Machine-to-Machine (M2M), will provide an unprecedented opportunity to
create applications and services that go far beyond the mere purpose of each
participant.
Many studies on the both technical and social aspects of IoT have shown
that the concern about the security and privacy play a huge role for the mass
adoption of the IoT/M2M as cloud services. Among the important topics
within the security and privacy, the access control is an important mechanism,
which essentially manages how the important assets or resource of a system
can be accessed by other parties by means of a set of access policies.
For an IoT system such as Radio Frequency Identification (RFID) that collects
huge amounts of RFID events data and may store it in the cloud storage
for tracking purpose, access control to such data becomes a critical point to
the privacy of the enterprises as well as the customers. Certainly, designing
an access control to the RFID events data with high-granularity is desirable
to maintain the privacy while allowing external party to perform tracking and
tracing of RFID tags. In addition, mobility or location management also plays
a big role to perform tracking of RFID tags. Scalability and efficiency are two
important requirements in location management when big numbers of tags are
moving from one reading location to the others, i.e. being mobile. Thus, designing a fine-grained access control along with scalable location management
in RFID system is of paramount importance.
A distributed cloud platform approach for the IoT/M2M, which consists of
a set of IoT/M2M gateways, is introduced to cope with some inherent issues
of IoT network which is highly heterogeneous and distributed in nature. As aresult, access control becomes even more challenging when such approach -also called as local cloud - which may consist of devices with low computational
capacity, is used. As each of the IoT/M2M gateways may have different assets
or resources, and thus different access policies, combining different policies
and to make an access control decision in distributed manner is a very challenging task. In addition, the access control system should also fulfill other
requirements in terms of scalability, context-awareness, flexibility, and attack
resilience. These challenges lead us to come up with capability-based access
control that can be easily distributed, i.e. scalable and suitable for distributed
system, and propagated, i.e. allow flexible access delegation. On top of that,
contextual information can also be included in the capability data structure so
as to deal with dynamic context in IoT/M2M environment. However, thorough
design of capability-based access control is needed, especially to keep the access
delegation through capability propagation under control and to maintain
secure access control.
To detect and mitigate various threats, especially the insider threat, within
the IoT/M2M local cloud platform is a difficult task for the access control
system. Thus, an Intrusion Detection System (IDS) is needed as the integral
part of the access control system. We can imagine a situation where a malicious
node disguises as a good node such that it can join the local cloud, but once
it becomes part of the cloud it would cause a huge damage to the system.
For example it could manipulate access right of an actuator controlled by a
gateway, e.g. to open a gate or turning on or off some switches, stealing
some sensitive data from sensors, and so on. Keeping in mind such threat
and the fact that minimum human interaction is needed in the local cloud
environment, the IDS should be able to learn and update its knowledge based
on the interaction with the other nodes. This leads us to study, model, and
analyze the interactions between malicious node and regular node equipped
with IDS with game theory, in order to suggest the best strategies for both
sides. The study also includes a general fact that each node has a set of assets or
resources with different values. Finally, an optimum strategy for both attacker
and defender will be derived by considering their respective costs and benefits.
Original languageEnglish
PublisherDepartment of Electronic Systems, Aalborg University
Number of pages168
ISBN (Electronic)978-87-7152-064-4
Publication statusPublished - 2015

Cite this

Anggorojati, B. (2015). Access Control in IoT/M2M - Cloud Platform. Department of Electronic Systems, Aalborg University.
Anggorojati, Bayu. / Access Control in IoT/M2M - Cloud Platform. Department of Electronic Systems, Aalborg University, 2015. 168 p.
@phdthesis{1efd8a8948db4ab49e07b4806d916c62,
title = "Access Control in IoT/M2M - Cloud Platform",
abstract = "Billions of devices are connected to the Internet nowadays, and the numberwill continue to grow in the future thanks to the advances in the electronicsand telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity andquality of life. This paradigm, which is often called Internet of Things (IoT)or Machine-to-Machine (M2M), will provide an unprecedented opportunity tocreate applications and services that go far beyond the mere purpose of eachparticipant.Many studies on the both technical and social aspects of IoT have shownthat the concern about the security and privacy play a huge role for the massadoption of the IoT/M2M as cloud services. Among the important topicswithin the security and privacy, the access control is an important mechanism,which essentially manages how the important assets or resource of a systemcan be accessed by other parties by means of a set of access policies.For an IoT system such as Radio Frequency Identification (RFID) that collectshuge amounts of RFID events data and may store it in the cloud storagefor tracking purpose, access control to such data becomes a critical point tothe privacy of the enterprises as well as the customers. Certainly, designingan access control to the RFID events data with high-granularity is desirableto maintain the privacy while allowing external party to perform tracking andtracing of RFID tags. In addition, mobility or location management also playsa big role to perform tracking of RFID tags. Scalability and efficiency are twoimportant requirements in location management when big numbers of tags aremoving from one reading location to the others, i.e. being mobile. Thus, designing a fine-grained access control along with scalable location managementin RFID system is of paramount importance.A distributed cloud platform approach for the IoT/M2M, which consists ofa set of IoT/M2M gateways, is introduced to cope with some inherent issuesof IoT network which is highly heterogeneous and distributed in nature. As aresult, access control becomes even more challenging when such approach -also called as local cloud - which may consist of devices with low computationalcapacity, is used. As each of the IoT/M2M gateways may have different assetsor resources, and thus different access policies, combining different policiesand to make an access control decision in distributed manner is a very challenging task. In addition, the access control system should also fulfill otherrequirements in terms of scalability, context-awareness, flexibility, and attackresilience. These challenges lead us to come up with capability-based accesscontrol that can be easily distributed, i.e. scalable and suitable for distributedsystem, and propagated, i.e. allow flexible access delegation. On top of that,contextual information can also be included in the capability data structure soas to deal with dynamic context in IoT/M2M environment. However, thoroughdesign of capability-based access control is needed, especially to keep the accessdelegation through capability propagation under control and to maintainsecure access control.To detect and mitigate various threats, especially the insider threat, withinthe IoT/M2M local cloud platform is a difficult task for the access controlsystem. Thus, an Intrusion Detection System (IDS) is needed as the integralpart of the access control system. We can imagine a situation where a maliciousnode disguises as a good node such that it can join the local cloud, but onceit becomes part of the cloud it would cause a huge damage to the system.For example it could manipulate access right of an actuator controlled by agateway, e.g. to open a gate or turning on or off some switches, stealingsome sensitive data from sensors, and so on. Keeping in mind such threatand the fact that minimum human interaction is needed in the local cloudenvironment, the IDS should be able to learn and update its knowledge basedon the interaction with the other nodes. This leads us to study, model, andanalyze the interactions between malicious node and regular node equippedwith IDS with game theory, in order to suggest the best strategies for bothsides. The study also includes a general fact that each node has a set of assets orresources with different values. Finally, an optimum strategy for both attackerand defender will be derived by considering their respective costs and benefits.",
author = "Bayu Anggorojati",
year = "2015",
language = "English",
publisher = "Department of Electronic Systems, Aalborg University",

}

Anggorojati, B 2015, Access Control in IoT/M2M - Cloud Platform. Department of Electronic Systems, Aalborg University.

Access Control in IoT/M2M - Cloud Platform. / Anggorojati, Bayu.

Department of Electronic Systems, Aalborg University, 2015. 168 p.

Research output: Book/ReportPh.D. thesisResearch

TY - BOOK

T1 - Access Control in IoT/M2M - Cloud Platform

AU - Anggorojati, Bayu

PY - 2015

Y1 - 2015

N2 - Billions of devices are connected to the Internet nowadays, and the numberwill continue to grow in the future thanks to the advances in the electronicsand telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity andquality of life. This paradigm, which is often called Internet of Things (IoT)or Machine-to-Machine (M2M), will provide an unprecedented opportunity tocreate applications and services that go far beyond the mere purpose of eachparticipant.Many studies on the both technical and social aspects of IoT have shownthat the concern about the security and privacy play a huge role for the massadoption of the IoT/M2M as cloud services. Among the important topicswithin the security and privacy, the access control is an important mechanism,which essentially manages how the important assets or resource of a systemcan be accessed by other parties by means of a set of access policies.For an IoT system such as Radio Frequency Identification (RFID) that collectshuge amounts of RFID events data and may store it in the cloud storagefor tracking purpose, access control to such data becomes a critical point tothe privacy of the enterprises as well as the customers. Certainly, designingan access control to the RFID events data with high-granularity is desirableto maintain the privacy while allowing external party to perform tracking andtracing of RFID tags. In addition, mobility or location management also playsa big role to perform tracking of RFID tags. Scalability and efficiency are twoimportant requirements in location management when big numbers of tags aremoving from one reading location to the others, i.e. being mobile. Thus, designing a fine-grained access control along with scalable location managementin RFID system is of paramount importance.A distributed cloud platform approach for the IoT/M2M, which consists ofa set of IoT/M2M gateways, is introduced to cope with some inherent issuesof IoT network which is highly heterogeneous and distributed in nature. As aresult, access control becomes even more challenging when such approach -also called as local cloud - which may consist of devices with low computationalcapacity, is used. As each of the IoT/M2M gateways may have different assetsor resources, and thus different access policies, combining different policiesand to make an access control decision in distributed manner is a very challenging task. In addition, the access control system should also fulfill otherrequirements in terms of scalability, context-awareness, flexibility, and attackresilience. These challenges lead us to come up with capability-based accesscontrol that can be easily distributed, i.e. scalable and suitable for distributedsystem, and propagated, i.e. allow flexible access delegation. On top of that,contextual information can also be included in the capability data structure soas to deal with dynamic context in IoT/M2M environment. However, thoroughdesign of capability-based access control is needed, especially to keep the accessdelegation through capability propagation under control and to maintainsecure access control.To detect and mitigate various threats, especially the insider threat, withinthe IoT/M2M local cloud platform is a difficult task for the access controlsystem. Thus, an Intrusion Detection System (IDS) is needed as the integralpart of the access control system. We can imagine a situation where a maliciousnode disguises as a good node such that it can join the local cloud, but onceit becomes part of the cloud it would cause a huge damage to the system.For example it could manipulate access right of an actuator controlled by agateway, e.g. to open a gate or turning on or off some switches, stealingsome sensitive data from sensors, and so on. Keeping in mind such threatand the fact that minimum human interaction is needed in the local cloudenvironment, the IDS should be able to learn and update its knowledge basedon the interaction with the other nodes. This leads us to study, model, andanalyze the interactions between malicious node and regular node equippedwith IDS with game theory, in order to suggest the best strategies for bothsides. The study also includes a general fact that each node has a set of assets orresources with different values. Finally, an optimum strategy for both attackerand defender will be derived by considering their respective costs and benefits.

AB - Billions of devices are connected to the Internet nowadays, and the numberwill continue to grow in the future thanks to the advances in the electronicsand telecommunication technology developments. Its application in broad aspects of human’s life brings a lot of benefits by improving productivity andquality of life. This paradigm, which is often called Internet of Things (IoT)or Machine-to-Machine (M2M), will provide an unprecedented opportunity tocreate applications and services that go far beyond the mere purpose of eachparticipant.Many studies on the both technical and social aspects of IoT have shownthat the concern about the security and privacy play a huge role for the massadoption of the IoT/M2M as cloud services. Among the important topicswithin the security and privacy, the access control is an important mechanism,which essentially manages how the important assets or resource of a systemcan be accessed by other parties by means of a set of access policies.For an IoT system such as Radio Frequency Identification (RFID) that collectshuge amounts of RFID events data and may store it in the cloud storagefor tracking purpose, access control to such data becomes a critical point tothe privacy of the enterprises as well as the customers. Certainly, designingan access control to the RFID events data with high-granularity is desirableto maintain the privacy while allowing external party to perform tracking andtracing of RFID tags. In addition, mobility or location management also playsa big role to perform tracking of RFID tags. Scalability and efficiency are twoimportant requirements in location management when big numbers of tags aremoving from one reading location to the others, i.e. being mobile. Thus, designing a fine-grained access control along with scalable location managementin RFID system is of paramount importance.A distributed cloud platform approach for the IoT/M2M, which consists ofa set of IoT/M2M gateways, is introduced to cope with some inherent issuesof IoT network which is highly heterogeneous and distributed in nature. As aresult, access control becomes even more challenging when such approach -also called as local cloud - which may consist of devices with low computationalcapacity, is used. As each of the IoT/M2M gateways may have different assetsor resources, and thus different access policies, combining different policiesand to make an access control decision in distributed manner is a very challenging task. In addition, the access control system should also fulfill otherrequirements in terms of scalability, context-awareness, flexibility, and attackresilience. These challenges lead us to come up with capability-based accesscontrol that can be easily distributed, i.e. scalable and suitable for distributedsystem, and propagated, i.e. allow flexible access delegation. On top of that,contextual information can also be included in the capability data structure soas to deal with dynamic context in IoT/M2M environment. However, thoroughdesign of capability-based access control is needed, especially to keep the accessdelegation through capability propagation under control and to maintainsecure access control.To detect and mitigate various threats, especially the insider threat, withinthe IoT/M2M local cloud platform is a difficult task for the access controlsystem. Thus, an Intrusion Detection System (IDS) is needed as the integralpart of the access control system. We can imagine a situation where a maliciousnode disguises as a good node such that it can join the local cloud, but onceit becomes part of the cloud it would cause a huge damage to the system.For example it could manipulate access right of an actuator controlled by agateway, e.g. to open a gate or turning on or off some switches, stealingsome sensitive data from sensors, and so on. Keeping in mind such threatand the fact that minimum human interaction is needed in the local cloudenvironment, the IDS should be able to learn and update its knowledge basedon the interaction with the other nodes. This leads us to study, model, andanalyze the interactions between malicious node and regular node equippedwith IDS with game theory, in order to suggest the best strategies for bothsides. The study also includes a general fact that each node has a set of assets orresources with different values. Finally, an optimum strategy for both attackerand defender will be derived by considering their respective costs and benefits.

M3 - Ph.D. thesis

BT - Access Control in IoT/M2M - Cloud Platform

PB - Department of Electronic Systems, Aalborg University

ER -

Anggorojati B. Access Control in IoT/M2M - Cloud Platform. Department of Electronic Systems, Aalborg University, 2015. 168 p.