Limits...
Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

Hernández-Ramos JL, Bernabe JB, Moreno MV, Skarmeta AF - Sensors (Basel) (2015)

Bottom Line: This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography.The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities.Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

View Article: PubMed Central - PubMed

Affiliation: Department of Information and Communications Engineering, Computer Science Faculty, University of Murcia, Murcia 30100, Spain. jluis.hernandez@um.es.

ABSTRACT
As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

No MeSH data available.


Identity-Based Encryption (IBE)-based Anonymous DCapBAC interactions.
© Copyright Policy
Related In: Results  -  Collection

License
getmorefigures.php?uid=PMC4541847&req=5

f3-sensors-15-15611: Identity-Based Encryption (IBE)-based Anonymous DCapBAC interactions.

Mentions: Figure 3 shows the main interactions of the IBE-based Anonymous DCapBAC approach. Firstly, during the provisioning stage (1–7 messages), the Subject entity requests an Anonymous DCapBAC Token to the Capability Manager by using CoAP, and specifying the action and the target resource for which it requests such credential. However, before sending this request, a secure channel is established between both entities through DTLS with certificate-based mutual authentication. Specifically, we assume that the certificate of the Subject entity contains a set of identity attributes (e.g., manufacturer or device class), as part of the subjectDirectoryAttributes extension within an X.509 certificate [62]. Optionally, attribute certificates [63] could be employed together identity certificates for the token generation stage, including additional attributes for authorization purposes. These attributes, along with the action and resource specified in the CoAP request, are used by the Capability Manager to build a XACML request, which is sent to the PDP within the body of an HTTP request. Then, this request is evaluated against the set of XACML policies contained in the PDP and, as a result, an authorization decision is sent back. In the case of a “Permit” decision, the Capability Manager's task is twofold: first, it generates an Anonymous DCapBAC token ADT under the format described in the previous section. In particular, this credential uses the ps field with a randomly generated pseudonym value. Furthermore, the Capability Manager generates an IBE key associated to such pseudonym by using the Extract algorithm, which was described in Section 2.2.2 as follows:{MSK,params,pseudonym}→SKpseudonym


Preserving Smart Objects Privacy through Anonymous and Accountable Access Control for a M2M-Enabled Internet of Things.

Hernández-Ramos JL, Bernabe JB, Moreno MV, Skarmeta AF - Sensors (Basel) (2015)

Identity-Based Encryption (IBE)-based Anonymous DCapBAC interactions.
© Copyright Policy
Related In: Results  -  Collection

License
Show All Figures
getmorefigures.php?uid=PMC4541847&req=5

f3-sensors-15-15611: Identity-Based Encryption (IBE)-based Anonymous DCapBAC interactions.
Mentions: Figure 3 shows the main interactions of the IBE-based Anonymous DCapBAC approach. Firstly, during the provisioning stage (1–7 messages), the Subject entity requests an Anonymous DCapBAC Token to the Capability Manager by using CoAP, and specifying the action and the target resource for which it requests such credential. However, before sending this request, a secure channel is established between both entities through DTLS with certificate-based mutual authentication. Specifically, we assume that the certificate of the Subject entity contains a set of identity attributes (e.g., manufacturer or device class), as part of the subjectDirectoryAttributes extension within an X.509 certificate [62]. Optionally, attribute certificates [63] could be employed together identity certificates for the token generation stage, including additional attributes for authorization purposes. These attributes, along with the action and resource specified in the CoAP request, are used by the Capability Manager to build a XACML request, which is sent to the PDP within the body of an HTTP request. Then, this request is evaluated against the set of XACML policies contained in the PDP and, as a result, an authorization decision is sent back. In the case of a “Permit” decision, the Capability Manager's task is twofold: first, it generates an Anonymous DCapBAC token ADT under the format described in the previous section. In particular, this credential uses the ps field with a randomly generated pseudonym value. Furthermore, the Capability Manager generates an IBE key associated to such pseudonym by using the Extract algorithm, which was described in Section 2.2.2 as follows:{MSK,params,pseudonym}→SKpseudonym

Bottom Line: This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography.The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities.Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

View Article: PubMed Central - PubMed

Affiliation: Department of Information and Communications Engineering, Computer Science Faculty, University of Murcia, Murcia 30100, Spain. jluis.hernandez@um.es.

ABSTRACT
As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.

No MeSH data available.