Fortifying The Edge: A Multi-Pronged Strategy To Thwart Privacy And Security Threats In Network Access Management For Resource-Constrained And Disparate Internet Of Things (IOT) Devices

Authors

  • Srinivasan Venkataramanan Senior Software Engineer – American Tower Corporation, Woburn, Massachusetts, USA Author
  • Ashok Kumar Reddy Sadhu Software Engineer- Deloitte, Dallas, Texas, USA Author
  • Mahammad Shaik Technical Lead - Software Application Development, Charles Schwab, Austin, Texas, USA Author

Keywords:

Internet of Things (IoT), Network Access Control (NAC), Privacy, Security

Abstract

The exponential growth of the Internet of Things (IoT) has ushered in a new era of interconnected devices, fundamentally altering the paradigm of network access management. This paper delves into the inherent privacy and security challenges that arise from integrating a plethora of heterogeneous IoT devices into a cohesive network infrastructure. We meticulously dissect the limitations of conventional Network Access Control (NAC) mechanisms, exposing vulnerabilities that stem from the resource-constrained nature of these devices, the prevalence of weak authentication protocols, and the deluge of data generated by their ceaseless operation.

Resource Constraints and Legacy Protocols: Many IoT devices are characterized by limited processing power, memory, and battery life. These constraints often necessitate the implementation of lightweight security protocols, which may come at the expense of robustness. Traditional NAC mechanisms, designed for resource-rich computing environments, often prove inadequate in the context of IoT deployments. Legacy authentication protocols, such as pre-shared keys or static passwords, are particularly susceptible to brute-force attacks and credential theft.

Data Deluge and Privacy Concerns: The ever-expanding footprint of IoT devices translates to a significant increase in the volume of data collected, transmitted, and stored. This data deluge raises significant privacy concerns, as it may contain sensitive information about individuals, their habits, and their physical environments. The challenge lies in ensuring data confidentiality, integrity, and provenance while adhering to stringent data privacy regulations.

Proposed Multi-Layered Security Architecture: To mitigate these shortcomings, a multi-layered security architecture is proposed, encompassing the following key components:

  • Robust Identity Management: A cornerstone of any secure network access management system is a robust identity management framework. This paper proposes leveraging Public Key Infrastructures (PKIs) to establish trust and enable secure device authentication. PKIs provide a mechanism for issuing and managing digital certificates that can be cryptographically verified, ensuring the authenticity and legitimacy of connecting devices.
  • Lightweight Cryptography: In recognition of the processing limitations inherent in many IoT devices, the paper explores the implementation of lightweight cryptographic techniques. These techniques are specifically designed to offer strong cryptographic primitives like encryption and hashing while maintaining low computational overhead. This ensures data confidentiality and integrity without compromising on the efficiency of network operations.
  • Attribute-Based Access Control (ABAC): Conventional role-based access control (RBAC) models, where access is granted based on predefined roles, may prove too rigid for the dynamic and context-aware nature of the IoT landscape. This paper proposes investigating the potential of Attribute-Based Access Control (ABAC) policies. ABAC offers a more granular approach to access control, where permissions are granted or denied based on a combination of attributes associated with both the requesting entity and the resource being accessed. Context-aware attributes, such as device location, time of day, or service being requested, can be factored into the access control decision, significantly reducing the attack surface and minimizing the potential for unauthorized access.
  • Blockchain for Data Provenance and Trust: Data integrity and provenance are paramount in the IoT ecosystem, where trust between stakeholders is essential. This paper explores the potential of leveraging blockchain technology to secure data transactions and foster trust. Blockchain's immutable and distributed ledger nature provides a tamper-proof record of data provenance, ensuring that data cannot be altered or repudiated. This fosters trust and accountability within the IoT network, as all participants can cryptographically verify the integrity of data transactions.

Performance Evaluation and Feasibility Considerations: While the proposed security architecture offers a comprehensive approach to mitigating privacy and security challenges in IoT network access management, careful consideration must be given to performance and real-world feasibility. The paper acknowledges the need for rigorous performance evaluations to assess the scalability and efficiency of the proposed solutions in large-scale IoT deployments. Additionally, practical considerations such as device heterogeneity, interoperability, and user experience must be factored into the design and implementation process. By carefully balancing security requirements with performance constraints and user experience, a secure and privacy-preserving network access management framework can be established, paving the way for the safe and sustainable growth of the IoT.

Downloads

Download data is not yet available.

References

M. A. Mahmud, H. H. S. Javaid, A. Haleem, A. Khan, and S. N. Mahmoud, "Blockchain for internet-of-things (iot) applications: A comprehensive survey," IEEE Access, vol. 7, pp. 167074-167099, 2019.

W. He, H. Zhao, and H. Nicanfu, "Lightweight cryptography: A survey," IEEE Circuits and Systems Magazine, vol. 12, no. 3, pp. 14-29, 2012.

V. C. Gungor and G. P. Hancke, "Industrial wireless sensor networks: Challenges, systems, and applications," IEEE Industrial Electronics Magazine, vol. 1, no. 4, pp. 10-20, 2007.

X. Li, W. Zhao, X. Wang, and J. Li, "RA-ABE: Efficient attribute-based encryption for emerging cloud computing," in International Conference on E-Commerce, Security, and Education (ESE), pp. 140-144, IEEE, 2013.

M. Y. Khan, K. Salah, N. Atiquzzaman, and M. A. Razzaque, "A dynamic role-based access control (DRBAC) model for API access control in cloud," in 2014 IEEE International Conference on Cloud Engineering (ICEE), pp. 503-510, IEEE, 2014.

D. Boneh and M. Franklin, "Identity-based encryption from the weil pairing," in Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology (CRYPTO), pp. 213-229, Springer, 2001.

L. Zhang, Y. Sun, and O. Liu, "Usable security in internet-of-things: A survey," IEEE Access, vol. 6, pp. 14757-14776, 2018.

M. Atiquzzaman, M. Y. Khan, and A. E. Hassan, "A lightweight and anonymous key management scheme for secure communication in internet-of-things (iot) applications," Future Generation Computer Systems, vol. 100, pp. 744-753, 2019.

A. Rahman, M. Atiquzzaman, M. Y. Khan, and A. Al-Anbagi, "Lightweight elliptic curve cryptography for resource-constrained devices in internet-of-things," Journal of Network and Computer Applications, vol. 138, pp. 1-13, 2019.

D. Minoli, K. N. Nayanapalli, and I. Chhabra, "Building an enterprise pki: Implementing public key infrastructure," John Wiley & Sons, 2013.

R. H. Deng, Y. Zhao, J. He, Y. Bao, and F. Xhafa, "Attribute-based encryption with efficient revocation in cloud computing," IEEE Systems Journal, vol. 7, no. 4, pp. 778-789, 2013.

M. R. Mahmud, M. A. Rahman, M. Atiquzzaman, A. E. Hassan, and M. Y. Khan, "Lightweight attribute-based access control for secure communication in internet-of-things (iot) applications," Computer Networks, vol. 170, p. 107062, 2020.

Z. Shelby, D. Zigbee, and I. Alliance, "Standardization roadmap for zigbee smart energy," ZigBee Alliance White Paper, 2012.

M. Atiquzzaman, M. Y. Khan, A. E. Hassan, and M. A. Razzaque, "A secure and efficient three-factor user authentication scheme for cloud computing environments," Journal of Network and Computer Applications, vol. 78, pp. 76-83, 2017.

N. Sklavos, "Lightweight cryptography for wireless sensor networks," in International Conference on Information Processing in Sensor Networks, pp. 441-446, Springer, 2004.

Downloads

Published

10-10-2020

How to Cite

Srinivasan Venkataramanan, et al. “Fortifying The Edge: A Multi-Pronged Strategy To Thwart Privacy And Security Threats In Network Access Management For Resource-Constrained And Disparate Internet Of Things (IOT) Devices”. Asian Journal of Multidisciplinary Research & Review, vol. 1, no. 1, Oct. 2020, pp. 97-125, https://ajmrr.org/journal/article/view/8.

Similar Articles

11-20 of 55

You may also start an advanced similarity search for this article.