TY - GEN
T1 - CoAP option for capability-based access control for IoT-applications
AU - Chen, Borting
AU - Güneş, Mesut
AU - Huang, Yu-Lun
N1 - Publisher Copyright:
Copyright © 2016 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.
PY - 2016
Y1 - 2016
N2 - Access control is critical for many applications of the Internet of Things (IoT) since the owner of an IoT device (and application) may only permit one user to access a subset of the resources of the device. To provide access control for an IoT network, recent work adopted the capability-based access control (CBAC) model, which allows an IoT device to decide on the authorization by itself based on a capability token. However, the existing approaches based on CBAC directly attach the capability token at the end of CoAP when sending a request message. For the receiver, it is not easy to retrieve the capability token from the request message if the CoAP payload is present, because CoAP does not have a length field to indicate the size of its payload. To counter this problem, we propose a CoAP option, Cap-Token, to encapsulate a capability token when sending request messages. Because a CoAP option is independent from other CoAP fields, a receiver can get the capability token from the Cap-Token option of the request message without ambiguity. We also provide a compression mechanism to reduce the size of the Cap-Token option. Our evaluation shows that the compression mechanism can save the size of the option by 60%. Adding a compressed Cap-Token option to a request message increases the IP datagram size by 45 bytes, which is only 41% of the increase when directly attaching the capability token at the end of CoAP.
AB - Access control is critical for many applications of the Internet of Things (IoT) since the owner of an IoT device (and application) may only permit one user to access a subset of the resources of the device. To provide access control for an IoT network, recent work adopted the capability-based access control (CBAC) model, which allows an IoT device to decide on the authorization by itself based on a capability token. However, the existing approaches based on CBAC directly attach the capability token at the end of CoAP when sending a request message. For the receiver, it is not easy to retrieve the capability token from the request message if the CoAP payload is present, because CoAP does not have a length field to indicate the size of its payload. To counter this problem, we propose a CoAP option, Cap-Token, to encapsulate a capability token when sending request messages. Because a CoAP option is independent from other CoAP fields, a receiver can get the capability token from the Cap-Token option of the request message without ambiguity. We also provide a compression mechanism to reduce the size of the Cap-Token option. Our evaluation shows that the compression mechanism can save the size of the option by 60%. Adding a compressed Cap-Token option to a request message increases the IP datagram size by 45 bytes, which is only 41% of the increase when directly attaching the capability token at the end of CoAP.
KW - Capability-based access control
KW - Internet of Things
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=84979527200&partnerID=8YFLogxK
U2 - 10.5220/0005950902660274
DO - 10.5220/0005950902660274
M3 - Conference contribution
AN - SCOPUS:84979527200
T3 - IoTBD 2016 - Proceedings of the International Conference on Internet of Things and Big Data
SP - 266
EP - 274
BT - IoTBD 2016 - Proceedings of the International Conference on Internet of Things and Big Data
A2 - Ramachandran, Muthu
A2 - Wills, Gary
A2 - Walters, Robert
A2 - Munoz, Victor Mendez
A2 - Chang, Victor
PB - SciTePress
T2 - International Conference on Internet of Things and Big Data, IoTBD 2016
Y2 - 23 April 2016 through 25 April 2016
ER -