Access control for IoT

Contents

This article is to record state-of-the-art IoT access control mechanism.

  1. Features of IoT system

    • Indoor wayfinding. Users can benefit from indoor wayfinding and their accessibility options can be seen on their mobile devices.
    • Secure access control. Access credentials are easy to manage and update. Doors can be opened from a distance.
    • Instant confirmation. Users can get instant confirmation of access requests.
    • Convenient interaction. It provides easy interaction with other users and also provides location details to users.
    • No physical ID. Physical ID is not required; therefore, the risk of it being stolen or lost is eliminated.
  2. Challenges

  3. Featuers of traditional access control model

    • High costs of centralized cloud maintenance and networking equipment. The costs will continue to rise with the proliferation of connected devices.
    • Low interoperability due to restricted data exchange with other centralized infrastructures.
    • Single gateway is not trustworthy, as it allows gaining access to a whole IoT network by compromising a single device.
  4. Procedures to protect IoT system

    • Provision devices and systems with unique identities and credentials.
    • Apply authentication and access control mechanisms.
    • Use cryptographic network protocols.
    • Create continuous update and deployment mechanisms.
    • Deploy security auditing and monitoring mechanisms.
    • Build continuous health checks for security mechanisms.
    • Proactively assess the impact of potential security events.
    • Minimize the attack surface of your IoT ecosystem.
    • Avoid unnecessary data access, storage, and transmission.
    • Monitor vulnerability disclosure and threat intelligence sources.
  5. Access control elements

    Elements Explanation
    Users Manage permissions with groups.
    Groups Manage permissions with groups.
    Permissions Grant least privilege.
    Auditing Turn on AWS CloudTrail.
    Password Configure a strong password policy.
    MFA Enable MFA for privileged users.
    Roles Use IAM roles for Amazon EC2 instances.
    Sharing Use IAM roles to share access.
    Rotate Rotate security credentials regularly.
    Conditions Restrict privileged access further with conditions.