KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Distributed Fog-based Access Control Architecture for IoT

  • Alnefaie, Seham (Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University) ;
  • Cherif, Asma (Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University) ;
  • Alshehri, Suhair (Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University)
  • Received : 2021.03.31
  • Accepted : 2021.12.02
  • Published : 2021.12.31
Download PDF
⟨ Previous Next ⟩

Abstract

The evolution of IoT technology is having a significant impact on people's lives. Almost all areas of people's lives are benefiting from increased productivity and simplification made possible by this trending technology. On the downside, however, the application of IoT technology is posing some security challenges, among them, unauthorized access to IoT devices. This paper presents an Attribute-based Access Control Fog architecture that aims to achieve effective distribution, increase availability and decrease latency. In the proposed architecture, the main functional points of the Attribute-based Access Control are distributed to provide policy decision and policy information mechanisms in fog nodes, locating these functions near end nodes. To evaluate the proposed architecture, an access control engine based on the Attribute-based Access Control was built using the Balana library and simulated using EdgeCloudSim to compare it to the traditional cloud-based architecture. The experiments show that the fog-based architecture provides robust results in terms of reducing latency in making access decisions.

Keywords

References

  1. S. Alnefaie, A. Cherif, and S. Alshehri, "Towards a Distributed Access Control Model for IoT in Healthcare," in Proc. of 2019 2nd International Conference on Computer Applications Information Security (ICCAIS), pp. 1-6, 2019.
  2. C. S. & V. F. Emmanuel Bertin Dina Hussein, "Access control in the Internet of Things: a survey of existing approaches and open research questions," Ann. Telecommun., vol. 74, pp. 375-388, 2019. https://doi.org/10.1007/s12243-019-00709-7
  3. S. Ravidas, A. Lekidis, F. Paci, and N. Zannone, "Access control in Internet-of-Things: A survey," J. Netw. Comput. Appl., vol. 144, pp. 79-101, 2019.. https://doi.org/10.1016/j.jnca.2019.06.017
  4. A. Ouaddah, H. Mousannif, A. Abou Elkalam, and A. Ait Ouahman, "Access control in the Internet of Things: Big challenges and new opportunities," Comput. Netw., vol. 112, pp. 237-262, Jan. 2017. https://doi.org/10.1016/j.comnet.2016.11.007
  5. S. Pal, M. Hitchens, V. Varadharajan, and T. Rabehaja, "Fine-Grained Access Control for Smart Healthcare Systems in the Internet of Things," EAI Endorsed Trans. Ind. Netw. Intell. Syst., vol. 4, no. 13, p. 154370, Mar. 2018. https://doi.org/10.4108/eai.20-3-2018.154370
  6. D. Hussein, E. Bertin, and V. Frey, "A Community-Driven Access Control Approach in Distributed IoT Environments," IEEE Commun. Mag., vol. 55, no. 3, pp. 146-153, Mar. 2017. https://doi.org/10.1109/MCOM.2017.1600611CM
  7. V. C. Hu et al., "Guide to Attribute Based Access Control (ABAC) Definition and Considerations," National Institute of Standards and Technology, NIST SP 800-162, Jan. 2014.
  8. M. A. Aleisa, A. Abuhussein, and F. T. Sheldon, "Access Control in Fog Computing: Challenges and Research Agenda," IEEE Access, vol. 8, pp. 83986-83999, 2020. https://doi.org/10.1109/access.2020.2992460
  9. I. Martinez, A. S. Hafid, and A. Jarray, "Design, Resource Management and Evaluation of Fog Computing Systems: A Survey," IEEE Internet Things J., vol. 8, no. 4, pp. 2494-2516, 2021. https://doi.org/10.1109/JIOT.2020.3022699
  10. F. A. Kraemer, A. E. Braten, N. Tamkittikhun, and D. Palma, "Fog Computing in Healthcare-A Review and Discussion," IEEE Access, vol. 5, pp. 9206-9222, 2017. https://doi.org/10.1109/ACCESS.2017.2704100
  11. M. Maksimovic, "Implementation of Fog computing in IoT-based healthcare system," JITA - J. Inf. Technol. Appl. Banja Luka - APEIRON, vol. 14, no. 2, Jan. 2018.
  12. WSO2, "WSO2 Balana Implementation," 2021.
  13. S. Alnefaie, S. Alshehri, and A. Cherif, "A survey on access control in IoT: models, architectures and research opportunities," Int. J. Secur. Netw., vol. 16, 2021.
  14. I. Ray, B. Alangot, S. Nair, and K. Achuthan, "Using Attribute-Based Access Control for Remote Healthcare Monitoring," in Proc. of 2017 Fourth International Conference on Software Defined Systems (SDS), Valencia, Spain, pp. 137-142, May 2017.
  15. S. Salonikias, I. Mavridis, and D. Gritzalis, "Access Control Issues in Utilizing Fog Computing for Transport Infrastructure," in Proc. of Critical Information Infrastructures Security, vol. 9578, E. Rome, M. Theocharidou, and S. Wolthusen, Eds. Cham: Springer International Publishing, pp. 15-26, 2016.
  16. S. Salonikias, A. Gouglidis, I. Mavridis, and D. Gritzalis, "Access Control in Industrial Internet of Things," in Proc. of Security and Privacy Trends in the Industrial Internet of Things, Springer, pp. 95-114, 2018.
  17. L. A. Charaf, I. Alihamidi, A. Deroussi, M. Saber, A. Ait Madi and A. Addaim, "Proposed Access Control Architecture Based on Fog Computing for IoT Environments," in Proc. of the 7th International Conference on Optimization and Applications (ICOA), IEEE, 2021.
  18. S. Sakr and A. Y. Zomaya, Eds., "Attribute-Based Access Control (ABAC)," Encyclopedia of Big Data Technologies, Cham: Springer International Publishing, pp. 117-117, 2019,.
  19. M. Mukherjee et al., "Security and Privacy in Fog Computing: Challenges," IEEE Access, vol. 5, pp. 19293-19304, 2017. https://doi.org/10.1109/ACCESS.2017.2749422
  20. T. Landes, "Dynamic Vector Clocks for Consistent Ordering of Events in Dynamic Distributed Applications," in Proc. of the International Conference on Parallel and Distributed Processing Techniques and Applications, vol. 1, Las Vegas, Nevada, pp. 31-37, 2006.
  21. eXtensible Access Control Markup Language (XACML) Version 3.0, XACML-V3.0. 2013.
  22. H. Atlam, M. Alassafi, A. Alenezi, R. Walters, and G. Wills, "XACML for Building Access Control Policies in Internet of Things," in Proc. of the 3rd International Conference on Internet of Things, Big Data and Security, pp. 253-260, 2018.
  23. C. Sonmez, A. Ozgovde, and C. Ersoy, "EdgeCloudSim: An environment for performance evaluation of edge computing systems," in Proc. of 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC), Valencia, Spain, pp. 39-44, 2017.