TY  - EJOU
AU  - Li, Chao 
AU  - Li, Fan 
AU  - Huang, Cheng 
AU  - Yin, Lihua 
AU  - Luo, Tianjie 
AU  - Wang, Bin 

TI  - A Traceable Capability-based Access Control for IoT
T2  - Computers, Materials \& Continua

PY  - 2022
VL  - 72
IS  - 3
SN  - 1546-2226

AB  - Delegation mechanism in Internet of Things (IoT) allows users to share some of their permissions with others. Cloud-based delegation solutions require that only the user who has registered in the cloud can be delegated permissions. It is not convenient when a permission is delegated to a large number of temporarily users. Therefore, some works like CapBAC delegate permissions locally in an offline way. However, this is difficult to revoke and modify the offline delegated permissions. In this work, we propose a traceable capability-based access control approach (TCAC) that can revoke and modify permissions by tracking the trajectories of permissions delegation. We define a time capability tree (TCT) that can automatically extract permissions trajectories, and we also design a new capability token to improve the permission verification, revocation and modification efficiency. The experiment results show that TCAC has less token verification and revocation/modification time than those of CapBAC and xDBAuth. TCAC can discover 73.3% unvisited users in the case of delegating and accessing randomly. This provides more information about the permissions delegation relationships, and opens up new possibilities to guarantee the global security in IoT delegation system. To the best of our knowledge, TCAC is the first work to capture the unvisited permissions.
KW  - IoT access control; permission delegation; delegation trajectory; capability revocation; capability modification

DO  - 10.32604/cmc.2022.023496