Validation of an adaptive risk-based access control model for the Internet of Things
TLDR
The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision and has four inputs/risk factors: user context, resource sensitivity, action severity and risk history.Abstract:
The Internet of Things (IoT) has spread into multiple dimensions that incorporate different physical and virtual things These things are connected together using different communication technologies to provide unlimited services These services help not only to improve the quality of our daily lives, but also to provide a communication platform for increasing object collaboration and information sharing Like all new technologies, the IoT has many security challenges that stand as a barrier to the successful implementation of IoT applications These challenges are more complicated due to the dynamic and heterogeneous nature of IoT systems However, authentication and access control models can be used to address the security issue in the IoT To increase information sharing and availability, the IoT requires a dynamic access control model that takes not only access policies but also real-time contextual information into account when making access decisions One of the dynamic features is the security risk This paper proposes an Adaptive Risk-Based Access Control (AdRBAC) model for the IoT and discusses its validation using expert reviews The proposed AdRBAC model conducts a risk analysis to estimate the security risk value associated with each access request when making an access decision This model has four inputs/risk factors: user context, resource sensitivity, action severity and risk history These risk factors are used to estimate a risk value associated with the access request to make the access decision To provide the adaptive features, smart contracts will be used to monitor the user behaviour during access sessions to detect any malicious actions from the granted users To validate and refine the proposed model, twenty IoT security experts from inside and outside the UK were interviewed The experts have suggested valuable information that will help to specify the appropriate risk factors and risk estimation technique for implantation of the AdRBAC modelread more
Citations
More filters
Journal ArticleDOI
Fog Computing and the Internet of Things: A Review
TL;DR: The state-of-the-art of fog computing and its integration with the IoT is presented by highlighting the benefits and implementation challenges and the architecture of the fog and emerging IoT applications that will be improved by using the fog model are focused on.
Journal ArticleDOI
Blockchain with Internet of Things: Benefits, Challenges, and Future Directions
TL;DR: It is concluded that the combination of blockchain and IoT can provide a powerful approach which can significantly pave the way for new business models and distributed applications.
Book ChapterDOI
IoT security, privacy, safety and ethics
TL;DR: The IoT safety, ethics, the need for the ethical design and challenges encountered are discussed and smart cities are introduced as a case study to investigate various security threats and suggested solutions to maintain a good security level in a smart city.
Book ChapterDOI
Technical aspects of blockchain and IoT
TL;DR: This chapter provides an overview of technical aspects of the blockchain and IoT by reviewing blockchain technology and its main structure, and reviewing the IoT system by highlighting common architecture and essential characteristics.
Journal ArticleDOI
Internet of Things: state-of-the-art, challenges, applications, and open issues
TL;DR: An overview of the IoT system with highlighting its applications, challenges, and open issues is provided and a comparison between common IoT communication technologies is presented.
References
More filters
Journal ArticleDOI
Basics of Qualitative Research
Journal ArticleDOI
How Many Interviews Are Enough?: An Experiment with Data Saturation and Variability
TL;DR: The authors operationalize saturation and make evidence-based recommendations regarding nonprobabilistic sample sizes for interviews and found that saturation occurred within the first twelve interviews, although basic elements for metathemes were present as early as six interviews.
Journal ArticleDOI
The Internet of Things: A survey
TL;DR: This survey is directed to those who want to approach this complex discipline and contribute to its development, and finds that still major issues shall be faced by the research community.
Journal ArticleDOI
The internet of things: a survey
TL;DR: The definitions, architecture, fundamental technologies, and applications of IoT are systematically reviewed and the major challenges which need addressing by the research community and corresponding potential solutions are investigated.
Journal ArticleDOI
The qualitative research interview
TL;DR: This work examines less structured interview strategies in which the person interviewed is more a participant in meaning making than a conduit from which information is retrieved.