Visible to the public ViotSOC: Controlling Access to Dynamically Virtualized IoT Services Using Service Object Capability

TitleViotSOC: Controlling Access to Dynamically Virtualized IoT Services Using Service Object Capability
Publication TypeConference Paper
Year of Publication2017
AuthorsKo, Hajoon, Jin, Jiong, Keoh, Sye Loong
Conference NameProceedings of the 3rd ACM Workshop on Cyber-Physical System Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4956-7
Keywordsexponentiation, Internet of Things security, pubcrawl, Resiliency, Scalability, service virtualization
Abstract

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to efficiently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/client ticket. Unlike PKI certificates, SOC's authentication time and handshake packet overhead stays constant regardless of each capability's delegation hop distance from the root delegator. The paper compares SOC's security benefifits with Kerberos and the experimental results show SOC's authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos.

URLhttps://dl.acm.org/citation.cfm?doid=3055186.3055194
DOI10.1145/3055186.3055194
Citation Keyko_viotsoc:_2017