A Hierarchical Access Control Scheme for Perceptual Layer of IoT

The perceptual layer is at the most front-end of information collection, which plays a fundamental role in the Internet of Things (IoT). In the perceptual layer, mass perceptual nodes are required to sense a vast range of different data types for authorized users in accordance with privacy, security, and customization. This leads to the problem that traditional access control schemes (IBAC, RBAC etc.) fail to meet the requirements of users who want secure and efficient access resources on-demand. In this paper, a hierarchical access control scheme for perceptual layer of the IoT is presented. In the scheme, every hierarchical node, representing a class in the access hierarchy, is composed of perceptual nodes which provide information with the same levels of security. More hierarchical nodes can be modeled as a set of partially ordered classes. Besides, the scheme considers the limited computational and storage capacity of mass perceptual nodes. Compared with previous proposals, the scheme has the following advantages: Every user and perceptual node possesses a single key material to get some keys by a deterministic key derivation algorithm, and obtains the resources at the presented class and all descendant classes in the hierarchy. This increases the security of hierarchical node and reduces much storage costs. Due to supporting full-dynamic changes to the access hierarchy and replacement of key material, the presented scheme not only provides security of hierarchical data access, but also efficiently reduces much communication cost greatly. Furthermore, the scheme is provably secure without random oracle model and meets other security features. Further analysis show that our scheme adapts to access control requirement of perceptive layer of the IoT.