An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role
Due to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In parti...
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
MDPI AG
2019-04-01
|
Series: | Sensors |
Subjects: | |
Online Access: | https://www.mdpi.com/1424-8220/19/8/1884 |
_version_ | 1811278519743807488 |
---|---|
author | Se-Ra Oh Young-Gab Kim Sanghyun Cho |
author_facet | Se-Ra Oh Young-Gab Kim Sanghyun Cho |
author_sort | Se-Ra Oh |
collection | DOAJ |
description | Due to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In particular, current OAuth-based access control frameworks that are widely used in IoT research have not been providing interoperability among IoT platforms even though sharing resources and services is a critical issue for IoT platforms. Therefore, we analyze the main requirements for an IoT access control framework to properly design our framework and propose an interoperable access control framework based on OAuth 2.0 and Role. Our approach describes a new extended authorization grant flow to issue an Interoperable Access Token (IAT) that has a global access scope across IoT platforms using multiple pairs of clients’ credentials. With the IAT and proposed framework, we can access client-specific domains in heterogeneous IoT platforms, then valuable resources (e.g., data and services) in the domains can be accessed by validating the roles, which will greatly simplify permission management. Furthermore, IAT supports a simple token management (e.g., token issuance, refreshing, and revocation) by managing only one token for diverse IoT platforms. In addition, we implement our interoperable access control framework on Mobius and FIWARE, which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation. Furthermore, the proposed framework is compared with other IoT access control approaches based on the selected requirements in this paper. |
first_indexed | 2024-04-13T00:37:18Z |
format | Article |
id | doaj.art-fb70ac1a856e4a2783b66bb28f31fb91 |
institution | Directory Open Access Journal |
issn | 1424-8220 |
language | English |
last_indexed | 2024-04-13T00:37:18Z |
publishDate | 2019-04-01 |
publisher | MDPI AG |
record_format | Article |
series | Sensors |
spelling | doaj.art-fb70ac1a856e4a2783b66bb28f31fb912022-12-22T03:10:18ZengMDPI AGSensors1424-82202019-04-01198188410.3390/s19081884s19081884An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and RoleSe-Ra Oh0Young-Gab Kim1Sanghyun Cho2Department of Computer and Information Security, Sejong University, Seoul 05006, KoreaDepartment of Computer and Information Security, Sejong University, Seoul 05006, KoreaSecurity Team, Naver Corporation, Bundang 13561, KoreaDue to the rapid development of Internet of Things (IoT), IoT platforms that can provide common functions for things are becoming increasingly important. However, access control frameworks in diverse IoT platforms have been developed for individual security goals, designs, and technologies. In particular, current OAuth-based access control frameworks that are widely used in IoT research have not been providing interoperability among IoT platforms even though sharing resources and services is a critical issue for IoT platforms. Therefore, we analyze the main requirements for an IoT access control framework to properly design our framework and propose an interoperable access control framework based on OAuth 2.0 and Role. Our approach describes a new extended authorization grant flow to issue an Interoperable Access Token (IAT) that has a global access scope across IoT platforms using multiple pairs of clients’ credentials. With the IAT and proposed framework, we can access client-specific domains in heterogeneous IoT platforms, then valuable resources (e.g., data and services) in the domains can be accessed by validating the roles, which will greatly simplify permission management. Furthermore, IAT supports a simple token management (e.g., token issuance, refreshing, and revocation) by managing only one token for diverse IoT platforms. In addition, we implement our interoperable access control framework on Mobius and FIWARE, which are promising open-source IoT platforms, and test an interoperability scenario to demonstrate our approach with the implementation. Furthermore, the proposed framework is compared with other IoT access control approaches based on the selected requirements in this paper.https://www.mdpi.com/1424-8220/19/8/1884IoT platformaccess controlinteroperabilityOAuth 2.0rolesecurity requirements |
spellingShingle | Se-Ra Oh Young-Gab Kim Sanghyun Cho An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role Sensors IoT platform access control interoperability OAuth 2.0 role security requirements |
title | An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role |
title_full | An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role |
title_fullStr | An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role |
title_full_unstemmed | An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role |
title_short | An Interoperable Access Control Framework for Diverse IoT Platforms Based on OAuth and Role |
title_sort | interoperable access control framework for diverse iot platforms based on oauth and role |
topic | IoT platform access control interoperability OAuth 2.0 role security requirements |
url | https://www.mdpi.com/1424-8220/19/8/1884 |
work_keys_str_mv | AT seraoh aninteroperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole AT younggabkim aninteroperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole AT sanghyuncho aninteroperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole AT seraoh interoperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole AT younggabkim interoperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole AT sanghyuncho interoperableaccesscontrolframeworkfordiverseiotplatformsbasedonoauthandrole |