Controle de Acesso à IoT Baseado na Percepção de Comunidade e Confiança Social Contra Ataques Sybil
Abstract
The evolution of IoT has allowed more personal devices to be connected and influenced by habits and behavior of the owners. Hence, these environments demand security for access control against intruders, which may compromise privacy or disrupt of the network operation, such as Sybil attacks. The advent of the Social IoT paradigm allows access control systems to aggregate community context and sociability information of the devices. This work proposes a mechanism, called ELECTRON, for access control in IoT networks based on social trust between devices to protect the network from Sybil attacks. The social similarity between devices helps to define communities in the network and compose the calculation of social trust, strengthening the reliability between legitimate devices and their resilience against the interaction of Sybil attackers. Results in the NS-3 simulator show the ELECTRON effectiveness faces Sybil attacks on IoT that seek access to the network. It achieved detection rates around 90%, and variations according to the community in which social trust is built.References
Abderrahim, O. B., Elhedhili, M. H., and Saidane, L. (2017). Ctms-siot: A context-based trust management system for the social internet of things. In 3th International Wireless Communications and Mobile Computing Conference (IWCMC), pages 1903–1908.
Alaba, F. A., Othman, M., Hashem, I. A. T., and Alotaibi, F. (2017). Internet of things security: A survey. Journal of Network and Computer Applications, 88(Supplement C):10 – 28.
Alenezi, A., Wills, G., Atlam, H. F., Alenezi, A., Walters, R. J., Wills, G. B., and Daniel, J. (2017). Developing an adaptive risk-based access control model for the internet of things. (June).
Anggorojati, B., Mahalle, P. N., Prasad, N. R., and Prasad, R. (2012). Capability-based access control delegation model on the federated iot network. In The 15th International Symposium on Wireless Personal Multimedia Communications, pages 604–608.
Atzori, L., Iera, A., and Morabito, G. (2011). Siot: Giving a social structure to the internet of things. IEEE Communications Letters, 15(11):1193–1195.
Atzori, L., Iera, A., Morabito, G., and Nitti, M. (2012). The social internet of things (SIoT) - When social networks meet the internet of things: Concept, architecture and network characterization. Computer Networks, 56(16):3594–3608.
Bernal Bernabe, J., Hernandez Ramos, J. L., and Skarmeta Gomez, A. F. (2016). Taciot: Multidimensional trust-aware access control system for the internet of things. Soft Comput., 20(5):1763–1779.
Chen, I. R., Guo, J., and Bao, F. (2014). Trust management for service composition in soa-based iot systems. In 2014 IEEE Wireless Communications and Networking Conference (WCNC), pages 3444–3449.
Cho, E., Myers, S. A., and Leskovec, J. (2011). Friendship and mobility: user movement in location-based In Proceedings of the 17th ACM SIGKDD international conference on Knowledge social networks. discovery and data mining, pages 1082–1090. ACM.
Evangelista, D., Mezghani, F., Nogueira, M., and Santos, A. (2016). Evaluation of sybil attack detection approaches in the internet of things content dissemination. In 2016 Wireless Days (WD), pages 1–6.
Ferraiolo, D. F., Cugini, J. a., and Kuhn, D. R. (1995). Role-Based Access Control: Features and Motivations. Proceedings of the 11th Annual Computer Security Applications Conference, (JANUARY 1995):241–248.
Gartner (2017). The gartner report. https://www.gartner.com/doc/3803530?srcId=1-6595640685. Accessed: 2017-11-08.
Greengard, S. (2019). Deep insecurities: The internet of things shifts technology risk. Commun. ACM, 62(5):20–22.
Gu, L., Wang, J., and Sun, B. (2014). Trust management mechanism for internet of things. China Communications, 11(2):148–156.
Gusmeroli, S., Piccione, S., and Rotondi, D. (2012). Iot access control issues: A capability based approach. In 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pages 787–792.
Hernández-Ramos, J. L., Jara, A. J., Marín, L., and Skarmeta Gómez, A. F. (2016). Dcapbac: Embedding authorization logic into smart things through ecc optimizations. Int. J. Comput. Math., 93(2):345–366.
Hussein, D., Bertin, E., and Frey, V. (2017). A community-driven access control approach in distributed iot environments. IEEE Communications Magazine, 55(3):146–153.
Mahalle, P. N., Thakre, P. A., Prasad, N. R., and Prasad, R. (2013). A fuzzy approach to trust based access control in internet of things. In Wireless VITAE 2013, pages 1–5.
Medjek, F., Tandjaoui, D., Romdhani, I., and Djedjig, N. (2017). Performance evaluation of rpl protocol under mobile sybil attacks. In Trustcom/BigDataSE/ICESS, pages 1049–1055.
Nguyen, T., Hoang, D., and Seneviratne, A. (2016). Challenge-response trust assessment model for personal space iot. In IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), pages 1–6.
Ouaddah, A., Mousannif, H., Elkalam, A. A., and Ouahman, A. A. (2017). Access control in the internet of things: Big challenges and new opportunities. Computer Networks, 112:237 – 262.
Pongle, P. and Chavan, G. (2015). A survey: Attacks on rpl and 6lowpan in iot. In 2015 International Conference on Pervasive Computing (ICPC), pages 1–6.
Sato, H., Kanai, A., Tanimoto, S., and Kobayashi, T. (2016). Establishing trust in the emerging era of iot. In IEEE Symposium on Service-Oriented System Engineering (SOSE), pages 398–406.
Sicari, S., Rizzardi, A., Grieco, L., and Coen-Porisini, A. (2015). Security, privacy and trust in internet of things: The road ahead. Computer Networks, 76(Supplement C):146 – 164.
Son, H., Kang, N., Gwak, B., and Lee, D. (2017). An adaptive iot trust estimation scheme combining interaction history and stereotypical reputation. In 14th IEEE Annual Consumer Communications Networking Conference (CCNC), pages 349–352.
Yan, Z., Zhang, P., and Vasilakos, A. V. (2014). A survey on trust management for internet of things. Journal of Network and Computer Applications, 42:120 – 134.
Yuan, E. and Tong, J. (2005). Attributed based access control (abac) for web services. In IEEE International Conference on Web Services (ICWS'05), page 569.
Alaba, F. A., Othman, M., Hashem, I. A. T., and Alotaibi, F. (2017). Internet of things security: A survey. Journal of Network and Computer Applications, 88(Supplement C):10 – 28.
Alenezi, A., Wills, G., Atlam, H. F., Alenezi, A., Walters, R. J., Wills, G. B., and Daniel, J. (2017). Developing an adaptive risk-based access control model for the internet of things. (June).
Anggorojati, B., Mahalle, P. N., Prasad, N. R., and Prasad, R. (2012). Capability-based access control delegation model on the federated iot network. In The 15th International Symposium on Wireless Personal Multimedia Communications, pages 604–608.
Atzori, L., Iera, A., and Morabito, G. (2011). Siot: Giving a social structure to the internet of things. IEEE Communications Letters, 15(11):1193–1195.
Atzori, L., Iera, A., Morabito, G., and Nitti, M. (2012). The social internet of things (SIoT) - When social networks meet the internet of things: Concept, architecture and network characterization. Computer Networks, 56(16):3594–3608.
Bernal Bernabe, J., Hernandez Ramos, J. L., and Skarmeta Gomez, A. F. (2016). Taciot: Multidimensional trust-aware access control system for the internet of things. Soft Comput., 20(5):1763–1779.
Chen, I. R., Guo, J., and Bao, F. (2014). Trust management for service composition in soa-based iot systems. In 2014 IEEE Wireless Communications and Networking Conference (WCNC), pages 3444–3449.
Cho, E., Myers, S. A., and Leskovec, J. (2011). Friendship and mobility: user movement in location-based In Proceedings of the 17th ACM SIGKDD international conference on Knowledge social networks. discovery and data mining, pages 1082–1090. ACM.
Evangelista, D., Mezghani, F., Nogueira, M., and Santos, A. (2016). Evaluation of sybil attack detection approaches in the internet of things content dissemination. In 2016 Wireless Days (WD), pages 1–6.
Ferraiolo, D. F., Cugini, J. a., and Kuhn, D. R. (1995). Role-Based Access Control: Features and Motivations. Proceedings of the 11th Annual Computer Security Applications Conference, (JANUARY 1995):241–248.
Gartner (2017). The gartner report. https://www.gartner.com/doc/3803530?srcId=1-6595640685. Accessed: 2017-11-08.
Greengard, S. (2019). Deep insecurities: The internet of things shifts technology risk. Commun. ACM, 62(5):20–22.
Gu, L., Wang, J., and Sun, B. (2014). Trust management mechanism for internet of things. China Communications, 11(2):148–156.
Gusmeroli, S., Piccione, S., and Rotondi, D. (2012). Iot access control issues: A capability based approach. In 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, pages 787–792.
Hernández-Ramos, J. L., Jara, A. J., Marín, L., and Skarmeta Gómez, A. F. (2016). Dcapbac: Embedding authorization logic into smart things through ecc optimizations. Int. J. Comput. Math., 93(2):345–366.
Hussein, D., Bertin, E., and Frey, V. (2017). A community-driven access control approach in distributed iot environments. IEEE Communications Magazine, 55(3):146–153.
Mahalle, P. N., Thakre, P. A., Prasad, N. R., and Prasad, R. (2013). A fuzzy approach to trust based access control in internet of things. In Wireless VITAE 2013, pages 1–5.
Medjek, F., Tandjaoui, D., Romdhani, I., and Djedjig, N. (2017). Performance evaluation of rpl protocol under mobile sybil attacks. In Trustcom/BigDataSE/ICESS, pages 1049–1055.
Nguyen, T., Hoang, D., and Seneviratne, A. (2016). Challenge-response trust assessment model for personal space iot. In IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), pages 1–6.
Ouaddah, A., Mousannif, H., Elkalam, A. A., and Ouahman, A. A. (2017). Access control in the internet of things: Big challenges and new opportunities. Computer Networks, 112:237 – 262.
Pongle, P. and Chavan, G. (2015). A survey: Attacks on rpl and 6lowpan in iot. In 2015 International Conference on Pervasive Computing (ICPC), pages 1–6.
Sato, H., Kanai, A., Tanimoto, S., and Kobayashi, T. (2016). Establishing trust in the emerging era of iot. In IEEE Symposium on Service-Oriented System Engineering (SOSE), pages 398–406.
Sicari, S., Rizzardi, A., Grieco, L., and Coen-Porisini, A. (2015). Security, privacy and trust in internet of things: The road ahead. Computer Networks, 76(Supplement C):146 – 164.
Son, H., Kang, N., Gwak, B., and Lee, D. (2017). An adaptive iot trust estimation scheme combining interaction history and stereotypical reputation. In 14th IEEE Annual Consumer Communications Networking Conference (CCNC), pages 349–352.
Yan, Z., Zhang, P., and Vasilakos, A. V. (2014). A survey on trust management for internet of things. Journal of Network and Computer Applications, 42:120 – 134.
Yuan, E. and Tong, J. (2005). Attributed based access control (abac) for web services. In IEEE International Conference on Web Services (ICWS'05), page 569.
Published
2019-09-02
How to Cite
DE OLIVEIRA, Gustavo; NOGUEIRA, Michele; SANTOS, Aldri.
Controle de Acesso à IoT Baseado na Percepção de Comunidade e Confiança Social Contra Ataques Sybil. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 19. , 2019, São Paulo.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2019
.
p. 71-84.
DOI: https://doi.org/10.5753/sbseg.2019.13963.
