Access control makes it possible to fight against the unauthorized use of a resource. In order to implement this control, a list of entities authorized to access a resource with their access authorizations is defined in accordance with a security policy. This security service is offered to implement different types of access to resources (reading, writing, modification, information deletion and task execution). Access control is based on one or more elements, using an information database that is maintained by authorization centers or the entity itself and this may take the form of an access control list or a hierarchical or distributed matrix. These databases include authentication information (passwords, security tags, etc.) (ITU-T 1991). Two entities are used for access control in the IoT: the data holders (users of IoT services) and objects (data collectors) that send data or receive commands. These two entities must be mutually authenticated (Balte et al. 2015).
1.4.2.2.2. Research projects
Several European research projects have studied the adaptation of access control mechanisms for the IoT environment. ARMOUR (2018) is a European project funded by H2020 (February 2016–February 2018) that addressed some of the challenges surrounding security and trust in the IoT. The work carried out in the framework of this project makes it possible to define a set of components that interact with each other to authorize or block secure data queries in an IoT environment. ARMOUR defines several entities in this environment in order to do this. First, we have the Policy Decision Point (PDP), which is a component that includes the access policies and, by evaluating the access control policies, can authorize or deny authorization to an IoT device (sensor) to carry out an action on a resource (data registration server). For example, a “PERMIT” decision from the PDP allows the Capability Manager (the server communicating with the PDP) to generate and send a token to the sensor to publish the data on the IoT platform. The data publication server (Pub/Sub Server) saves the data and thus allows the data query to be updated and executed if the sensor token received by the Capability Manager allows this action (ARMOUR 2016).
SMARTIE (Secure and SMArter ciTIes data management) (Pokric et al. 2015) is another European project funded by FP7 (September 2013–December 2016) focused on access control in the IoT. SMARTIE’s goal was to develop new mechanisms to establish trust and security in the different IoT layers. The results of the project indicate that Attribute-Based Access Control (ABAC) is an appropriate solution to specify finer access control policies. In ABAC, the identity of an IoT service user is no longer limited to a single attribute but is based on multiple attributes (i.e. user ID, role, etc.) that make up this identity. This is why ABAC provides substantial improvements in authorization and access control within the IoT. ABAC-based solutions make it possible to overcome the disadvantages of centralized access control solutions. Each query requires two steps: an authorization check (identity control and authentication) and, consequently, an access control decision (authorization or prohibition). For each access request, the IoT service user is authenticated with the domain and the access authorization request is obtained for the user. The user’s access authorization request is signed by a trusted domain authority. Thus, the user may send the query to the IoT devices that verify the signature. If the signature is successfully verified, the required information is sent to the user (SMARTIE 2014a, 2014b; Pokric et al. 2015).
1.4.2.3. Confidentiality in the IoT
1.4.2.3.1. Definition
The confidentiality service offers protection against non-authorized entities analyzing traffic and against data flows being divulged. Data encryption is the most appropriate mechanism to ensure this security service. Encryption can be carried out using a symmetric system (with a secret key) or an asymmetric system (public key). Symmetric encryption involves knowing the secret key that allows encryption and decryption. For asymmetric encryption, the knowledge of the public encryption key by all entities does not imply knowledge of the private key for decryption. Apart from encryption mechanisms, there must be a key management mechanism in order to exchange keys between the communicating entities (ITU-T 1991).
In an IoT environment, there are several points that must be taken into consideration when using the confidentiality service, especially during the key exchange process for encryption. First of all, extensibility is an important characteristic that must be considered, as there is a high number of connected objects. In fact, the number of entities that can be involved in the key exchange process may be limited by using conventional systems. Second, new entities may be involved after the initial key exchange. Thus, new objects may be integrated into the IoT environment after the initiation of the services. Scalability is another important characteristic that must be taken into consideration. Indeed, when new entities are involved in the key exchange process in the IoT, the volume of cryptographic data to be stored on the objects becomes greater, while IoT objects are subject to restrictions in terms of data storage and processing abilities (Abdemeziem 2016).
1.4.2.3.2. Research projects
One of the challenges in implementing an encryption system for a connected object in the IoT environment is the availability of appropriate software libraries that respect the constraints governing IoT objects in terms of memory, computation ability and energy consumption. In this context, certain research projects have been carried out to address this problem, which still poses a challenge and requires more advanced studies that are better adapted to the needs of the IoT in order to provide optimal security services. An example of an existing library that can be used in an IoT environment is the “AVR-Crypto-Lib” (Cantora 2013), which provides special implementations that respect the limited resources of microcontrollers. This library offers symmetric key encryption such as AES, RC5, RC6 and DES. Another library, “Relic-Toolkit” (2018), offers a large variety of asymmetric encryption algorithms such as RSA and Rabin crypto system. “Relic-Toolkit” is used in the TinyPBC project implemented on the TOSSIM simulator (2018) on the TinyOS operating system. The libraries we have just described provide, among other things, a confidentiality service in an IoT environment, which allows secure communications, so that unauthorized access to the content of the data is prohibited and that content is protected during its transfer between two entities in the IoT environment.
European research projects have also focused on data confidentiality on the IoT. The SMARTIE project (Pokric et al. 2015), for example, uses CP-ABE (Ciphertext Policy Attribute-Based Encryption), a technique that allows the IoT user to decrypt the message from objects with a secret key if the policy attributes match the attributes of the key. CP-ABE makes it possible to encrypt data for a group of users, instead of encrypting it individually, in accordance with access policies. This technique links access control and encryption and is used when data from an object must be received by several users of that IoT service. Data are thus encrypted only once (SMARTIE 2014a; Pokric et al. 2015). The European project BUTLER (CORDIS 2018) is focused on the protection of the communication channel in the IoT. This channel is vulnerable because of its wireless feature and information dissemination. BUTLER proposes improvements to security standards used in IoT communication technologies. For ZigBee, it offers a security system based on the use of symmetric keys to complement and enhance the security features provided by the ZigBee standard, which uses two mandatory keys and one optional key. The Master Key and the Network Key are mandatory, while the Link Key is optional. The Master Key is used in the initialization phase and implemented at the nodes through an out-of-band channel. The Network Key guarantees the security of the network layer and is shared by all nodes. It is derived from the Master Key. The optional Link Key is derived from the Master key and guarantees the security of the link between two peers at the application level. In this context, the BUTLER project put in place mechanisms to manage the deployment, maintenance and revocation of the Master key. It also proposed implementing an additional symmetric key (called the Global Key) at the node, at the time of manufacture. This key is used by the Medium Access Control (MAC) layer and is shared by all nodes. The Global Key guarantees security for the lower layers. The Network Key provided by the ZigBee standard will thus be used as a Group Key, which will be shared between the nodes and managed by the ZigBee Network layer. This makes it possible to securely address a group of nodes sharing a common feature. As a result, objects communicating via