Biblio

IoT middleware is an additional layer between IoT devices and the cloud applications that reduces computation and data handling on the cloud. In a typical IoT system model, middleware primarily connects to different IoT devices via IoT gateway. Device data stored on middleware is sensitive and private to a user. Middleware must have built-in mechanisms to address these issues, as well as the implementation of user authentication and access control. This paper presents the current methods used for access control on middleware and introduces Attribute-based encryption (ABE) on middleware for access control. ABE combines access control with data encryption for ensuring the integrity of data. In this paper, we propose Ciphertext-policy attribute-based encryption, abbreviated CP-ABE scheme on the middleware layer in the IoT system architecture for user access control. The proposed scheme is aimed to provide security and efficiency while reducing complexity on middleware. We have used the AVISPA tool to strengthen the proposed scheme.

Internet of Things (IoT) is a fairly disruptive technology with inconceivable growth, impact, and capability. We present the role of REST API in the IoT Systems and some initial concepts of IoT, whose technology is able to record and count everything. We as well highlight the concept of middleware that connects these devices and cloud. The appearance of new IoT applications in the cloud has brought new threats to security and privacy of data. Therefore it is required to introduce a secure IoT system which doesn't allow attackers infiltration in the network through IoT devices and also to secure data in transit from IoT devices to cloud. We provide the details on how Representational State Transfer (REST) API allows to securely expose connected devices to applications on cloud and users. In the proposed model, middleware is primarily used to expose device data through REST and to hide details and act as an interface to the user to interact with sensor data.