Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm

Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm

Copyright: © 2019 |Pages: 46
DOI: 10.4018/978-1-5225-7622-8.ch006
(Individual Chapters)
No Current Special Offers


With IoT services becoming more open and covering wider areas, different IoT applications at different sites are now collaborating to realize real-time monitoring and controlling of the physical world. The use of a publish/subscribe paradigm allows IoT applications to collaborate more closely in real time and to be more flexible. This is due to the space, time, and control decoupling of the event producer and consumer, which can be used to establish an appropriate communication infrastructure. Unfortunately, a publish/subscribe-based IoT application does not know which users are consuming its data events, and consumers do not know where the events originate from. In this environment, the IoT application cannot directly control access, since interactions in the application are anonymous and indirect. To address these issues, this chapter first describes a foundation for communication between wide-area IoT services and then defines a security model supporting a data-centric methodology. Using this model, the underlying network capabilities can be integrated to help IoT applications control event access. The key concept in this access control solution is the preservation of the interaction characteristics of publish/subscribe-based IoT applications, which are both anonymous and multicast. Thus, two specific types of event are used to accomplish requests for and granting of authorization, while remaining consistent with the publish/subscribe paradigm. A policy-attachment method is used to preserve the anonymity and multicast features of the collaborating IoT applications, where policy-matching efficiency, policy privacy, and communication performance are the main points of focus. This access control scheme can also be enhanced with confidentiality.
Chapter Preview

Complete Chapter List

Search this Book: