ViotSOC: Controlling Access to Dynamically Virtualized IoT Services Using Service Object Capability
Title | ViotSOC: Controlling Access to Dynamically Virtualized IoT Services Using Service Object Capability |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Ko, Hajoon, Jin, Jiong, Keoh, Sye Loong |
Conference Name | Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4956-7 |
Keywords | exponentiation, Internet of Things security, pubcrawl, Resiliency, Scalability, service virtualization |
Abstract | Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to efficiently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/client ticket. Unlike PKI certificates, SOC's authentication time and handshake packet overhead stays constant regardless of each capability's delegation hop distance from the root delegator. The paper compares SOC's security benefifits with Kerberos and the experimental results show SOC's authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos. |
URL | https://dl.acm.org/citation.cfm?doid=3055186.3055194 |
DOI | 10.1145/3055186.3055194 |
Citation Key | ko_viotsoc:_2017 |