Secure and private access control for systems of smart devices
         With the emergence of Internet of Things (IoT) technologies and the invasion of smart devices in almost every aspect of our lives, access control that allows only authorized users to access IoT devices becomes an important problem. The limited capabilities of the devices and the distributed nature of IoT environments have presented unique challenges to the design of an effective access control mechanism. First, it should be lightweight enough for the IoT devices to handle due to their resource constraints. Second, the variety of devices and applications and the arbitrary manners of users require the support of fined-grain, flexible access control policies. Last but not least, traditional access control models that are often centralized may not be suitable for distributed IoT. Therefore, a decentralized approach should be considered.In this dissertation, we propose access control solutions that are not only secure and private but also scalable to meet IoT requirements. Our first design is an authorization protocol that supports flexible delegation for smart home applications. The protocol allows users to create and share various permissions within their authorities to other users. In addition, since simple computation operations are used, the protocol is lightweight and supports fast validation at resource-constrained devices. Next, the need to support larger environments and the open problem with the exchange of access keys without a central authority motivate us to seek a decentralized solution from blockchain technology, which is originated from the famous cryptocurrency Bitcoin. The advantages of blockchain, which lie in an immutable distributed ledger that is maintained by a peer-to-peer network of untrusted nodes, can bring decentralization to IoT applications. However, applying blockchain to IoT is not straightforward as it was not originally designed for IoT requirements. We address two main issues in blockchain-based access control for IoT systems. First, since blockchain is a public platform, user privacy is one of the top priorities. Second, resource-constrained IoT devices are often not powerful enough to interact directly with the blockchain but need to rely on certain trusted nodes to retrieve blockchain data.The first issue of user privacy leads to our design of CapChain, a blockchain-based privacy-preserving access control framework that enables the sharing of access capabilities to multiple devices in a secure and private manner. Then, applying similar techniques to CapChain but also extending the use of blockchain by smart contracts, we design a privacy-preserving service that allows users to create IoT automated tasks by defining one of multiple conditional statements that need to be satisfied before a task can be performed. We set up strict privilege at the triggering party, such that it may not trigger the task any time except only when the conditions are satisfied.To address the second issue of resource constrained devices, we propose a method for IoT devices to validate blockchain data without solely being dependent on a central server. In our approach, several witnesses on the network can be selected randomly by the devices to validate access control information. Our method is aided by Bloom filters, which are shown to be lightweight for resource-constrained devices.
    
    Read
- In Collections
- 
    Electronic Theses & Dissertations
                    
 
- Copyright Status
- In Copyright
- Material Type
- 
    Theses
                    
 
- Authors
- 
    Le, Tam  Dan
                    
 
- Thesis Advisors
- 
    Mutka, Matt W.
                    
 
- Committee Members
- 
    Esfahanian, Abdol-Hossein
                    
 Xiao, Li
 Zhang, Mi
 
- Date Published
- 
    2019
                    
 
- Program of Study
- 
    Computer Science - Doctor of Philosophy
                    
 
- Degree Level
- 
    Doctoral
                    
 
- Language
- 
    English
                    
 
- Pages
- 136 pages
- ISBN
- 
    9781392411391
                    
 1392411394
 
- Permalink
- https://doi.org/doi:10.25335/g51b-y734