Internet of Things Architecture

(Elliott) #1

Internet of Things – Architecture © - 104 -


properties/roles. This enables subjects to still get access to the system yet not
revealing their identity.


The AuthN component proposed by IoT-A offers the Authenticate functionality,
the profile of which is:


assertion: Authenticate (UserCredential)

where UserCredential is any kind of information used by the Authenticate
functionality to check the identity of the party to be authenticated (e.g.
username—password pair, PIN code, retinal identification and so on).


assertion (following definition of [Gruschka 2012]) is the information that
guaranties the occurrence of an authentication of a user client at a particular
time using a particular method of authentication. The assertion is further used
by the Authorisation (AuthS) component in order to decide upon granting or
denying access to a resource.


Finally, the AuthN component provides also Authorisation (AuthS): It is the
process by which access to information or an IoT Resource is granted to a
subject, according to an access policy and for a specific type of action. In order
to guarantee user-privacy, the end-users should be in control of access policies
relating to their personal data.


The profile of the Authorise function is:


Boolean: Authorise (Assertion, Resource, ActionType),

where Assertion is the result of Authentication, Resource represents the
resource to be accessed, and ActionType represents the action to be
performed upon the resource.


As mentioned earlier, there are various models of authorisation, property-based
access control and assertion-based access control [Gruschka 2012]. Both
are supported by IoT-A through abstract APIs [Gruschka 2012].


Identity Management, Authentication, and Authorisation guarantee privacy wihin
the IoT system. Nonetheless, if the data within the IoT system‘s database is
stored as cleartext, nothing prevents hackers from tampering with the database
and accessing the data. To protect the user against these types of attacks, we
believe that the data should be encrypted priorly storing it in the database.


3.7.4 Contradictory aspects in IoT-A security


In distributed systems, including IoT-like ones, one has often to trade off
between security properties. In particular, trust and privacy, are considered as
being two contradictory properties.

Free download pdf