Developing dynamic and adaptive risk-based access control model for the internet of things
Developing dynamic and adaptive risk-based access control model for the internet of things
The Internet of Things (IoT) is considered as the next stage of the evolution of the Internet. It promotes the concept of anytime, anywhere connectivity for anything. The IoT has the ability to connect billions of devices to share their information and create new services that improve our quality of life. Although the IoT provides countless benefits, it creates several security issues. One of the approaches to resolve these issues is to build an effective access control model.
Due to the dynamic nature of the IoT, static access control approaches cannot provide an appropriate security solution, as they are static and context-insensitive. Therefore, this research proposes a novel adaptive risk-based access control model to determine access permissions dynamically. This model performs a security risk analysis on the access request by using IoT contextual and real-time information to make the access decision. The proposed model has four inputs: user context, resource sensitivity, action severity and risk history. These inputs are used to estimate the risk value associated with each access request to make the access decision. In addition, this research adds abnormality detection capability by using smart contracts to track and monitor user activities during the access session to detect and prevent malicious actions.
One of the main problems to implement the proposed model was to determine the appropriate risk estimation technique that ensures flexibility and scalability of the IoT system. Hence, a review of most common risk estimation techniques was carried out and the fuzzy logic system with expert judgment was selected to implement the risk estimation process. In addition, to overcome scalability and learning issues of the proposed fuzzy risk estimation technique, Adaptive Neuro-Fuzzy Inference System (ANFIS) and Neuro-Fuzzy System (NFS) were utilized to implement the risk estimation technique. The results demonstrated that it outperformed the results produced by the fuzzy logic system, increased the accuracy and can adapt to changes of various IoT applications. In addition, this research presented a solution for the cold start problem associated with risk-based models that use risk history as one of the risk factors. The results demonstrated that the proposed risk-based model can operate immediately when first used or connected without reconfiguration or adjustment. By using MATLAB Simulink, the operation of smart contracts was simulated to track and monitor user activities during the access session. The results demonstrated that it provides an effective way to detect and prevent malicious actions in a timely manner. To validate the applicability of the proposed adaptive risk-based model in real-world IoT scenarios, access control scenarios of three IoT applications including healthcare, smart home and network router were presented. The results demonstrated that the proposed risk-based model adds more advantages over existing access control models and can be applied to various and real-world IoT applications.
University of Southampton
Atlam, Hany Fathy Mousa
addb33f5-5f65-4523-a6b8-328d9677c5d2
January 2020
Atlam, Hany Fathy Mousa
addb33f5-5f65-4523-a6b8-328d9677c5d2
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Atlam, Hany Fathy Mousa
(2020)
Developing dynamic and adaptive risk-based access control model for the internet of things.
University of Southampton, Doctoral Thesis, 274pp.
Record type:
Thesis
(Doctoral)
Abstract
The Internet of Things (IoT) is considered as the next stage of the evolution of the Internet. It promotes the concept of anytime, anywhere connectivity for anything. The IoT has the ability to connect billions of devices to share their information and create new services that improve our quality of life. Although the IoT provides countless benefits, it creates several security issues. One of the approaches to resolve these issues is to build an effective access control model.
Due to the dynamic nature of the IoT, static access control approaches cannot provide an appropriate security solution, as they are static and context-insensitive. Therefore, this research proposes a novel adaptive risk-based access control model to determine access permissions dynamically. This model performs a security risk analysis on the access request by using IoT contextual and real-time information to make the access decision. The proposed model has four inputs: user context, resource sensitivity, action severity and risk history. These inputs are used to estimate the risk value associated with each access request to make the access decision. In addition, this research adds abnormality detection capability by using smart contracts to track and monitor user activities during the access session to detect and prevent malicious actions.
One of the main problems to implement the proposed model was to determine the appropriate risk estimation technique that ensures flexibility and scalability of the IoT system. Hence, a review of most common risk estimation techniques was carried out and the fuzzy logic system with expert judgment was selected to implement the risk estimation process. In addition, to overcome scalability and learning issues of the proposed fuzzy risk estimation technique, Adaptive Neuro-Fuzzy Inference System (ANFIS) and Neuro-Fuzzy System (NFS) were utilized to implement the risk estimation technique. The results demonstrated that it outperformed the results produced by the fuzzy logic system, increased the accuracy and can adapt to changes of various IoT applications. In addition, this research presented a solution for the cold start problem associated with risk-based models that use risk history as one of the risk factors. The results demonstrated that the proposed risk-based model can operate immediately when first used or connected without reconfiguration or adjustment. By using MATLAB Simulink, the operation of smart contracts was simulated to track and monitor user activities during the access session. The results demonstrated that it provides an effective way to detect and prevent malicious actions in a timely manner. To validate the applicability of the proposed adaptive risk-based model in real-world IoT scenarios, access control scenarios of three IoT applications including healthcare, smart home and network router were presented. The results demonstrated that the proposed risk-based model adds more advantages over existing access control models and can be applied to various and real-world IoT applications.
Text
Final Thesis Hany Atlam
Text
Permission to deposit thesis - Hany Atlam
Restricted to Repository staff only
More information
Published date: January 2020
Identifiers
Local EPrints ID: 447742
URI: http://eprints.soton.ac.uk/id/eprint/447742
PURE UUID: 0bb904b8-f985-48ff-823a-b8df7ae2bdee
Catalogue record
Date deposited: 19 Mar 2021 17:31
Last modified: 17 Mar 2024 02:43
Export record
Contributors
Author:
Hany Fathy Mousa Atlam
Thesis advisor:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics