A Generic Lightweight and Scalable Access Control Framework for IoT Gateways - Information Security Theory and Practice Access content directly
Conference Papers Year : 2019

A Generic Lightweight and Scalable Access Control Framework for IoT Gateways

Juan D. Parra Rodriguez
  • Function : Author
  • PersonId : 1042926


Gateways prevail in IoT (Internet of Things) set-ups for connectivity, privacy, and other reasons; however, there has not been a generic and open-source framework offering authentication, identity management, policy administration and policy evaluation as a service for such a scenario. Meanwhile, cloud-based security solutions are available, but they use too much memory and CPU to be deployed in low-cost hardware typically used for IoT gateways such as the Raspberry Pi.In our work, we identified critical requirements for a generic security framework that could be deployed to low-cost hardware used for IoT gateways. From this point on, we implemented the security framework, and modified a Content Management System (CMS) to rely on the framework for authentication and policy evaluations.We evaluated our component’s runtime performance and computational resource consumption in comparison to a popular attribute-based security framework written in Java. We measured the CPU, memory, and network usage for each security framework, their databases, and the CMS across three different hardware platforms. To ensure our results are not biased towards a particular hardware set-up, we chose hardware with two different processor architectures, different capabilities and vendors. Our results indicate that our framework not only requires less time to complete requests but also makes less intensive use of the processor and the memory, i.e., the most critical capabilities for IoT gateways today.
Fichier principal
Vignette du fichier
484602_1_En_15_Chapter.pdf (909.96 Ko) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-02294606 , version 1 (23-09-2019)





Juan D. Parra Rodriguez. A Generic Lightweight and Scalable Access Control Framework for IoT Gateways. 12th IFIP International Conference on Information Security Theory and Practice (WISTP), Dec 2018, Brussels, Belgium. pp.207-222, ⟨10.1007/978-3-030-20074-9_15⟩. ⟨hal-02294606⟩
86 View
45 Download



Gmail Facebook X LinkedIn More