Semantic-Driven Access Control for IoT Systems

Year 2023, Volume: 7 Issue: 2, 61 - 67, 19.12.2023

Aytuğ Türkmen Özgü Can

Abstract

Internet of Things (IoT) is growing and affecting various industries significantly. The amount of sensitive data collected and processed by these devices has raised concerns. Ensuring access control becomes even more crucial in IoT systems due, to their networked devices that operate independently. Because IoT environments are diverse and constantly changing traditional access control methods often fall short. In this context incorporating Semantic Web technologies emerges as an approach to enhance the adaptability and intelligence of access control systems. The implementation of comprehensive access control measures is essential in environments where there are a lot of interconnected IoT devices. Access control policies that are traditionally built for established identities and roles have difficulties in accommodating the dynamic characteristics of the IoT. It is evident that the establishment of predetermined policies is not feasible, as novel circumstances would invariably necessitate customized policy approaches. In light of the mentioned challenges the main focus of this paper is to provide a comprehensive understanding of access control principles specifically tailored to the IoT domain. The goal of this study is to identify the challenges associated with access control in the IoT. Furthermore, we aim to outline a roadmap for research, on developing access control mechanisms that incorporate semantic awareness within the IoT domain. The study explores semantic-based access control solutions for IoT based on this point. The Semantic Web-based access control emphasizes the use of ontologies and semantic reasoning to generate contextually aware and adaptable access control policies. In this study, we present how Semantic Web influence access control decisions in various settings where IoT devices operate. Furthermore, the paper discusses IoT-specific access control challenges. Besides, the importance of using Semantic Web technologies to enhance access control is emphasized. This paper acts as a reference aiming to guide future efforts in developing a policy management system that can adapt more effectively to the ever-changing IoT landscape.

Keywords

Internet of Things (IoT), Access Control, Ontology, Semantic Web, Semantic Reasoning

References

• [1] T. Guarda et al., "Internet of Things challenges," 2017 12th Iberian Conference on Information Systems and Technologies (CISTI), Lisbon, Portugal, 2017, pp. 1-4, doi: 10.23919/CISTI.2017.7975936.
• [2] R. Stojanov, V. Zdraveski, and D. Trajanov, "Challenges and opportunities in applying semantics to improve access control in the field of internet of things," in Electronics ETF, 2018.
• [3] Y. Dong, K. Wan, X. Huang and Y. Yue, "Contexts-States-Aware Access Control for Internet of Things," 2018 IEEE 22nd International Conference on Computer Supported Cooperative Work in Design ((CSCWD)), Nanjing, China, 2018, pp. 666-671, doi: 10.1109/CSCWD.2018.8465364.
• [4] K. Ragothaman et al., "Access control for IoT: A survey of existing research, dynamic policies and future directions," Sensors, vol. 23, no. 4, pp. 1805, 2023.
• [5] I. F. Siddiqui and S. U.-J. Lee, "Access control as a service for information protection in semantic web based smart environment," Journal of Internet Computing and Services, vol. 17, no. 5, pp. 9-16, 2016.
• [6] O. Can, "The security and privacy aspects in semantic web enabled IoT-based healthcare information systems," in Semantic Models in IoT and Ehealth Applications, 2022, pp. 89-116.
• [7] R. Mishra and R. Yadav, "Access control in IoT networks: analysis and open challenges," in Proceedings of the International Conference on Innovative Computing & Communications (ICICC), 2020.
• [8] I. Ali, S. Sabir, and Z. Ullah, "Internet of things security, device authentication and access control: a review," arXiv preprint arXiv:1901.07309, 2019.
• [9] Y. Song et al., "IoT device fingerprinting for relieving pressure in the access control," in Proceedings of the ACM Turing Celebration Conference-China, 2019.
• [10] C. Dukkipati, Y. Zhang, and L. C. Cheng, "Decentralized, blockchain based access control framework for the heterogeneous internet of things," in Proceedings of the Third ACM Workshop on Attribute-Based Access Control, 2018.
• [11] A. Patel and S. Jain, "Present and future of semantic web technologies: a research statement," International Journal of Computers and Applications, vol. 43, no. 5, pp. 413-422, 2021.
• [12] M. Heydari, A. Mylonas, V. Katos, E. Balaguer-Ballester, V. H. F. Tafreshi and E. Benkhelifa, "A Location-Aware Authentication Model to Handle Uncertainty in IoT," 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS), Granada, Spain, 2019, pp. 43-50, doi: 10.1109/IOTSMS48152.2019.8939230.
• [13] H. F. Atlam et al., "Developing an adaptive Risk-based access control model for the Internet of Things," in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2017.
• [14] M. Dammak et al., "Decentralized lightweight group key management for dynamic access control in IoT environments," IEEE Transactions on Network and Service Management, vol. 17, no. 3, pp. 1742-1757, 2020.
• [15] I. S. Udoh and G. Kotonya, "Developing IoT applications: challenges and frameworks," IET Cyber‐Physical Systems: Theory & Applications, vol. 3, no. 2, pp. 65-72, 2018.
• [16] J. L. Hernández-Ramos et al., "Distributed capability-based access control for the internet of things," Journal of Internet Services and Information Security (JISIS), vol. 3, no. 3/4, pp. 1-16, 2013.
• [17] I. Satoh, "Context-aware access control model for services provided from cloud computing," in Intelligent Distributed Computing XI, pp. 285-295, 2018.
• [18] S. Ameer et al., "Bluesky: Towards convergence of zero trust principles and score-based authorization for iot enabled smart systems," in Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies, 2022.
• [19] S. Algarni et al., "Blockchain-based secured access control in an IoT system," Applied Sciences, vol. 11, no. 4, p. 1772, 2021.
• [20] L. M. Gebreamlak, "PKI: the key to Solving the Internet of Things security problem," Ph.D. dissertation, Naval Postgraduate School, Monterey, CA, 2020.
• [21] Q. Zhou, M. Elbadry, F. Ye and Y. Yang, "Heracles: Scalable, Fine-Grained Access Control for Internet-of-Things in Enterprise Environments," IEEE INFOCOM 2018 - IEEE Conference on Computer Communications, Honolulu, HI, USA, 2018, pp. 1772-1780, doi: 10.1109/INFOCOM.2018.8485944.
• [22] J. Qiu, Z. Tian, C. Du, Q. Zuo, S. Su and B. Fang, "A Survey on Access Control in the Age of Internet of Things," in IEEE Internet of Things Journal, vol. 7, no. 6, pp. 4682-4696, June 2020, doi: 10.1109/JIOT.2020.2969326.
• [23] P. Nagpal, D. Chaudhary, and J. Singh, "Knowing the unknown: Unshielding the mysteries of semantic web in health care domain," in ACI’21: Workshop on Advances in Computational Intelligence at ISIC 2021, 2021.
• [24] A. K. Goel, A. Rose, J. Gaur and B. Bhushan, "Attacks, Countermeasures and Security Paradigms in IoT," 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT), Kannur, India, 2019, pp. 875-880, doi: 10.1109/ICICICT46008.2019.8993338.
• [25] Heydari, Mohammad, et al. "Towards indeterminacy-tolerant access control in iot." Handbook of Big Data and IoT Security (2019): 53-71.
• [26] H. F. Atlam, A. Alenezi, R. J. Walters, G. B. Wills and J. Daniel, "Developing an Adaptive Risk-Based Access Control Model for the Internet of Things," 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter, UK, 2017, pp. 655-661, doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.103.
• [27] J. D. Poston et al., "Ontology-based reasoning for context-aware radios: insights and findings from prototype development," in First IEEE International Symposium on New Frontiers in Dynamic Spectrum Access Networks, 2005. DySPAN 2005., IEEE, 2005.
• [28] B. Bezawada, K. Haefner, and I. Ray, "Securing home IoT environments with attribute-based access control," in Proceedings of the Third ACM Workshop on Attribute-Based Access Control, 2018.
• [29] O. Can, "Semantic-Based Access Control for Data Resources," in Data Science with Semantic Technologies, CRC Press, 2023, pp. 179-198.
• [30] M. Ramalingam and R. M. S. Parvathi, "Secure Semantic Aware Middleware: a Security-Based Semantic Access Control for Web Services," International Review on Computers and Software (I. RE. CO. S.), vol. 8, no. 9, 2013.
• [31] F. Loukil, C. Ghedira-Guegan, K. Boukadi and A. N. Benharkat, "LIoPY: A Legal Compliant Ontology to Preserve Privacy for the Internet of Things," 2018 IEEE 42nd Annual Computer Software and Applications Conference (COMPSAC), Tokyo, Japan, 2018, pp. 701-706, doi: 10.1109/COMPSAC.2018.10322.
• [32] Compton, Michael, et al. "The SSN ontology of the W3C semantic sensor network incubator group." Journal of Web Semantics 17 (2012): 25-32.
• [33] C. Brewster et al., "Ontology-based access control for FAIR data," Data Intelligence, vol. 2, no. 1-2, pp. 66-77, 2020.
• [34] N. Takizaki, Y. Kido, Y. Masuda, Y. Toshima, M. Yamamoto and S. Shimojo, "Ontology-Based Access Control Framework for Smart Building IoT Devices," 2023 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, 2023, pp. 1-2, doi: 10.1109/ICCE56470.2023.10043384.
• [35] M. Lyazid, L. Lamri, and S. Lyazid, "XACML-based semantic rules language and ontological model for reconciling semantic differences of access control rules," Int. J. Ad Hoc Ubiquitous Comput., vol. 43, no. 1, pp. 1-17, 2023.
• [36] Kalaria, Rudri, et al. "Adaptive Context-Aware Access Control for Iot Environments Leveraging Fog Computing." Adaptive Context-Aware Access Control for Iot Environments Leveraging Fog Computing.
• [37] Ullah, Farhan, et al. "Semantic interoperability for big-data in heterogeneous IoT infrastructure for healthcare." Sustainable cities and society 34 (2017): 90-96.
• [38] D. Hästbacka and A. Zoitl, "Towards semantic self-description of industrial devices and control system interfaces," 2016 IEEE International Conference on Industrial Technology (ICIT), Taipei, Taiwan, 2016, pp. 879-884, doi: 10.1109/ICIT.2016.7474867.
• [39] Chaaya, Karam Bou, et al. "Context-aware system for dynamic privacy risk inference: Application to smart iot environments." Future Generation Computer Systems 101 (2019): 1096-1111.
• [40] A. Abelló et al., "Using Semantic Web Technologies for Exploratory OLAP: A Survey," in IEEE Transactions on Knowledge and Data Engineering, vol. 27, no. 2, pp. 571-588, 1 Feb. 2015, doi: 10.1109/TKDE.2014.2330822.
• [41] Noura, Mahda, Mohammed Atiquzzaman, and Martin Gaedke. "Interoperability in internet of things: Taxonomies and open challenges." Mobile networks and applications 24 (2019): 796-809.