Internet of Things Security, Device Authentication and Access Control: A Review
Inayat Ali, Sonia Sabir, Zahid Ullah
TL;DR
This paper provides a layer-wise security review of IoT, emphasizing the critical role of device authentication and access control. It surveys architectural threats across perceptual, network, support, and application layers, and discusses limitations of conventional cryptography, key management, and DoS defenses in resource-constrained IoT environments. The authors consolidate state-of-the-art authentication and access-control approaches (e.g., Cap-based access, OAuth 2.0 variants, OrBAC/SmartOrBAC, Kerberos-based schemes, TCGA, ECC-based methods) and identify the underexplored security needs of the IoT support layer, including cloud audits and virtualization security. The work highlights the necessity for lightweight, scalable, and cross-layer security mechanisms to enable trustworthy IoT deployments in diverse domains such as smart homes, healthcare, and smart cities.
Abstract
The Internet of Things (IoT) is one of the emerging technologies that has grabbed the attention of researchers from academia and industry. The idea behind Internet of things is the interconnection of internet enabled things or devices to each other and to humans, to achieve some common goals. In near future IoT is expected to be seamlessly integrated into our environment and human will be wholly solely dependent on this technology for comfort and easy life style. Any security compromise of the system will directly affect human life. Therefore security and privacy of this technology is foremost important issue to resolve. In this paper we present a thorough study of security problems in IoT and classify possible cyberattacks on each layer of IoT architecture. We also discuss challenges to traditional security solutions such as cryptographic solutions, authentication mechanisms and key management in IoT. Device authentication and access controls is an essential area of IoT security, which is not surveyed so far. We spent our efforts to bring the state of the art device authentication and access control techniques on a single paper.