Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm

Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm

Copyright: © 2019 |Pages: 46
ISBN13: 9781522576228|ISBN10: 1522576223|EISBN13: 9781522576235
DOI: 10.4018/978-1-5225-7622-8.ch006
Cite Chapter Cite Chapter

MLA

Yang Zhang and Yanmeng Guo. "Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm." Integrating and Streamlining Event-Driven IoT Services, IGI Global, 2019, pp.177-222. https://doi.org/10.4018/978-1-5225-7622-8.ch006

APA

Y. Zhang & Y. Guo (2019). Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm. IGI Global. https://doi.org/10.4018/978-1-5225-7622-8.ch006

Chicago

Yang Zhang and Yanmeng Guo. "Distributed Access Control for IoT Services Based on a Publish/Subscribe Paradigm." In Integrating and Streamlining Event-Driven IoT Services. Hershey, PA: IGI Global, 2019. https://doi.org/10.4018/978-1-5225-7622-8.ch006

Export Reference

Mendeley
Favorite

Abstract

With IoT services becoming more open and covering wider areas, different IoT applications at different sites are now collaborating to realize real-time monitoring and controlling of the physical world. The use of a publish/subscribe paradigm allows IoT applications to collaborate more closely in real time and to be more flexible. This is due to the space, time, and control decoupling of the event producer and consumer, which can be used to establish an appropriate communication infrastructure. Unfortunately, a publish/subscribe-based IoT application does not know which users are consuming its data events, and consumers do not know where the events originate from. In this environment, the IoT application cannot directly control access, since interactions in the application are anonymous and indirect. To address these issues, this chapter first describes a foundation for communication between wide-area IoT services and then defines a security model supporting a data-centric methodology. Using this model, the underlying network capabilities can be integrated to help IoT applications control event access. The key concept in this access control solution is the preservation of the interaction characteristics of publish/subscribe-based IoT applications, which are both anonymous and multicast. Thus, two specific types of event are used to accomplish requests for and granting of authorization, while remaining consistent with the publish/subscribe paradigm. A policy-attachment method is used to preserve the anonymity and multicast features of the collaborating IoT applications, where policy-matching efficiency, policy privacy, and communication performance are the main points of focus. This access control scheme can also be enhanced with confidentiality.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.