Research On Security Attribute-Based Access Control In The Internet Of Things

With the development and application of the Internet of Things, this kind ofnetwork makes the mode of communication between things more flexible and makespeople’s lives more convenient. At the same time, there are many new securityproblems coming with the application of the Internet of Things. At present, thesecurity issues have become the key factors which restrict the development andpopularization of Internet of Things.In IOT environment, hundreds of millions of things are connected togetherthrough the wireless sensor technology like RFID, compared with traditional wirenetwork, There are large numbers of nodes in IOT and they are various, lowintelligence, have complexity level and usually do not have any self-protectionequipment. So the attackers can easily connect to the terminal devices and then attackthe network, such as get the identity and password information of the users, cloningattacks and collusion attacks. On the other hand, the nodes of IOT are often deployedin unattended and uncontrollable non-secure environment, this makes the nodes arevulnerable to physical damage, like the terminal devices are stolen or abused. So thesecurity access control mechanism of IOT is so important that it can provide safeaccess for large-scale users in IOT. Role-Based Access Control mechanism and itsextensions are mainly used in traditional network. In RBAC model, all users must beassigned by corresponding roles, but it is difficult to grant roles for such a largenumber of users in IO. According to the characteristics of the Internet of Things, weneed seeking some new access control mechanisms so as to achieve safe andfine-grained access control in IOT.Cipher mechanism is the foundation of access control and it plays a importantrole on ensuring the security of data transmission in IOT. Due to The communicationin IOT is always between humans and things or only between things, the nodes inperception layer can be anything. It makes the nodes isomerous and most of themhave no ability on computing. So the encryption algorithm of IOT not only need to meet the confidentiality requirements of the data, but also meet the calculationcapacity of the node in the encryption and decryption process. Therefore, seeking fora secure and lightweight cipher mechanism in the IOT environment is quite necessary.According to the above problems, this paper mainly work on the followingissues:1. Based on the analysis of the inadaptability of traditional access control modelin IOT, we choose Attribute-Based Access Control(ABAC) model as the accesscontrol mechanism in the Internet of things. According to the range of theenvironment has an important impact on the access between the nodes, in this paper,the access control policy is defined as four elements: subject, object, environment,operating. we also make extension above ABAC model adding environmentalattributes to the IOT ABAC model. At the same time, in order to meet the needs ofcross-domain access in Internet of things, this paper presents an IOT of cross-domainaccess model. We add an domain-decision system on access control server to selectthe right domain for an access request so as to make the information interaction moreconvenient between different domains.2. After studying the key management method on the basis of the ABAC accessframework in the Internet of things. We use Ciphertext Policy Attribute-BasedEncryption (CP-ABE) algorithm application and make improve on the accessstructure by using disjunctive normal form(DNF) trees instead of traditional AND/ORtree. Since all the leaf nodes of DNF trees are in the same layer, compared withtraditional access trees, DNF structure makes the encryption algorithm morelightweight and reduces the computational overhead of IOT nodes.3. We take simulation experiment and analysis the capability of the newattribute-based access control model. We also make efficiency test about encryptionalgorithm function. Then we get the conclusion, this new method has goodapplicability in the environment of IOT. The DNF access structure we use in thispaper can reduce the computational burden of the nodes a lot.