Abstract
Access to resources, both physical and cyber, must be controlled to maintain security. The increasingly connected nature of our world makes access control a paramount issue. The expansion of the Internet of Things into everyday life has created numerous opportunities to share information and resources with other people and other devices. The Internet of Things will contain numerous wireless devices. The level of access each user (human or device) is given must be controlled. Most conventional access control schemes are rigid in that they do not account for environmental context. This solution is not sufficient for the Internet of Things. What is needed is a more granular control of access rights and a gradual degradation or expansion of access based on observed facts. This chapter presents an access control system termed the Access of Things, which employs a gradual degradation of privilege philosophy. The Access of Things concept is applicable to the dynamic security environment present in the Internet of Things.
TopInternet Of Things Concept
The Internet of Things (IOT) concept envisions an environment where devices automatically connect together to solve problems or better monitor the environment. The problems that can be addressed in the IOT framework are larger than a single device could solve on its own. This may be due to lack of computing power or lack of access to input data. The concept of the IOT is not necessarily one of human-centric applications, but one that will include more machine-to-machine (M2M) applications facilitated by massive M2M networks supported by the IOT’s infrastructure. The differentiator between the IOT and a generic Internet capable device is the increased degree of autonomy of the device and reliance on M2M communication. In fact, most IOT applications are based around the M2M communication with the human user being a consumer of information or service rather than the initiator of operations.
The initial idea was to provide every device with an IP address for routing data (traffic) between devices to facilitate M2M communication. While IP is a widely used protocol, it may not be the best protocol for all applications and other protocols are available to supplement IP. This is true for IOT applications because many IOT devices have limited computational and communication resources, especially remote sensor nodes.
IOT applications include smart health, remote healthcare (You, Liu, & Tong, 2011; Revere, Black, & Zalila, 2010; Chen, Gonzalez, Leung, Zhang, & Li, 2010; Wicks, Visich, & Li, 2006), home management, traffic management (Foschini, Taleb, Corradi, & Bottazzi, 2011), smart grid, and industrial control systems. The notion of networks forming, changing, and dissolving on their own raises questions about what resources should be shared. Each actor in the IOT must make this decision on their own and based on their perception of the environment and the application. Spatial access control, including building access control systems, is one example of such a system.
Key Terms in this Chapter
Likelihood: The probability that an event will happen or that a malicious user will attempt to exploit a particular vulnerability. Likelihood is used in security and access control systems, such as DRAAC, to identify those actions that the malicious user is likely to perform.
Physically Unclonable Functions: Physically Unclonable Functions or PUFs are variations in the fabrication process of Integrated Circuits (ICs) that cause timing variations in the resulting ICs (chips). These inconsistencies can be used to provide a unique fingerprint for each particular IC.
Access of Things: The term used to denote the DRAAC based access control system for the Internet of Things.
Impact: The potential damage that can be caused by granting an access if that access should have been denied. Impact is primarily a function of the resource that the user is requesting access to, but is also dependent on the user and the current state of the system.
RFID: RFID stands for Radio Frequency IDentification and represents the use of RFID readers and RFID tags to provide the last-mile connection between a control system and the end devices. In this chapter, RFID is used for identifying individuals for access control purposes and for location determination via radio-frequency (RF) location techniques.
Attack Graph: A graph based structure representing the state of the system as vertices and actions, such as vulnerabilities or normal system transitions, which can change the state of the system as edges. Attack graphs are similar to finite state machine diagrams that focus on security rather than system state.
CLIPS: CLIPS stands for C Language Integrated Production System and is used to store the Facts and Rules in the DRAAC system. CLIPS is the core of the Access Control Decision Module of DRAAC.
Internet of Things: A term used to denote the massive collection of networked devices. These collaborative networks will autonomously form and collaborate.
DRACC: DRAAC stands for Dynamic Risk Assessment Access Control system, which is an access control system that provides graceful degradation or elevation privilege in a system. DRAAC is the basis for the Access of Things concept presented in this chapter.
Rule-Based Access Control: A type of access control system that where access requests are evaluated against a specified list of rules. These types of systems often support the collection of “facts” representing the access control system’s knowledge about the resources and users it monitors.