The University of Southampton
University of Southampton Institutional Repository

Developing an adaptive Risk-based access control model for the Internet of Things

Developing an adaptive Risk-based access control model for the Internet of Things
Developing an adaptive Risk-based access control model for the Internet of Things
The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers.

The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure.

Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.
Security, Internet of Things, Risk, access control, Adaptive, Context.
1-7
IEEE Press
Atlam, Hany F.
addb33f5-5f65-4523-a6b8-328d9677c5d2
Wills, Gary B.
3a594558-6921-4e82-8098-38cd8d4e8aa0
Walters, Robert J.
7b8732fb-3083-4f4d-844e-85a29daaa2c1
Alenezi, Ahmed
121c053f-ddf0-404f-b1cb-460b542ebed9
Daniel, Joshua
473204ad-b4d5-4878-aaf5-d182dc0cb921
Atlam, Hany F., Wills, Gary B., Walters, Robert J., Alenezi, Ahmed and Daniel, Joshua (2017) Developing an adaptive Risk-based access control model for the Internet of Things In 10th IEEE International conference on Internet of Things (iThings-2017). IEEE Press. 7 pp, pp. 1-7.

Atlam, Hany F., Wills, Gary B., Walters, Robert J., Alenezi, Ahmed and Daniel, Joshua (2017) Developing an adaptive Risk-based access control model for the Internet of Things In 10th IEEE International conference on Internet of Things (iThings-2017). IEEE Press. 7 pp, pp. 1-7.

Record type: Conference or Workshop Item (Paper)

Abstract

The Internet of Things (IoT) is creating a revolution in the number of connected devices. Cisco reported that there were 25 billion IoT devices in 2015 and modest estimation that this number will almost double by 2020. Society has become dependent on these billions of devices, devices that are connected and communicating with each other all the time with information constantly share between users, services, and internet providers.

The emergent IoT devices as a technology are creating a huge security rift between users and usability, sacrificing usability for security created a number of major issues. First, IoT devices are classified under Bring Your Own Device (BYOD) that blows any organization security boundary and make them a target for espionage or tracking. Second, the size of the data generated from IoT makes big data problems pale in comparison not to mention IoT devices need a real-time response. Third, is incorporating secure access and control for IoT devices ranging from edge nodes devices to application level (business intelligence reporting tools) is a challenge because it has to account for several hardware and application levels. Establishing a secure access control model between different IoT devices and services is a major milestone for the IoT. This is important because data leakage and unauthorized access to data have a high impact on our IoT devices. However, traditional access control models with the static and rigid infrastructure cannot provide the required security for the IoT infrastructure.

Therefore, this paper proposes a risk-based access control model for IoT technology that takes into account real-time data information request for IoT devices and gives dynamic feedback. The proposed model uses IoT environment features to estimate the security risk associated with each access request using user context, resource sensitivity, action severity and risk history as inputs for security risk estimation algorithm that is responsible for access decision. Then the proposed model uses smart contracts to provide adaptive features in which the user behaviour is monitored to detect any abnormal actions from authorized users.

PDF Developing an adaptive Risk-based access control model for the Internet of Things - Version of Record
Restricted to Repository staff only

More information

Accepted/In Press date: 15 May 2017
Keywords: Security, Internet of Things, Risk, access control, Adaptive, Context.
Organisations: Electronics & Computer Science, Electronic & Software Systems, Southampton Marine & Maritime Institute

Identifiers

Local EPrints ID: 411259
URI: http://eprints.soton.ac.uk/id/eprint/411259
PURE UUID: 182f1683-3dc8-458a-a2d3-8cbd8edbb41a
ORCID for Gary B. Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 16 Jun 2017 16:31
Last modified: 11 Nov 2017 08:22

Export record

Contributors

Author: Hany F. Atlam
Author: Gary B. Wills ORCID iD
Author: Robert J. Walters
Author: Ahmed Alenezi
Author: Joshua Daniel

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×