Multi-Domain Access Rights Composition in Federated IoT Platforms

Current activities in the Internet of Things research area are devoting many efforts to the definition of architectures and mechanisms supporting the federation of heterogeneous platforms. In this context, the Multi-Domain Access Rights Composition is emerging as a promising paradigm, enabling the sharing of resources across organizations and boundaries. From the security perspective, the protection of resources against unauthorized accesses becomes even more difficult to accomplish. The work presented herein aims at solve the access control issue through a novel solution based on the Attribute Based Access Control logic. Specifically, the conceived approach leverages the Decentralized Multi-Authority - Ciphertext-Policy - Attribute Based Encryption algorithm, in a way that is completely different with respect to its conventional usage. The resulting protocol offers, at the same time, the following requirements: peer authentication, data confidentiality between communicating peers, advanced access control mechanism based cryptographic algorithms, user privacy, adoption of attributes with limited lifetime, revocation of attributes, and resilience against collusion attack.