Contenu connexe
Similaire à Attribute-based Access Control scheme in federated IoT platforms (20)
Attribute-based Access Control scheme in federated IoT platforms
- 2. © 2016 – The symbIoTe Consortium2
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
Outline
- 3. © 2016 – The symbIoTe Consortium3
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 4. © 2016 – The symbIoTe Consortium4
• symbIoTe H2020 EU project: symbiosis of smart
objects across IoT environments
• interoperability and mediation framework for the
collaboration of vertical IoT platforms
SymbIoTe scenario
- 5. © 2016 – The symbIoTe Consortium5
• authentication and authorization
– decoupling logic
– offline platforms
• flexible security policies
• revocation and expiration of access rights
• delegation of access rights
• user privacy, data anonymization
• OWASP secure coding rules
Security requirements
- 6. © 2016 – The symbIoTe Consortium6
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 8. © 2016 – The symbIoTe Consortium8
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 10. © 2016 – The symbIoTe Consortium10
Core AAM
• Authentication of components/ and
applications registered in the mediator
• Release of (authenticated/trusted) core tokens
storing attributes at the mediator side
• Management of asynchronous
core token revocation
• Core Tokens cryptography validation through
challenge-response
• Attributes mapping function
- 11. © 2016 – The symbIoTe Consortium11
Platform AAM
• Authentication of components/ and
applications registered in the IoT platform
• Release of (authenticated/trusted) home
tokens storing attributes in the IoT platform
• Management of asynchronous
home token revocation
• Home Tokens cryptography validation through
challenge-response
• Attributes mapping function
- 12. © 2016 – The symbIoTe Consortium12
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 13. © 2016 – The symbIoTe Consortium13
Scenarios
• Scenario #1: application is registered with an
IoT platform and would access to resources
exposed by the same IoT platform
• Scenario #2: application is registered with
symbIoTe and wants to access to resources
exposed by a federated platform
• Scenario #3: application is registered with one
or more federated platforms and would access
to resources exposed elsewhere (multi-
domain access rights composition)
- 17. © 2016 – The symbIoTe Consortium17
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 19. © 2016 – The symbIoTe Consortium19
• SymbIoTe scenario and Requirements
• Related work
• Baseline Architecture & Components
• Scenarios
• Technical solutions
• Conclusions & Next Steps
- 20. © 2016 – The symbIoTe Consortium20
• Implementation of security components in the
symbIoTe ecosystem
• Technical solutions for
– Token format (JWT, Macaroons, etc.)
– Challenge-response procedure
– Check revocation procedure
– Policy and ABAC
• Anomaly detection
– monitoring suspicious behavior
– mitigating security threats
– detection of malicious sensors/ apps/ platforms
Conclusions & Next Steps