Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT

Sophie Dramé-Maigné; Maryline Laurent; Laurent Castillo; Hervé Ganem

doi:10.1145/3465170

Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT

Sophie Dramé-Maigné
, Maryline Laurent
, Laurent Castillo
, Hervé Ganem

Research output: Contribution to journal › Article › peer-review

Abstract

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Original language	English
Article number	138
Journal	ACM Computing Surveys
Volume	54
Issue number	7
DOIs	https://doi.org/10.1145/3465170
Publication status	Published - 30 Sept 2022

Keywords

Access control
Internet of Things
IoT
security
survey

Access to Document

10.1145/3465170

Cite this

@article{23d86a7304af4e10a2264cdaf65237c4,

title = "Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT",

abstract = "The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.",

keywords = "Access control, Internet of Things, IoT, security, survey",

author = "Sophie Dram{\'e}-Maign{\'e} and Maryline Laurent and Laurent Castillo and Herv{\'e} Ganem",

note = "Publisher Copyright: {\textcopyright} 2021 ACM.",

year = "2022",

month = sep,

day = "30",

doi = "10.1145/3465170",

language = "English",

volume = "54",

journal = "ACM Computing Surveys",

issn = "0360-0300",

number = "7",

}

TY - JOUR

T1 - Centralized, Distributed, and Everything in between

T2 - Reviewing Access Control Solutions for the IoT

AU - Dramé-Maigné, Sophie

AU - Laurent, Maryline

AU - Castillo, Laurent

AU - Ganem, Hervé

PY - 2022/9/30

Y1 - 2022/9/30

N2 - The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

AB - The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

KW - Access control

KW - Internet of Things

KW - IoT

KW - security

KW - survey

U2 - 10.1145/3465170

DO - 10.1145/3465170

M3 - Article

AN - SCOPUS:85115446765

SN - 0360-0300

VL - 54

JO - ACM Computing Surveys

JF - ACM Computing Surveys

IS - 7

M1 - 138

ER -

Centralized, Distributed, and Everything in between: Reviewing Access Control Solutions for the IoT

Abstract

Keywords

Access to Document

Fingerprint

Cite this