Distributed Capability-based Access Control for the Internet of Things

The evolution of the Internet towards the Internet of Things is being deployed in emerging cyberphysical systems such as access control solutions, alert networks, building automation, and the extension of all these systems into Smarter Cities. This extension and proliferation of the technology in our lives is also presenting security challenges, since the unexpected leaks of information, and illegitimate access to data and physical systems could present a high impact in our lives. This work proposes a cryptographic solution against insider threats through a distributed capability-based access control. This access control solution supports the management of certificates, authentication, and authorization processes. The capability-based approach offers benefits in terms of distributed management, support for delegation, traceability of the access, authentication chains to extend scalability and support of standard certificates based on Elliptic Curve Cryptography (ECC). Specifically, it has been designed a capability token for CoAP Resources, which is signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) in order to ensure end-to-end authentication, integrity and non-repudiation. This distributed solution allows the deployment of scenarios without the intervention of any intermediate entity, a distributed scenario with end-to-end access control validation has been implemented, deployed, and evaluated based on the Jennic/NXP JN5139 module. The results obtained through our experiments demonstrate the feasibility of the proposed approach, in numbers, this has required an average of 480 ms to carry out all the validation process (included signature validation in the smart objects).