Temel Kavramlar
Comprehensive analysis of access control techniques for secure data management in IoT edge computing, including data collection, storage, and usage.
Özet
This paper provides a comprehensive analysis of access control techniques for secure data management in IoT edge computing. It covers the key requirements and challenges of access control in the edge computing environment, including resource constraints, low latency, flexibility, and scalability.
The paper systematically reviews recent access control solutions across different data lifecycles in edge computing:
Data Collection:
- Group-based access control (GBAC) can provide flexible and scalable data collection by using a decentralized lightweight group key management scheme.
- Trust-based access control (TBAC) can improve the accuracy of node trust degree identification and prolong network life for data collection.
- Risk-aware access control (RAAC) can adapt to the dynamics of IoT devices by estimating the security risk of user requests.
- Capability-based access control (CapBAC) can enable efficient and quick token-based access control for pervasive edge computing services.
- Ciphertext-policy attribute-based encryption (CP-ABE) can establish secure communication between edge nodes and the cloud for encrypted data collection.
Data Storage:
- Various ABE-based access control schemes are reviewed, which aim to reduce the computation and communication overhead for resource-constrained IoT devices, such as outsourcing decryption to edge nodes, using elliptic curve cryptography, and reducing the size of ciphertexts and secret keys.
- Context-aware attribute-based access control (CAABAC) incorporates contextual information into CP-ABE to achieve adaptive data collection.
- Trust-based CP-ABE combines users' trust degree to reduce the computational overhead.
Data Usage:
- Data usage control (DUC) is introduced to enforce flexible control over data usage after access is granted.
- Blockchain-based access control platforms are discussed to manage critical access control data across multiple data lifecycles.
The paper also summarizes the lessons learned from these studies and discusses several challenges and potential research directions, such as machine learning-based access control, hybrid access control strategies, and access control testbeds.
İstatistikler
"The size of the secret key is irrespective of the number of attributes and the ciphertext size has a linear relationship with the number of authorities."
"Filtering useless data in the ciphertext for IoT devices (as data receivers) according to more constraints of data producers and consumers."
"Cutting down the computation burden for resource-limited IoT devices by changing the mathematics in cryptography."
"Reducing the computation burden for resource-limited IoT devices from multiple aspects."
Alıntılar
"The size of the secret key is irrespective of the number of attributes and the ciphertext size has a linear relationship with the number of authorities."
"Filtering useless data in the ciphertext for IoT devices (as data receivers) according to more constraints of data producers and consumers."
"Cutting down the computation burden for resource-limited IoT devices by changing the mathematics in cryptography."
"Reducing the computation burden for resource-limited IoT devices from multiple aspects."