While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and experimentally validates a flexible and effective Attribute-Based Access Control framework, properly devised to operate in a federated and cloud-assisted Cyber-Physical System. Our main novelty stems in the original way we turn a policy-based encryption scheme, customarily used for accessing data, into a Cyber-Physical resource access control protocol. The proposed design approach is able to address several security issues characterizing the emerging use cases in this context, including the decoupling between authentication and authorization, fine-grained, offline, and time-limited authorization, protection against collusion attacks, access rights revocation, and user privacy. A security analysis and a performance evaluation executed through experimental tests clearly demonstrate the viability of the proposed approach in realistic cloud-assisted Cyber-Physical Systems, as well as its ability to overcome the lacks affecting competitive approaches without introducing huge communication and computational requirements.

On the design of a decentralized and multi-authority access control scheme in federated and cloud-assisted Cyber-Physical Systems / Sciancalepore, S.; Piro, G.; Caldarola, D.; Boggia, G.; Bianchi, G.. - In: IEEE INTERNET OF THINGS JOURNAL. - ISSN 2327-4662. - ELETTRONICO. - 5:6(2018), pp. 5190-5204. [10.1109/JIOT.2018.2864300]

On the design of a decentralized and multi-authority access control scheme in federated and cloud-assisted Cyber-Physical Systems

Sciancalepore, S.;Piro, G.;Boggia, G.;
2018-01-01

Abstract

While enabling brand new services and opportunities, the federation of vertical Internet of Things platforms presents new challenges in terms of secure and controlled access to heterogeneous resources, especially when authorization permissions must be regulated by multiple decentralized authorities. The work presented herein designs, develops, and experimentally validates a flexible and effective Attribute-Based Access Control framework, properly devised to operate in a federated and cloud-assisted Cyber-Physical System. Our main novelty stems in the original way we turn a policy-based encryption scheme, customarily used for accessing data, into a Cyber-Physical resource access control protocol. The proposed design approach is able to address several security issues characterizing the emerging use cases in this context, including the decoupling between authentication and authorization, fine-grained, offline, and time-limited authorization, protection against collusion attacks, access rights revocation, and user privacy. A security analysis and a performance evaluation executed through experimental tests clearly demonstrate the viability of the proposed approach in realistic cloud-assisted Cyber-Physical Systems, as well as its ability to overcome the lacks affecting competitive approaches without introducing huge communication and computational requirements.
2018
On the design of a decentralized and multi-authority access control scheme in federated and cloud-assisted Cyber-Physical Systems / Sciancalepore, S.; Piro, G.; Caldarola, D.; Boggia, G.; Bianchi, G.. - In: IEEE INTERNET OF THINGS JOURNAL. - ISSN 2327-4662. - ELETTRONICO. - 5:6(2018), pp. 5190-5204. [10.1109/JIOT.2018.2864300]
File in questo prodotto:
File Dimensione Formato  
SciancaleporeIEEEEIOTJ_cameraready.pdf

accesso aperto

Descrizione: Submitted version
Tipologia: Documento in Pre-print
Licenza: Creative commons
Dimensione 3.82 MB
Formato Adobe PDF
3.82 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11589/138262
Citazioni
  • Scopus 25
  • ???jsp.display-item.citation.isi??? 19
social impact