ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

Ko, H., Jin, J. and Keoh, S. L. (2017) ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability. In: 3rd ACM Cyber-Physical System Security Workshop (CPSS), Abu Dhabi, UAE, 02 Apr 2017, pp. 69-80. ISBN 9781450349567 (doi:10.1145/3055186.3055194)

[img]
Preview
Text
138151.pdf - Accepted Version

3MB

Abstract

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos.

Item Type:Conference Proceedings
Status:Published
Refereed:Yes
Glasgow Author(s) Enlighten ID:Keoh, Dr Sye Loong
Authors: Ko, H., Jin, J., and Keoh, S. L.
College/School:College of Science and Engineering > School of Computing Science
ISBN:9781450349567
Copyright Holders:Copyright © 2017 ACM
First Published:First published in CPSS '17 Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security: 69-80
Publisher Policy:Reproduced in accordance with the publisher copyright policy

University Staff: Request a correction | Enlighten Editors: Update this record