CoAP Option for Capability-Based Access Control for IoT-Applications

Borting Chen, Mesut Güneş, Yu-Lun Huang

Abstract

Access control is critical for many applications of the Internet of Things (IoT) since the owner of an IoT device (and application) may only permit one user to access a subset of the resources of the device. To provide access control for an IoT network, recent work adopted the capability-based access control (CBAC) model, which allows an IoT device to decide on the authorization by itself based on a capability token. However, the existing approaches based on CBAC directly attach the capability token at the end of CoAP when sending a request message. For the receiver, it is not easy to retrieve the capability token from the request message if the CoAP payload is present, because CoAP does not have a length field to indicate the size of its payload. To counter this problem, we propose a CoAP option, Cap-Token, to encapsulate a capability token when sending request messages. Because a CoAP option is independent from other CoAP fields, a receiver can get the capability token from the Cap-Token option of the request message without ambiguity. We also provide a compression mechanism to reduce the size of the Cap-Token option. Our evaluation shows that the compression mechanism can save the size of the option by 60%. Adding a compressed Cap-Token option to a request message increases the IP datagram size by 45 bytes, which is only 41% of the increase when directly attaching the capability token at the end of CoAP.

References

  1. Alghamdi, T., Lasebae, A., and Aiash, M. (2013). Security Analysis of the Constrained Application Protocol in the Internet of Things. In Second International Conference on Future Generation Communication Technology, pages 163-168.
  2. Dworkin, M. (2007). Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. Technical report, National Institute of Standards and Technology.
  3. Granjal, J., Monteiro, E., and Sa Silva, J. (2015). Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues. IEEE Communications Surveys Tutorials, 17(3):1294-1312.
  4. Gusmeroli, S., Piccione, S., and Rotondi, D. (2013). A Capability-based Security Approach to Manage Access Control in the Internet of Things. Mathematical and Computer Modelling, 58:1189-1205.
  5. LocationHernández-Ramos, J. L., Jara, A. J., Marín, L., and Skarmeta, A. F. (2013). Distributed Capability-based Access Control for the Internet of Things. Journal of Internet Services and Information Security, 3:1-16.
  6. Hui, J. W. and Thubert, P. (2011). Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks. RFC 6282.
  7. Hui, J. W. and Vasseur, J. (2012). The Routing Protocol for Low-Power and Lossy Networks (RPL) Option for Carrying RPL Information in Data-Plane Datagrams. RFC 6553.
  8. Mahalle, P., Anggorojati, B., Prasad, N., and Prasad, R. (2012a). Identity Driven Capability based Access Control (ICAC) Scheme for the Internet of Things. In 2012 IEEE International Conference on Advanced Networks and Telecommunications Systems, pages 49-54.
  9. Mahalle, P., Anggorojati, B., Prasad, N., and Prasad, R. (2012b). Identity Establishment and Capability based Access Control (IECAC) Scheme for Internet of Things. In 15th International Symposium on Wireless Personal Multimedia Communications (WPMC), pages 187-191.
  10. Montenegro, G., Kushalnagar, N., Hui, J. W., and Culler, D. E. (2007). Transmission of IPv6 Packets over IEEE 802.15.4 Networks. RFC 4944.
  11. Nguyen, K. T., Laurent, M., and Oualha, N. (2015). Survey on Secure Communication Protocols for the Internet of Things. Ad Hoc Networks, 32:17-31.
  12. Pereira, P., Eliasson, J., and Delsing, J. (2014). An Authentication and Access Control Framework for CoAPbased Internet of Things. In 40th Annual Conference of the IEEE Industrial Electronics Society, pages 5293-5299.
  13. Rescorla, E. and Modadugu, N. (2012). Datagram Transport Layer Security Version 1.2. RFC 6347.
  14. Roman, R., Zhou, J., and Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10):2266- 2279.
  15. Seitz, L. and Gerdes, S. (2015). Use Cases for Authentication and Authorization in Constrained Environments. IETF Draft.
  16. Seitz, L., Selander, G., and Gehrmann, C. (2013). Authorization Framework for the Internet-of-Things. In 14th IEEE International Symposium and Workshops on a World of Wireless, Mobile and Multimedia Networks, pages 1-6.
  17. Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP). RFC 7252.
Download


Paper Citation


in Harvard Style

Chen B., Güneş M. and Huang Y. (2016). CoAP Option for Capability-Based Access Control for IoT-Applications . In Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD, ISBN 978-989-758-183-0, pages 266-274. DOI: 10.5220/0005950902660274


in Bibtex Style

@conference{iotbd16,
author={Borting Chen and Mesut Güneş and Yu-Lun Huang},
title={CoAP Option for Capability-Based Access Control for IoT-Applications},
booktitle={Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD,},
year={2016},
pages={266-274},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005950902660274},
isbn={978-989-758-183-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Internet of Things and Big Data - Volume 1: IoTBD,
TI - CoAP Option for Capability-Based Access Control for IoT-Applications
SN - 978-989-758-183-0
AU - Chen B.
AU - Güneş M.
AU - Huang Y.
PY - 2016
SP - 266
EP - 274
DO - 10.5220/0005950902660274