uniquely. Deployment of IoT system was initially based up on the IP address range allocated as well as the physical location of IoT devices in the specified geographical area of the system. Identity management of IoT was initially addressed by assigning object naming and IP addressing schemes. Since there are increasing efforts by research community for secured identification, authentication, as well as access management issues with IoT system, several new methods and means have emerged. A few such methods used for identity establishment and resource authorization are Ubiquitous code, ODI, short OID, EPC and RFID identifiers.
Subsequently cloud computing method was adopted to assign virtual identity to users and things. The main drawback of such method was to only handle the addressing virtual identity issues, without considering various underneath protocols for data transmission and their applications on the IoT environment. Similarly Wireless Sensor Network (WSN) protocol having identity management functionality as well as clustering of things has not been able to address the specific requirements of mobility of objects and their data transfer in the environment. Some other means were considered in IoT environment only for user identifications such as Open ID, Liberty Alliance and Shibboleth. Provisioning of identity management cycle using Cloud computing was initially based upon centralized solution model for authentication and authorization of resources. This was also used for proper resource accessibility and availability for desired application and service. However over a period of time it was realized that having a single point of failure in a centralized as well as critical system needs due attention. Alternatively desired mechanism needs to be adopted for tackle this issue.
Various ways and means to address this concern of IAM are going to be one of the prime focuses for the chapter. The following section analyzes how cloud enabled IoT solutions have attempted to handle IAM related matters in IoT ecosystem.
3.4 IoT Cloud Related Developments
Many efforts have been made by research community to efficiently handle the security related matters of IoT ecosystem. The authors of the chapter on Open Web Application Security Project (OWASP) [3] have listed and described most prominent 10 vulnerabilities associated with architecture of IoT. These features include important features like interfaces of entities related to the IoT architecture which are known as not secured, aspects like physical security of the system, inappropriately configured security configuration matters, insecure associated software and firmware.
In 2017 WAVE [4] was proposed. As best known to us, this was a novel and first approach using blockchain based and decentralized authorization in IoT environment. This made use of fine grained access control policies in conjunction with having smart contracts for event triggering functionality. However, functioning of blockchain nodes on constrained IoT devices was a troublesome matter. Hence to address this some trusted gateways were put to use for the devices in order to perform interaction to the blockchain network.
Several methods have been proposed by various researchers which require a detailed analysis for judging their efficiency and applicability along with related pros and cons. In the subsequent paras we are deliberation on prominent methods proposed since 2017 and also summarize their central ideas with a comparison among them.
Depending on the ad hoc nature of the IoT devices of the ecosystem for their access control, a requirement was felt for distributed IoT. Accordingly, capability-based access control (CBAC) proposed by Hussein et al. [5] proved to be well suited for the IoT environment compared to traditionally known access control models (Table 3.1).
Table 3.1 Comparison of access control method for IoT.
| Proposal year | Elementary method | Type of encryption | Key generation method | Access control | Mutual authentication | Anonymity of data | Integrity of data | Reference |
| 2017 | Decentralized | Symmetric | XOR Operation Based | Y | Y | N | Y | [5][6] |
| 2018 | Centralized | Asymmetric | Random No Generation & Hash Function | Y | N | Y | Y | [7][8] |
| 2018 | Centralized | Asymmetric | Elliptic curve cryptography | Y | Y | N | Y | [9] |
| 2018 | Centralized | Asymmetric | Fuzzy Extractor Gen Algorithm | Y | Y | N | Y | [10] |
| 2018 | Decentralized | Asymmetric | Elliptic curve cryptography | Y | Y | N | Y | [11] |
| 2019 | Centralized | Symmetric | Physical Unclonable Function And Fuzzy Extractor | Y | Y | Y | Y | [12] |
A computationally light weight authentication mechanism has been proposed by Aman et al. [6]. There is no need of any central server for storage mechanism of secret keys. This is based on Physical Unclonable Functions (PUFs) mechanism. Though it may be difficult to impersonate physical properties of the associated IoT devices but swapping of such devices with a malicious one could not be ruled out. The main drawback of the system was that, the mechanism required storing corresponding authentication credential details centrally. Accordingly, PUF based credentials kept is always a potential location for single point of failure.
In Vijaykumar et al. [7] introduced comparatively an updated authentication mechanism with respect to IoT devices. Better maintenance of privacy was achieved by using minimal information regarding used devices. This method used short group signatures and RSA algorithm. In order to have secured communication and associated generation and also distribution of encryption keys this is found to be a suitable mechanism.
