Adaptive XACML access policies for heterogeneous distributed IoT environments

• Published in: Information sciences Vol. 548; pp. 135 - 152
• Main Authors: Riad, Khaled, Cheng, Jieren
• Format: Journal Article
• Language: English
• Published: Elsevier Inc 16.02.2021
• Subjects: Access Control; Access Policies; Heterogeneous Environments; Internet-of-Things; XACML; Internet-of-Things; Access Control; Access Policies; Heterogeneous Environments; XACML
• ISSN: 0020-0255; 1872-6291
• DOI: 10.1016/j.ins.2020.09.051

•Ensuring that the generated access codes can only be used during the validity period.•Introducing the mandatory constraints based on the authentication run-time parameters.•Using MD5 & SHA-1 Checksum to verify that the access code is not altered by hackers.•Implementing the sophisticated access conditions in XML files based on XACML.•Securing our adaptive XACML scheme against the Masquerade attack and MITM attack. This paper addresses the access control issue for the comprehensive and distributed Internet of Things (IoT) environments. The typical eXtensible Access Control Markup Language (XACML) which implements the sophisticated access conditions in XML files, is widely used to guarantee access control decisions for the distributed IoT environments. To the best of our knowledge, the typical XACML-based access control schemes never consider the authentication run-time parameters. Moreover, the access control schemes that are mainly based on the typical XACML cannot secure themselves against some kinds of attacks, such as the Masquerade attack. Also, those schemes are not secure in opposition to Man-in-the-Middle (MITM) attack. Therefore, this paper proposes an adaptive XACML scheme that extends the typical XACML by integrating an access code generation and verification schemes for heterogeneous distributed IoT environments. Our adaptive XACML scheme considers some sensitive authentication run-time parameters before authorizing the user. Moreover, our scheme is proven secure against the Masquerade attack and MITM attack through hashing the generated access code using Message Digest Algorithm-5 (MD5) and Secure Hash Algorithm-1 (SHA-1) Checksum Utility. The experimental analysis of many different configurations supports the efficacy and efficiency of our adaptive XACML. It also shows exceptional compatibility and performance with different implementations. The processing time comparison between our adaptive XACML and Typical XACML, has shown that there is a low time overhead when using our adaptive XACML. This processing time overhead is nothing compared to the extra features that have been achieved in excess of the typical XACML and the security against Masquerade and MITM attacks. Therefore, our adaptive XACML scheme has the capability to be applied in various distinct distributed environments not only IoT.