This column evaluates blockchain's roles in strengthening security in the Internet of Things (IoT). Key underlying mechanisms related to the blockchain-IoT security nexus are covered. From a security ...standpoint, the article highlights how blockchain-based solutions could be, in many aspects, superior to the current IoT ecosystem, which relies mainly on centralized cloud servers. Using practical applications and real-world examples, the article argues that blockchain's decentralized nature is likely to result in a low susceptibility to manipulation and forgery by malicious participants. Special consideration is given to how blockchain-based identity and access management systems can address some of the key challenges associated with IoT security. The column provides a detailed analysis and description of blockchain's roles in tracking the sources of insecurity in supply chains related to IoT devices. Using blockchain, it is also possible to contain an IoT security breach in a targeted way after it is discovered. The column also discusses and evaluates initiatives of organizations, interorganizational networks, and industries on the frontlines of blockchain.
The evolution of identity and access management (IAM) has been driven by the expansion of online services, cloud computing, and the Internet of Things (IoT). The proliferation of remote work, mobile ...applications, and interconnected devices has intensified the demand for robust identity protection and access control. As digital interactions and data sharing become more prevalent across industries, IAM has gained prominence, compelled by the need to safeguard sensitive information, prevent unauthorized access, and adhere to increasingly stringent regulatory frameworks.
In parallel with IAM's evolution, the integration of artificial intelligence (AI) has emerged as a pivotal avenue for enhancing IAM effectiveness. This survey delves into the fusion of machine learning (ML) techniques to fortify IAM, with a specific focus on its core processes: authentication, authorization, and auditing. Addressing fundamental questions regarding ML's role in enhancing IAM processes, we begin by proposing a comprehensive definition of IAM within a unified layered-wise reference model, highlighting Authentication, Authorization, and Auditing functions (with focus on monitoring).
Furthermore, our survey comprehensively explores ML-based solutions within IAM systems, presenting a taxonomy of state-of-the-art methodologies categorized by their application in IAM processes. Drawing from both qualitative and quantitative insights from cited references, we investigate how ML enhances the performance and security of IAM processes. Additionally, by investigating challenges in implementing ML in IAM systems, we shed light on issues such as data privacy concerns and the interpretability of ML-driven decisions.
In conclusion, this paper makes a substantial contribution to the IAM landscape by providing comprehensive insights into the transformative role of ML. Addressing pivotal questions, our survey offers a roadmap to leverage ML's potential for enhancing the performance, security, and efficacy of IAM systems.
Identity management is a core building block for the majority of software solutions and landscapes. Competing with existing identity-managing solutions, blockchain-based concepts and products have ...evolved in the context of verified claims and self-sovereign identities. The contribution of this paper is a systematic, criteria-driven survey of the solutions and technologies for this growing field and their comparison with the capabilities of established solutions. By including an extensive set of requirements covering ecosystem aspects, end-user functionality, mobility and overhead aspects, compliance/liability, EU regulations, standardization, and integration, this paper shows the highlights and the deficits of a wide array of solutions.
The number of connected devices is growing exponentially, fueling the rise of diverse new Internet of Things (IoT) applications. While the benefits of IoT for society are undeniable, the lack of a ...proper Identity Management (IdM) system for IoT raises significant concerns about privacy and security. Traditionally, IdM systems have focused on managing people’s digital identities and regulating their access to web services. However, in the IoT context, applying traditional IdMs proves inadequate due to their incapacity to handle the sheer number of devices and the diversity of device types in IoT. Additionally, these systems often fail to address IoT environments’ unique security and privacy challenges, lacking scalability, availability, and robustness. In this survey, we provide a comprehensive state-of-the-art review of IdMs, explicitly presenting the fundamental concepts and challenges when developing an IdM for IoT applications. We offer an overview of the IdM concept, covering its objectives, components, and models, and then establish connections between these concepts and IoT characteristics. Subsequently, we delve into the primary challenges of adapting IdMs for IoT. We explore existing works that propose solutions to address at least one component of IdMs in response to the current challenges. Finally, the survey highlights current unresolved issues in this context, including the scalability of identity provisioning, authentication for IoT devices, and concerns regarding the performance and management of the authorization processes.
Internet of Things (IoT) provides a wide range of services in domestic and industrial environments. Access control plays a crucial role in granting access rights to users and devices when an IoT ...device is connected to a network. However, many challenges exist in designing and implementing an ideal access control solution for the IoT due to the characteristics of the IoT including but not limited to the variety of the IoT devices, the resource constraints on the IoT devices, and the heterogeneous nature of the IoT. This paper conducts a comprehensive survey on access control in the IoT, including access control requirements, authorization architecture, access control models, access control policies, access control research challenges, and future directions. It identifies and summarizes key access control requirements in the IoT. The paper further evaluates the existing access control models to fulfill the access control requirements. Access control decisions are governed by access control policies. The existing approaches on dynamic policies' specification are reviewed. The challenges faced by the existing solutions for policies' specification are highlighted. Finally, the paper presents the research challenges and future directions of access control in the IoT. Due to the variety of IoT applications, there is no one-size-fits-all solution for access control in the IoT. Despite the challenges encountered in designing and implementing the access control in the IoT, it is desired to have an access control solution to meet all the identified requirements to secure the IoT.
Block-chain-based Identity and access management framework is a promising solution to privacy and security issues raised during the exchange of patient data in the healthcare industry. This ...technology ensures the confidentiality and integrity of sensitive information by providing a decentralized and immutable ledger. In our research, we propose an identity and access management system that employs Hyper-ledger Fabric and OAuth 2.0 for improved security and scalability. This combination allows for transparency and immutability of user transactions and minimizes the risk of fraud and unauthorized access. Additionally, Hyper-ledger Fabric's privacy, security, and scalability features enable granular access control to sensitive information, while OAuth 2.0 authorizes only trusted third-party applications to access specific data on the Fabric network. The proposed approach can handle large volumes of data and support multiple applications, thus providing a secure and scalable solution for managing access to the Fabric network. Moreover, our solution employs Role-based access control based on the patient's role, ensuring privacy and confidentiality. Our statistical analysis demonstrates that the proposed approach can efficiently and securely manage patient identity and access, potentially transforming the healthcare industry by enhancing data interoperability, reducing fraud and errors, and improving patient privacy and security. Furthermore, our solution can facilitate compliance with regulatory requirements such as HIPAA and GDPR.
Establishing users’ identities and determining their permissions before they access research infrastructure resources are key features of science gateways. With many science gateways now relying on ...general purpose gateway platform services, the challenges of managing identity-derived features have expanded to include network-based authentication and authorization scenarios that connect science gateway tenants, science gateway platform middleware, and third party identity provider services, including campus identity management systems. This paper examines both architectural and implementation considerations for integrating these services. We provide a summary case study that further shows how end-to-end authentication and authorization can be provided between gateways, campus authentication systems, science gateway middleware, and campus computing resources. We conclude with observations on lifecycle management of third party components in science gateway platform services, which is an important consideration for both selection of new technologies and transitioning from older systems.
•Establishing users’ identities and determining their permissions before they access research infrastructure resources is a key feature of science gateways.•With many science gateways now relying on general purpose gateway platform services, the challenges of managing identity-derived features have expanded to include network-based authentication and authorization scenarios that connect science gateway tenants, science gateway platform middleware, and third party identity provider services, including campus identity management systems.•This paper examines both architectural and implementation considerations for integrating these services.•We provide a summary case study that further shows how end-to-end authentication and authorization can be provided between gateways, campus authentication systems, science gateway middleware, and campus computing resources.•We conclude with observations on lifecycle management of third party components in science gateway platform services, which is an important consideration for both selection of new technologies and transitioning from older systems.
Electric vehicles (EVs) have rapidly developed over the last decade due to their environmental benefits. As a key component of EVs, electric vehicle chargers are becoming increasingly digital and ...intelligent. However, due to the vast attack surface and the lack of systematic study, EV chargers and charging management cloud platforms are facing cyber security problems. These problems include weak cryptographic mechanisms, insecure data communication, and malicious firmware attacks. Through specific vulnerabilities, attackers can tamper with the data communication or replay network requests between EV chargers and cloud platforms. It will cause threats such as user-level privacy leakage, power fluctuations in the smart grid, and damage to Electric vehicles, damaging public life and property safety. Given the above, this paper proposes a security protection scheme incorporating blockchain, zero trust, and ShangMi cryptographic (SM) algorithms. The scheme uses Hyperledger Fabric for key management and trust evaluation event storage to guarantee the authenticity, non-repudiation, and tamper-proof of keys and events. In addition, zero trust is applied to secure valuable resources and enforce identity and access management (IAM) for accessing entities. We adopt the dynamic trust evaluation method to assess the trustworthiness of accessing entities in real time to implement dynamic authorization. Furthermore, the SM algorithms SM2, SM3, and SM4 are used to protect data confidentiality, integrity, and authenticity. Experimental results demonstrate that our scheme can effectively resist replay and tampering attacks, securing data communication between EV chargers and cloud platforms. And the performance of the cryptographic algorithm, blockchain system, and Secure Sockets Layer (SSL) meets Chinese national and industry standards.
Display omitted
•We propose an EV charger protection schemebased on zero trust, blockchain, and SM algorithms.•A novel zero-trust-based architecture for EV chargers and the cloud platform is presented.•Hyperledger Fabric is used for key management and the support for trust evaluation.•SM algorithms are applied to implement enhanced authentication and data encrypted communication.•A security scheme for OTA updates based on threshold signatures and multi-signatures is designed.
Self-Sovereign Identity (SSI) is an identity model centered on the user. The user maintains and controls their data in this model. When a service provider requests data from the user, the user sends ...it directly to the service provider, bypassing third-party intermediaries. Thus, SSI reduces identity providers’ involvement in the identification, authentication, and authorization, thereby increasing user privacy. Additionally, users can share portions of their personal information with service providers, significantly improving user privacy. This identity model has drawn the attention of researchers and organizations worldwide, resulting in an increase in both scientific and non-scientific literature on the subject. This study conducts a comprehensive and rigorous systematic review of the literature and a systematic mapping of theoretical and practical advances in SSI. We identified and analyzed evidence from reviewed materials to address four research questions, resulting in a novel SSI taxonomy used to categorize and review publications. Additionally, open challenges are discussed along with recommendations for future work.
With the rise in sophisticated cyber threats, traditional authentication methods are no longer sufficient. Risk-based authentication (RBA) plays a critical role in the context of the zero trust ...framework—a paradigm shift that assumes no trust within or outside the network. This research introduces a novel proposal as its core: utilization of the time required by OpenID Connect (OIDC) token exchanges as a new RBA feature. This innovative approach enables the detection of tunneled connections without any intervention from the user’s browser or device. By analyzing the duration of OIDC token exchanges, the system can identify any irregularities that may signify unauthorized access attempts. This approach not only improves upon existing RBA frameworks but is also in alignment with the broader movement toward intelligent and responsive security systems.
PDF
