FECAC: Fine-Grained and Efficient Capability-Based Access Control for Enterprise-Scale IoT Systems

Qiong Wang*, Xia Feng, Liangmin Wang, Haiqin Wu, Boris Düdder

*Corresponding author for this work

Research output: Contribution to journalJournal articleResearchpeer-review

1 Downloads (Pure)

Abstract

In enterprise-scale Internet of Things, users need to query data by accessing the resource-constrained smart nodes. Such queries typically include Data from One Node (DON), and Data from One Catalog of multiple nodes (DOC). Traditional access control mechanisms often prove inadequate due to the lack of efficient policy management. Their authorization time for queries is linear with respect to the number of access control rules in the policy, which greatly impedes access granularity, efficiency, and scale. To address this issue, we propose FECAC, a fine-grained and efficient capability-based access control mechanism for DON and DOC access queries. Specifically, FECAC builds a policy matching tree structure by translating the rule into matching properties in the tree node, which avoids authorizing queries by traversing the entire rule collection. We then introduce an authorization scheme to match the elements of access requests in a top-down manner, and check the rules with the internal properties of the data queries sub-linearly, which efficiently combines the requests of DOC and DON. Further, we give a concrete operation of FECAC from query authorization scheme to execute data querying based on capabilities. Finally, we demonstrate the improved and more stable evaluation efficiency of FECAC compared to existing schemes.

Original languageEnglish
JournalIEEE Internet of Things Journal
Number of pages15
ISSN2327-4662
DOIs
Publication statusE-pub ahead of print - 2024

Bibliographical note

Publisher Copyright:
© 2014 IEEE.

Keywords

  • access control
  • access granularity
  • Internet of Things
  • policy matching tree
  • resource-constrained

Cite this