KIPS Transactions on Software and Data Engineering (정보처리학회논문지:소프트웨어 및 데이터공학)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

The Access Control Platform of the IoT Service Using the CapSG

CapSG를 이용한 IoT 서비스 접근제어 플랫폼

  • 김진보 (목포대학교 정보보호기술학협동과정) ;
  • 장데레사 (목포대학교 정보보호기술학협동과정) ;
  • 김미선 (목포대학교 정보보호학과) ;
  • 서재현 (목포대학교 정보보호학과)
  • Received : 2015.07.23
  • Accepted : 2015.08.27
  • Published : 2015.09.30
Download PDF
⟨ Previous Next ⟩

Abstract

There is great need for efficient user rights management method to provide a flexible service on variety protocols, domains, applications of IoT environments. In this paper, we propose a IoT service platform with CapSG to provide efficient access control for IoT various services of the environment. CapSG uses a token including authentication and access rights to perform authentication and access control service entity providing services. In addition, the generated token for service management, delegation, revocation, and provides a function such as denied. Also, it provides functions such as generation, delegation, disposal and rejection for service token management. In this paper, it provides the flexibility and efficiency of the access control for various services require of the IoT because of it is available to access control specific domain service by using the token group for each domain and is designed to access control using specific service token of tokens group.

사물인터넷(Internet of Things, IoT) 환경의 다양한 프로토콜, 도메인, 애플리케이션 위에서 유연한 서비스 제공을 위한 효율적인 사용자 권한 관리 방법이 필요하다. 본 논문은 IoT 환경의 다양한 서비스에 대한 효율적인 접근제어를 제공하기 위하여 CapSG(Capability Service Gateway)를 이용한 IoT 서비스 플랫폼을 제안하였다. CapSG는 인증과 접근 권한을 포함하는 토큰을 사용하여, 서비스 주체에 대한 인증 및 접근제어를 수행하여 서비스를 제공한다. 또한, 서비스 토큰 관리를 위한 생성, 위임, 폐기, 거절 등의 기능을 제공한다. 본 논문은 각 도메인에 대한 토큰 그룹을 사용함으로써 도메인별 서비스 접근제어가 가능하며, 토큰 그룹 내의 특정 서비스 토큰을 이용한 접근제어 수행도 가능하도록 설계하여 IoT의 다양한 서비스 요구에 대한 접근제어의 유연성과 효율성을 제공한다.

Keywords

References

  1. L Sancheza, L Munoza, Jose Antonio Galachea, P Sotresa, J R. Santanaa, V Gutierreza, R Ramdhanyb, A Gluhakc, S Krcod, E Theodoridise, and D Pfistererf, "SmartSantander: IoT experimentation over a smart city testbed," Computer Networks, Vol.61, pp.217-238, 2014. https://doi.org/10.1016/j.bjp.2013.12.020
  2. L Atzoria, A Ierab, and G Morabito, "The internet of things: A survey," Computer Networks, Vol. 4, Issue.15, pp.2787-2805, 2010.
  3. Rolf H. Weber, "Internet of Things-New security and privacy challenges," Computer Law & Security Review, Vol. 26, Issue.1, pp.23-30, 2010. https://doi.org/10.1016/j.clsr.2009.11.008
  4. S. Gusmeroli, S. Piccione, and D. Rotondi, "IoT access control issues: a capability based approach," IMIS-2012, pp.787-792, 2012.
  5. Bum-Ki Lee, Mi-Sun Kim, and Jae-Hyun Seo, "Design and Implementation of The Capability Token based Access Control System in the Internet of Things," Journal of The Korea Institute of Information Security & Cryptology, Vol.25, No.2, pp.439-448, 2015. https://doi.org/10.13089/JKIISC.2015.25.2.439
  6. Romuald Thion, "Access Control Models," in Cyber Warfare and Cyber Terrorism, Hershey, pp.318-326, 2008.
  7. Pierangela Samarati and Sabrina De Capitani di Vimercati, "Access Control: Policies, Models, and Mechanisms," in Foundations of Security Analysis and Design, pp.137-196, 2001.
  8. Chao Lee, Yunchuan Guo, and Lihua Yin, "A Location Temporal based Access Control Model for IoTs," AASRI Procedia, Vol.5, pp.15-20, 2013. https://doi.org/10.1016/j.aasri.2013.10.053
  9. Sergio Gusmeroli, Salvatore Piccione, and Domenico Rotondi, "A capability-based security approach to manage access control in the Internet of Things," Mathematical and Computer Modelling, Vol.58, pp.1189-1205, 2013. https://doi.org/10.1016/j.mcm.2013.02.006
  10. Jose L. Hernandez-Ramos, Antonio J. Jara, Leandro Marin, and Antonio F. Skarmetal, "Distributed Capabilitybased Access Control for the Internet of Things," Journal of Internet Services and Information Security, Vol.3, Num.3/4, pp.1-16, 2013. https://doi.org/10.22667/JISIS.2013.11.31.001
  11. L. Fang, D. Gannon, and F. Siebenlist, "XPOLA-an extensible capability based authorization infrastructure for grids," 4th Annual PKI R&D Workshop, pp.30-40, 2005.
  12. Mark S. Miller, Ka-Ping Yee, and J. Shapiro, "Capability Myths Demolished," Systems Research Laboratory, Johns Hopkins University, Tech.Report SRL 2003-02, 2003.