Capabilities-based access control for IoT devices using Verifiable Credentials

Nikos Fotiou; Vasilios A. Siris; George C. Polyzos; Yki Kortesniemi; Dmitrij Lagutin

doi:10.1109/SPW54247.2022.9833873

Capabilities-based access control for IoT devices using Verifiable Credentials

Nikos Fotiou, Vasilios A. Siris, George C. Polyzos, Yki Kortesniemi, Dmitrij Lagutin

Athens University of Economics and Business

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

19 Citations (Scopus)

Abstract

Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems. Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices.

Original language	English
Title of host publication	Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022
Publisher	IEEE
Pages	222-228
Number of pages	7
ISBN (Electronic)	978-1-6654-9643-8
DOIs	https://doi.org/10.1109/SPW54247.2022.9833873
Publication status	Published - 25 Jul 2022
MoE publication type	A4 Conference publication
Event	IEEE Workshop on the Internet of Safe Things - San Francisco, United States Duration: 26 May 2022 → 26 May 2022 https://safe-things-2022.github.io

Publication series

Name	IEEE Security and Privacy Workshops
ISSN (Electronic)	2770-8411

Workshop

Workshop	IEEE Workshop on the Internet of Safe Things
Abbreviated title	SafeThings
Country/Territory	United States
City	San Francisco
Period	26/05/2022 → 26/05/2022
Internet address	https://safe-things-2022.github.io

Keywords

decentralized identifiers
OAuth 2.0
Proof-of-Possession
internet of things

Access to Document

10.1109/SPW54247.2022.9833873

https://safe-things-2022.github.io/accepted_papers/safethings2022-final6.pdf

Cite this

@inproceedings{b058e4a6d40e47e48a88b379146f28d2,

title = "Capabilities-based access control for IoT devices using Verifiable Credentials",

abstract = "Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems. Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices.",

keywords = "decentralized identifiers, OAuth 2.0, Proof-of-Possession, internet of things",

author = "Nikos Fotiou and Siris, {Vasilios A.} and Polyzos, {George C.} and Yki Kortesniemi and Dmitrij Lagutin",

note = "| openaire: EC/H2020/957246/EU//IoT-NGIN; IEEE Workshop on the Internet of Safe Things, SafeThings ; Conference date: 26-05-2022 Through 26-05-2022",

year = "2022",

month = jul,

day = "25",

doi = "10.1109/SPW54247.2022.9833873",

language = "English",

series = "IEEE Security and Privacy Workshops",

publisher = "IEEE",

pages = "222--228",

booktitle = "Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022",

address = "United States",

url = "https://safe-things-2022.github.io",

}

Fotiou, N, Siris, VA, Polyzos, GC, Kortesniemi, Y & Lagutin, D 2022, Capabilities-based access control for IoT devices using Verifiable Credentials. in Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022. IEEE Security and Privacy Workshops, IEEE, pp. 222-228, IEEE Workshop on the Internet of Safe Things, San Francisco, California, United States, 26/05/2022. https://doi.org/10.1109/SPW54247.2022.9833873

Capabilities-based access control for IoT devices using Verifiable Credentials. / Fotiou, Nikos; Siris, Vasilios A.; Polyzos, George C. et al.
Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022. IEEE, 2022. p. 222-228 (IEEE Security and Privacy Workshops).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Capabilities-based access control for IoT devices using Verifiable Credentials

AU - Fotiou, Nikos

AU - Siris, Vasilios A.

AU - Polyzos, George C.

AU - Kortesniemi, Yki

AU - Lagutin, Dmitrij

N1 - | openaire: EC/H2020/957246/EU//IoT-NGIN

PY - 2022/7/25

Y1 - 2022/7/25

N2 - Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems. Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices.

AB - Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems. Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices.

KW - decentralized identifiers

KW - OAuth 2.0

KW - Proof-of-Possession

KW - internet of things

UR - http://www.scopus.com/inward/record.url?scp=85136106768&partnerID=8YFLogxK

U2 - 10.1109/SPW54247.2022.9833873

DO - 10.1109/SPW54247.2022.9833873

M3 - Conference article in proceedings

T3 - IEEE Security and Privacy Workshops

SP - 222

EP - 228

BT - Proceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022

PB - IEEE

T2 - IEEE Workshop on the Internet of Safe Things

Y2 - 26 May 2022 through 26 May 2022

ER -

Capabilities-based access control for IoT devices using Verifiable Credentials

Abstract

Publication series

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

IoT-NGIN: Next Generation IoT as part of Next Generation Internet

Cite this

Capabilities-based access control for IoT devices using Verifiable Credentials

Abstract

Publication series

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Projects

IoT-NGIN: Next Generation IoT as part of Next Generation Internet

Cite this