Attribute-Based Access Control in Internet of Things Security

Abstract

With the rapid spread of the use of Internet of Things devices, it has become an important situation for these devices to be provided with critical infrastructure, integrated into daily life and the creation of robust security mechanisms. The attribute-based access control (ABAC) method has emerged as a promising approach to manage access of IoT resources based on users' attributes. However, current ABAC models lack adequate privacy protections and do not address specific vulnerabilities, especially in scenarios where sensitive data is involved. The research includes a comprehensive review of the ABAC models that stand out in the context of IoT security, including the limitations and vulnerabilities that they carry. In this work, a new framework has been proposed that integrates zero-knowledge proofs (ZKP) with homomorphic encryption into the ABAC model, providing stronger security guarantees and privacy protection. While ZKPs allow users to prove that they have certain attributes or access rights without disclosing sensitive information, homomorphic encryption allows calculations to be performed on encrypted data without decryption. The proposed framework has been evaluated by theoretical analysis and simulation studies. The findings of this research are expected to contribute significantly to the field of IoT security by providing a more robust and privacy-protecting access control mechanism for IoT environments. The proposed framework has the potential to mitigate various security threats, including unauthorized access, data and privacy violations. © 2024 Elsevier B.V., All rights reserved.