A Survey on Access Control in the Age of IoT

With the development of IoT technology, various information resources, such as social 10 resources and physical resources, are deeply integrated for different comprehensive applications. 11 Social networking, car networking, medical services, video surveillance and other forms of IoT 12 information Service model gradually change people's daily life. Facing the vast amounts of IoT 13 information data, IoT search technology is used to quickly find accurate information to meet real14 time search needs of users. However, IoT search requires to use a large number of user privacy 15 Information, such as personal health information, location information, social relations information, 16 to provide personalized services. User privacy information will meet security problems if an 17 effective access control mechanism is missing during the IoT search process. Access control 18 mechanism can effectively monitor the access activities of resources, and ensure authorized users to 19 access information resources under legitimate conditions. This survey examines the growing 20 literature on access control for IoT search. Problems and challenges of access control mechanism are 21 analyzed to facilitate the adoption of access control solutions in real-life settings. This paper aims to 22 provides theoretical, methodological and technical guidance for IoT search access control 23 mechanism in large-scale dynamic heterogeneous environment. Based on the literature study, we 24 also analyzed future development direction of access control in the age of IoT. 25


28
IoT devices are collecting diverse data, such as electricity consumption, location information, 29 and sensor data, from Internet, sensor networks, and online social networks. The development of IoT 30 search realizes information sharing and improves the efficient use of devices. It can solve the problem 31 of information island, improve the comprehensive utilization rate of social resources, and reduce the 32 production and service costs. However, IoT search also collects, stores and analyses a large amount 33 of private data, while providing convenience to users. Therefore, IoT search is a "double-edged 34 sword". On the one hand, it will bring convenience to people's lives if it is used properly. On the other 35 hand, it's also a serious threaten to personal privacy and national security.  While providing convenience to people, IoT search uses a large amount of authorized personal 55 privacy data. However, the protection of these privacy data is not enough. Once the privacy data is 56 leaked, it may bring huge losses to the organizations. Access control technology ensures that 57 resources can only be accessed by authorized users according to the pre-defined access control policy, 58 so it can prevent unauthorized access to privacy information.

59
By the 1970s, access control system is mainly used in mainframe system, such as BLP model [1]              with the user's private key, and the attribute set is associated with the resource to be accessed. In this 151 model, user freedom is relatively high and data owner freedom is lower. Because only attributes can 152 be used to describe the data, the data owner cannot set the corresponding access control policies. CP-

153
ABE is the reverse of KP-ABE, using an attribute-based policy to encrypt an object, and the access 154 structure used to describe the access control policy is combined with resource to be accessed and the 155 attribute set is associated with the user's private key. In this model, the access control policy is set by 156 data owner, so that data owner freedom is higher.

234
A wide variety of users and devices bring a huge variety of attributes in the IoT environment.

235
These attributes contain too many redundant attributes, which are not necessary to build the access 236 control system, to manually filter. Therefore, it is necessary to study the automated association

265
Since access logs reflect not only access control rules but also requesters' behaviors, so that 266 mining the access logs helps to reconstruct the access rule for reducing the cost of migration to ABAC.  278 the reliability of each rule and removes those rules whose reliability value is below a given threshold.

279
on the other hand, Rhapsody removes those rules that have equivalent shorter rules. In order to test 280 the accuracy of mining algorithm, cross-validation is necessary which splits the log into a training 281 and a testing log. Cross-validation on logs is shown in Figure 1. The Arabic numerals describe the 282 processing stage. Table 1 shows the comparison of mining algorithms mentioned above.

289
There are two challenges. One is the limitations of existing approaches to policy mining is that

297
OAuth (Open Authorization), and UMA (User-Managed Access). these protocols or frameworks will 298 accelerate policy matching.

299
The XACML provide a standardized description of access control policies and is used in many

336
Some researchers proposed to maintain attribute-permission list directly and manually. In [53], 337 a simple direct revocation is described. In this method, labels of the revoked attributes are reversed 338 to relate with permission policies to ensure these revoked attributes cannot be access by users.

339
However, this way increases the description complexity of access control policies. To solve this 340 problem, [54] proposed an attribute direct-revocable CP-ABE scheme with constant ciphertext length.

341
Although direct revocation can achieve fine-grained access control, it cannot achieve efficient

384
The literature surveyed in this paper covered a number of different types of ABAC models.

385
However, as the application environment becomes more and more diverse and complex, there is still 386 challenge problems to be solved in ABAC research. One of the challenge problems to be solved is