World of Empowered IoT Users
- 1 April 2016
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
In a world deploying an Internet of Things, sensors and actuators are owned, accessed, and activated by a plethora of individuals and organizations. Access to the data produced by this world can both be beneficial and have drawbacks to society. This data potentially represents the activities of millions of individuals and their possessions collected by billions of "things'. Aggregations of this data can be analyzed through the Internet and Clouds. This raises possible privacy, security, moral and ethical challenges whose solutions will require flexible protection mechanisms. How do we "acquire" and "distribute" data at the IoT world scale while retaining the rights of individuals and organizations to protect, use, and share their data? Clearly a well-defined mechanism and control needs to regulate access to the data and its aggregations. Our paper describes a user-centric multi-level multiple granularity mechanism to share the data from these devices to people and organizations. Revisiting the fundamental mechanisms in security for providing protection, our solution uses capabilities, access lists, and access rights following well-understood formal notions for reasoning about access. Our contribution is to describe an auditable, transparent, distributed, decentralized, publication-subscription based, robust mechanism and automation of these ideas in the IoT realm that is well-matched to the current generation of clouds. It is based on well-tested principles and practices used in crypto currencies exploiting block chains of transactions. The scheme puts users (including organizational entities) in the center of control over the access to their collections of sensory data. In our paper, we describe a deployment of these ideas for health care, smart cities, and autonomous cars.Keywords
This publication has 19 references indexed in Scilit:
- Big Data: Astronomical or Genomical?PLoS Biology, 2015
- Towards automatic phone-to-phone communication for vehicular networking applicationsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2014
- A capability-based security approach to manage access control in the Internet of ThingsMathematical and Computer Modelling, 2013
- Internet of Things (IoT): A vision, architectural elements, and future directionsFuture Generation Computer Systems, 2013
- A Middleware for Intelligent Environments and the Internet of ThingsLecture Notes in Computer Science, 2010
- Access control for Active SpacesPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Routing through the mist: privacy preserving communication in ubiquitous computing environmentsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- Towards Security and Privacy for Pervasive ComputingLecture Notes in Computer Science, 2003
- A calculus for access control in distributed systemsACM Transactions on Programming Languages and Systems, 1993
- Authentication in distributed systemsACM Transactions on Computer Systems, 1992