Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Attribute-based Access Control scheme in federated IoT platforms

584 views

Published on

Presentation on Attribute-based Access Control scheme during the InterOSS-IoT 2016 workshop, collocated with IoT 2016, 7 Nov. Stuttgart

  • Be the first to comment

Attribute-based Access Control scheme in federated IoT platforms

  1. 1. © 2016 – The symbIoTe Consortium Attribute-based Access Control scheme in federated IoT platforms symbIoTe Savio Sciancalepore, Michal Pilc, Svenja Schröder, Giuseppe Bianchi, Gennaro Boggia, Marek Pawlowski, Giuseppe Piro, Marcin Plóciennik and Hannes Weisgrab 2nd Workshop on Interoperability and Open-Source Solutions for the IoT, 07/11/2016, Stuttgart
  2. 2. © 2016 – The symbIoTe Consortium2 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps Outline
  3. 3. © 2016 – The symbIoTe Consortium3 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  4. 4. © 2016 – The symbIoTe Consortium4 • symbIoTe H2020 EU project: symbiosis of smart objects across IoT environments • interoperability and mediation framework for the collaboration of vertical IoT platforms SymbIoTe scenario
  5. 5. © 2016 – The symbIoTe Consortium5 • authentication and authorization – decoupling logic – offline platforms • flexible security policies • revocation and expiration of access rights • delegation of access rights • user privacy, data anonymization • OWASP secure coding rules Security requirements
  6. 6. © 2016 – The symbIoTe Consortium6 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  7. 7. © 2016 – The symbIoTe Consortium7 Related work
  8. 8. © 2016 – The symbIoTe Consortium8 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  9. 9. © 2016 – The symbIoTe Consortium9 Baseline System Architecture
  10. 10. © 2016 – The symbIoTe Consortium10 Core AAM • Authentication of components/ and applications registered in the mediator • Release of (authenticated/trusted) core tokens storing attributes at the mediator side • Management of asynchronous core token revocation • Core Tokens cryptography validation through challenge-response • Attributes mapping function
  11. 11. © 2016 – The symbIoTe Consortium11 Platform AAM • Authentication of components/ and applications registered in the IoT platform • Release of (authenticated/trusted) home tokens storing attributes in the IoT platform • Management of asynchronous home token revocation • Home Tokens cryptography validation through challenge-response • Attributes mapping function
  12. 12. © 2016 – The symbIoTe Consortium12 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  13. 13. © 2016 – The symbIoTe Consortium13 Scenarios • Scenario #1: application is registered with an IoT platform and would access to resources exposed by the same IoT platform • Scenario #2: application is registered with symbIoTe and wants to access to resources exposed by a federated platform • Scenario #3: application is registered with one or more federated platforms and would access to resources exposed elsewhere (multi- domain access rights composition)
  14. 14. © 2016 – The symbIoTe Consortium14 Scenario #1
  15. 15. © 2016 – The symbIoTe Consortium15 Scenario #2
  16. 16. © 2016 – The symbIoTe Consortium16 Scenario #3
  17. 17. © 2016 – The symbIoTe Consortium17 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  18. 18. © 2016 – The symbIoTe Consortium18 Macaroons & JWTs • Macaroons: distributed authorization in the cloud • JSON Web Tokens(JWTs): online purchasing
  19. 19. © 2016 – The symbIoTe Consortium19 • SymbIoTe scenario and Requirements • Related work • Baseline Architecture & Components • Scenarios • Technical solutions • Conclusions & Next Steps
  20. 20. © 2016 – The symbIoTe Consortium20 • Implementation of security components in the symbIoTe ecosystem • Technical solutions for – Token format (JWT, Macaroons, etc.) – Challenge-response procedure – Check revocation procedure – Policy and ABAC • Anomaly detection – monitoring suspicious behavior – mitigating security threats – detection of malicious sensors/ apps/ platforms Conclusions & Next Steps
  21. 21. © 2016 – The symbIoTe Consortium Thank you! Questions? savio.sciancalepore@poliba.it

×