Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things

Melike Burakgazi Bilgen, Kemal Bicakci

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Citations (Scopus)

Abstract

Internet of Things (IoT) brings not only wide range of opportunities but also security and privacy concerns. Consisting of many connected devices used in a highly interactive way, one of the main security concerns in IoT is unauthorized access. Traditional access control models do not support dynamic and fine-grained access control policies. Attribute-Based Access Control (ABAC) model is usually considered the most satisfactory access control model for running IoT applications. In this paper, we propose to take into the user authentication matching score obtained from a biometric authentication system consideration during making access control decisions. We emphasize the need of fine-grained access control and suggest to create access control policies per functionality of the device instead of per device regarding to the least privilege principle of information security. We give full or partial permission to certain functionalities of the IoT devices based on the user's authentication matching score thus provide more fine-grained and powerful access control mechanism. We present an extended Attribute-Based Access Control model that includes the assurance level of user authentication in access control policies and partially or fully permit the request accordingly.

Original languageEnglish
Title of host publication2020 International Conference on Information Security and Cryptology, ISCTURKEY 2020 - Proceedings
EditorsSeref Sagiroglu, Sedat Akleylek, Ferruh Ozbudak, Yavuz Canbay
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages48-55
Number of pages8
ISBN (Electronic)9781665418638
DOIs
Publication statusPublished - 3 Dec 2020
Externally publishedYes
Event13th International Conference on Information Security and Cryptology, ISCTURKEY 2020 - Virtual, Ankara, Turkey
Duration: 3 Dec 20204 Dec 2020

Publication series

Name2020 International Conference on Information Security and Cryptology, ISCTURKEY 2020 - Proceedings

Conference

Conference13th International Conference on Information Security and Cryptology, ISCTURKEY 2020
Country/TerritoryTurkey
CityVirtual, Ankara
Period3/12/204/12/20

Bibliographical note

Publisher Copyright:
© 2020 IEEE.

Fingerprint

Dive into the research topics of 'Extending Attribute-Based Access Control Model with Authentication Information for Internet of Things'. Together they form a unique fingerprint.

Cite this