Federated Identity and Access Management for the Internet of Things

Paul Fremantle; Benjamin Aziz; Jacek Kopecky; Philip Scott

doi:10.1109/SIoT.2014.8

2014 International Workshop on Secure Internet of Things (SIoT)

Federated Identity and Access Management for the Internet of Things

Year: 2014, Pages: 10-17

DOI Bookmark: 10.1109/SIoT.2014.8

Authors

Paul Fremantle
Benjamin Aziz
Jacek Kopecky
Philip Scott

Abstract

We examine the use of Federated Identity andAccess Management (FIAM) approaches for the Internet ofThings (IoT). We look at specific challenges that devices, sensorsand actuators have, and look for approaches to address them.OAuth is a widely deployed protocol -- built on top of HTTP -- forapplying FIAM to Web systems. We explore the use of OAuth forIoT systems that instead use the lightweight MQTT 3.1 protocol.In order to evaluate this area, we built a prototype that usesOAuth 2.0 to enable access control to information distributed viaMQTT. We evaluate the results of this prototyping activity, andassess the strengths and weaknesses of this approach, and thebenefits of using the FIAM approaches with IoT and Machine toMachine (M2M) scenarios. Finally we outline areas for furtherresearch.

Like what you’re reading?

Already a member?

Get this article FREE with a new membership!

Enforcement of security policy rules for the Internet of Things
2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
An implementation of access-control protocol for IoT home scenario
2017 IEEE/ACIS 16th International Conference on Computer and Information Science (ICIS)
OAuthHub - A Service for Consolidating Authentication Services
2015 IEEE 19th International Enterprise Distributed Object Computing Conference (EDOC)
OAuth-IoT: An access control framework for the Internet of Things based on open standards
2017 IEEE Symposium on Computers and Communications (ISCC)
Verification for OAuth Using ASLan++
2015 IEEE 16th International Symposium on High Assurance Systems Engineering (HASE)
Identity and access management- a comprehensive study
2015 International Conference on Green Computing and Internet of Things (ICGCIoT)
An Identity Management Framework for Internet of Things
2015 IEEE 12th International Conference on e-Business Engineering (ICEBE)
Mitigating CSRF attacks on OAuth 2.0 Systems
2018 16th Annual Conference on Privacy, Security and Trust (PST)
Trusted D2D-Based IoT Resource Access Using Smart Contracts
2019 IEEE 20th International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM)
User Access Privacy in OAuth 2.0 and OpenID Connect
2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)

Federated Identity and Access Management for the Internet of Things

Authors

Abstract

Related Articles