Table of Contents Author Guidelines Submit a Manuscript
Mobile Information Systems
Volume 2017, Article ID 6384186, 20 pages
https://doi.org/10.1155/2017/6384186
Research Article

Holistic Privacy-Preserving Identity Management System for the Internet of Things

Departamento de Ingenieria de la Informacion y las Comunicaciones, University of Murcia, Murcia, Spain

Correspondence should be addressed to Jorge Bernal Bernabe; se.mu@lanrebegroj

Received 7 April 2017; Revised 26 June 2017; Accepted 5 July 2017; Published 8 August 2017

Academic Editor: Michele Ruta

Copyright © 2017 Jorge Bernal Bernabe et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. L. Atzori, A. Iera, and G. Morabito, “The internet of things: a survey,” Computer Networks, vol. 54, no. 15, pp. 2787–2805, 2010. View at Publisher · View at Google Scholar · View at Scopus
  2. Z. M. Fadlullah, M. M. Fouda, N. Kato, A. Takeuchi, N. Iwasaki, and Y. Nozaki, “Toward intelligent machine-to-machine communications in smart grid,” IEEE Communications Magazine, vol. 49, no. 4, pp. 60–65, 2011. View at Publisher · View at Google Scholar · View at Scopus
  3. G. Kortuem, F. Kawsar, V. Sundramoorthy, and D. Fitton, “Smart objects as building blocks for the internet of things,” IEEE Internet Computing, vol. 14, no. 1, pp. 44–51, 2010. View at Publisher · View at Google Scholar · View at Scopus
  4. B. Krishnamurthy and C. E. Wills, “On the leakage of personally identifiable information via online social networks,” in Proceedings of the 2nd ACM SIGCOMM Workshop on Online Social Networks, WOSN '09, pp. 7–12, 2009. View at Publisher · View at Google Scholar · View at Scopus
  5. M. Langheinrich, “Privacy by design-principles of privacy-aware ubiquitous systems,” in Proceedings of the Ubicomp 2001: Ubiquitous Computing, Lecture Notes in Computer Science, pp. 273–291, Springer, Berlin, Germany, 2001. View at Publisher · View at Google Scholar
  6. D. Recordon and D. Reed, “OpenID 2.0: a platform for user-centric identity management,” in Proceedings of the 2d ACM Workshop on Digital Identity Management, DIM '06. Co-located with the 13th ACM Conference on Computer and Communications Security, CCS '06, pp. 11–16, November 2006. View at Publisher · View at Google Scholar · View at Scopus
  7. J. Camenisch and E. V. Herreweghen, “Design and implementation of the idemix anonymous credential system,” in Proceedings of the 9th ACM Conference on Computer and Communications Security CCS ’02, pp. 21–30, ACM, New York, NY, USA, November 2002. View at Scopus
  8. P. Hunt, K. Grizzle, E. Wahlstroem, and C. Mortimore, “System for Cross-domain Identity Management: Core Schema,” RFC Editor RFC7643, 2015. View at Publisher · View at Google Scholar
  9. J. L. H. Ramos, M. P. Pawlowski, A. J. Jara, A. F. Skarmeta, and L. Ladid, “Toward a lightweight authentication and authorization framework for smart objects,” IEEE Journal on Selected Areas in Communications, vol. 33, no. 4, pp. 690–702, 2015. View at Publisher · View at Google Scholar
  10. E. Rissanen, “extensible access control markup language (xacml) version 3.0 oasis standard,” 2012.
  11. J. Bethencourt, A. Sahai, and B. Waters, “Ciphertext-policy attribute-based encryption,” in Proceedings of the IEEE Symposium on Security and Privacy (SP '07), pp. 321–334, IEEE, New York, NY, USA, May 2007. View at Publisher · View at Google Scholar · View at Scopus
  12. J. L. Hernández-Ramos, J. B. Bernabé, and A. Skarmeta, “ARMY: architecture for a secure and privacy-aware lifecycle of smart objects in the internet of my things,” IEEE Communications Magazine, vol. 54, no. 9, pp. 28–35, 2016. View at Publisher · View at Google Scholar · View at Scopus
  13. A. Bassi, M. Bauer, M. Fiedler et al., Enabling Things to Talk, Springer, Berlin, Germany, 2013.
  14. R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013. View at Publisher · View at Google Scholar · View at Scopus
  15. Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for Internet of Things,” Journal of Network and Computer Applications, vol. 42, pp. 120–134, 2014. View at Publisher · View at Google Scholar · View at Scopus
  16. S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: the road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015. View at Publisher · View at Google Scholar · View at Scopus
  17. J. Hughes and E. Maler, “Security Assertion Markup Language (SAML) v2. 0 technical overview,” OASIS SSTC Working Draft sstc-saml-tech-overview-2.0-draft-08, pp. 29–38, 2005.
  18. A. C. Sarma and J. Girão, “Identities in the future internet of things,” Wireless Personal Communications, vol. 49, no. 3, pp. 353–363, 2009. View at Publisher · View at Google Scholar · View at Scopus
  19. J. M. Such, A. Espinosa, A. Garcia-Fornes, and V. Botti, “Partial identities as a foundation for trust and reputation,” Engineering Applications of Artificial Intelligence, vol. 24, no. 7, pp. 1128–1136, 2011. View at Publisher · View at Google Scholar · View at Scopus
  20. J. Camenisch and A. Lysyanskaya, “An efficient system for non-transferable anonymous credentials with optional anonymity revocation,” in Advances in cryptology-EUROCRYPT 2001, pp. 93–118, Springer, Berlin, Germany. View at Publisher · View at Google Scholar · View at MathSciNet
  21. C. Paquin and G. Zaverucha, “U-prove cryptographic specification v1.1,” Tech. Rep., Microsoft, New Mexico, NM, USA, 2011. View at Google Scholar
  22. A. Sabouri, I. Krontiris, and K. Rannenberg, “Attribute-based credentials for trust (ABC4Trust),” Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7449, pp. 218-219, 2012. View at Publisher · View at Google Scholar · View at Scopus
  23. T. Heer, O. Garcia-Morchon, R. Hummen, S. L. Keoh, S. S. Kumar, and K. Wehrle, “Security challenges in the IP-based Internet of Things,” Wireless Personal Communications, vol. 61, no. 3, pp. 527–542, 2011. View at Publisher · View at Google Scholar · View at Scopus
  24. D. Gessner, A. Olivereau, A. S. Segura, and A. Serbanati, “Trustworthy infrastructure services for a secure and privacy-respecting internet of things,” in Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom '12, pp. 998–1003, June 2012. View at Publisher · View at Google Scholar · View at Scopus
  25. D. Wang and P. Wang, “On the anonymity of two-factor authentication schemes for wireless sensor networks: Attacks, principle and solutions,” Computer Networks, vol. 73, pp. 41–57, 2014. View at Publisher · View at Google Scholar · View at Scopus
  26. A. Alcaide, E. Palomar, J. Montero-Castillo, and A. Ribagorda, “Anonymous authentication for privacy-preserving IoT target-driven applications,” Computers & Security, vol. 37, pp. 111–123, 2013. View at Publisher · View at Google Scholar · View at Scopus
  27. L. Seitz, G. Selander, and C. Gehrmann, “Authorization framework for the Internet-of-Things,” in Proceedings of the 2013 IEEE 14th International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM '13, pp. 1–6, June 2013. View at Publisher · View at Google Scholar · View at Scopus
  28. D. Hardt, “The OAuth 2.0 Authorization Framework,” RFC Editor RFC6749, 2012. View at Publisher · View at Google Scholar
  29. R. L. Morgan, S. Cantor, S. Carmody, W. Hoehn, and K. Klingenstein, “Federated security: the shibboleth approach,” Educause Quarterly, vol. 27, no. 4, pp. 12–17, 2004. View at Google Scholar
  30. J. Camenisch and A. Lysyanskaya, “A Signature Scheme with Efficient Protocols,” in Security in Communication Networks, Lecture Notes in Computer Science, pp. 268–289, Springer, Berlin, Germany, 2003. View at Google Scholar
  31. M. Zorzi, A. Gluhak, S. Lange, and A. Bassi, “From today's INTRAnet of things to a future INTERnet of things: a wireless- and mobility-related view,” IEEE Wireless Communications, vol. 17, no. 6, pp. 44–51, 2010. View at Publisher · View at Google Scholar · View at Scopus
  32. S. Sun, L. Lannom, and B. Boesch, “Handle System Overview,” RFC Editor RFC3650, 2003. View at Publisher · View at Google Scholar
  33. E. Rescorla, “HTTP Over TLS,” RFC Editor RFC2818, 2000. View at Publisher · View at Google Scholar
  34. E. Rescorla and N. Modadugu, RFC 6347: Datagram transport layer security (DTLS), Request for Comments, IETF, 2012.
  35. Z. Shelby, RFC 6690: Constrained RESTful Environments (CoRE) Link Format, Request for Comments, IETF, 2012.
  36. J. Bernal Bernabe, J. L. Hernandez Ramos, and A. F. Skarmeta Gomez, “TACIoT: multidimensional trust-aware access control system for the Internet of Things,” Soft Computing, vol. 20, no. 5, pp. 1763–1779, 2016. View at Publisher · View at Google Scholar · View at Scopus
  37. Z. Shelby, K. Hartke, and C. Bormann, “The Constrained Application Protocol (CoAP),” RFC Editor RFC7252, 2014. View at Publisher · View at Google Scholar
  38. M. Nottingham, Web linking, Internet-Draft draft-nottingham-rfc5988bis-06, IETF Secretariat, June 2017. View at Publisher · View at Google Scholar
  39. R. Housley, W. Polk, W. Ford, and D. Solo, “Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile,” RFC Editor RFC3280, 2002. View at Publisher · View at Google Scholar
  40. IBM Research Zurich, “Specification of the identity mixer cryptographic library,” Tech. Rep., 2013. View at Google Scholar
  41. M. Heupel, “Porting and evaluating the performance of idemix and tor anonymity on modern smart-phones,” 2010.
  42. E. Birrell and F. B. Schneider, “Federated identity management systems: a privacy-based characterization,” IEEE Security and Privacy, vol. 11, no. 5, pp. 36–48, 2013. View at Publisher · View at Google Scholar · View at Scopus
  43. G. Dólera Tormo, F. Gómez Mármol, and G. Martínez Pérez, Identity Management in Cloud Systems, Springer, Berlin, Germany, 2014.
  44. A. Pérez, G. López, O. Cánovas, and A. F. Gómez-Skarmeta, “Formal description of the SWIFT identity management framework,” Future Generation Computer Systems, vol. 27, no. 8, pp. 1113–1123, 2011. View at Publisher · View at Google Scholar · View at Scopus