ENABLING ATTRIBUTE BASED ACCESS CONTROL WITHIN THE INTERNET OF THINGS (IOT)

Abstract

With the wide-scale development of the Internet of Things (IoT) and the usage of low-powered devices (sensors) together with smart devices, numerous people are using IoT systems in their homes and businesses to have more control over their technology. Unfortunately, some users of IoT systems that are controlled by a mobile application do not have a high level of data protection to respond in case the device is lost, stolen, or used by one of the owner’s friends or family members. The problem studied in this research is how to apply one of access control methods an IoT system whether they are stored locally on a sensor or on a cloud. To solve the problem, an attribute-based access control (ABAC) mechanism is applied to give the system the ability to apply policies to detect any unauthorized entry by evaluating some of the users’ attributes: the accessed time, the device media access control address (MAC address), the username, and password. Finally, a prototype was built to test the proposed solution in two ways; one is locally on a low-powered device, the second using cloud platform for the data storage. To evaluate both the prototype implementation, this research had an evaluation plan to mimic the real-world interactions by obtaining the response times when different numbers of requests sent from diverse numbers of users in different delays. The evaluation results showed that the first implementation was noticeably faster than the second implementation.