Activity-Based Access Control for IoT

Abstract

In traditional access control systems, a process is granted or not the access to a resource following a control on a single action without taking into consideration user and/or system context. In this paper we introduce a novel concept and a generalized version of context-aware access control in the Internet of Things that we name Activity Control. Our approach is aimed to be aware of the user’s context and the overall system’s one to make decision on granting or denying the requested action. To implement our concept we used a finite-state machine and the asymmetric encryption mechanism called Ciphertext-Policy Attribute-Based Encryption to achieve a real-time access policy adaptation following user’s and/or system’s context evolution.