Security-Aware Multi-User Architecture for IoT

• Published in: IEEE International Conference on Software Quality, Reliability and Security (Online) pp. 102 - 113
• Main Authors: Birgersson, Marcus, Artho, Cyrille, Balliu, Musard
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.12.2021
• Subjects: Authorization; Computer architecture; data-centric architecture; decentralized label model; fine-grained access control; multi-user IoT platform; Permission; Regulation; secure IoT architecture; Smart cities; Software quality; Software reliability; user-centric data classification
• ISSN: 2693-9177
• DOI: 10.1109/QRS54544.2021.00021

IoT systems, such as in smart cities or hospitals, generate data that may be subject to different security classifications, privacy regulations, and access rights. However, popular IoT platforms do not consider data classification and security-aware data analysis. In this paper, we present a novel architecture based on open-source solutions that handles the issue of collecting and classifying data at the source and presents the data analysis to users at different authorization levels. Our architecture consists of three layers: a layer for exposing collected and classified data to a middleware, the middleware to handle storage and analysis of the data and expose it to a dashboard, and the dashboard responsible for authenticating users and visualizing data according to the users' classification level. Our solution distinguishes itself by focusing on data classification rather than data collection, supporting fine-grained access control and declassification. Our implementation, using the Web of Things API, Node-RED and Grafana, demonstrates the security benefits of our design on use cases in the smart city and healthcare domains.