Capabilities-based access control for IoT devices using Verifiable Credentials

Nikos Fotiou, Vasilios A. Siris, George C. Polyzos, Yki Kortesniemi, Dmitrij Lagutin

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

9 Citations (Scopus)

Abstract

Capabilities-based access control is a promising paradigm that can handle the particularities of IoT systems. Nevertheless, existing systems are not interoperable and they have limitations, such as lack of proof of possession, inefficient revocation mechanisms, and reliance on trusted third parties. In this paper we overcome these limitations by designing and implementing a system that leverages Verifiable Credentials (VCs) to encode the access rights. Our solution specifies protocols for requesting and using VCs that can be mapped to OAuth 2.0, includes an efficient and privacy preserving proof of possession mechanism, and it supports revocation. We implement and evaluate our solution and we show that it can be directly used even by constrained devices.
Original languageEnglish
Title of host publicationProceedings - 43rd IEEE Symposium on Security and Privacy Workshops, SPW 2022
PublisherIEEE
Pages222-228
Number of pages7
ISBN (Electronic)978-1-6654-9643-8
DOIs
Publication statusPublished - 25 Jul 2022
MoE publication typeA4 Conference publication
EventIEEE Workshop on the Internet of Safe Things - San Francisco, United States
Duration: 26 May 202226 May 2022
https://safe-things-2022.github.io

Publication series

NameIEEE Security and Privacy Workshops
ISSN (Electronic)2770-8411

Workshop

WorkshopIEEE Workshop on the Internet of Safe Things
Abbreviated titleSafeThings
Country/TerritoryUnited States
CitySan Francisco
Period26/05/202226/05/2022
Internet address

Keywords

  • decentralized identifiers
  • OAuth 2.0
  • Proof-of-Possession
  • internet of things

Fingerprint

Dive into the research topics of 'Capabilities-based access control for IoT devices using Verifiable Credentials'. Together they form a unique fingerprint.

Cite this