Table 2.
Summary of Access Control Mechanisms for the IoT based on ProBAC.
| Ref. | Purposes | Key Contribution | Implementation |
|---|---|---|---|
| [47] | Examining the employment of data security and access control for an IoT-based system. | Proposes a protocol called Intelligent Service Security Application Protocol (ISSAP) that uses a data packet encapsulation mechanism for IoT access control. | No |
| [48] | Building an access control model supported by DTLS. | Proposes an approach for securing IoT access control using DTLS protocol and existing Internet standards. | Yes |
| [49] | Employment of light-weight key management mechanism for securing IoT access control. | Proposes a centralized access control model using CoAP supported by DTLS for transport security. | Yes |
| [51] | Employment of lightweight key management mechanisms by avoiding resource expensive public key cryptography. | Proposes a flexible and delegation based authentication and authorization framework for constrained IoT devices. | Yes |
| [52] | Providing a holistic framework for securing SOA-based low power networks that are composed of constrained IoT devices. | Develops an access control framework considering the resource limited nature of the IoT devices using CoAP and Kerberos. | Yes |
| [53] | Building a smart gateway-based authentication and authorization method to prevent unauthorized access of medical information in an IoT-enabled smart healthcare facility. | Develops an access control framework combined with DTLS and CoAP-based authentication scheme for the IoT to provide high-end security in the datagram transport. | Yes |
| [54] | Examining an access control delegation using lightweight key management protocol. | Proposes a framework for delegating client authentication and authorization in a constrained environment using symmetric key cryptography. | No |
| [55] | Examining the use of PKI for IoT access control. | Develops an authorization and access control framework for IoT environment using a PKI scheme. | Yes |
| [56] | Examining the authentication in the life-cycle of an IoT device to secure access control. | Develops an Authentication of Things (AoT) protocol that addresses authentication and access control during the entire life-cycle of an IoT device. | Yes |
| [57] | Building an access control framework for resource-rich devices to perform expensive computation and processing tasks. | Proposes a cryptographic scheme for access control in IoT devices named Efficient and Tiny Authentication (ETA). | No |
| [58] | Overcoming the overhead of heavy-weight PKI based cryptosystems within the resource limited IoT devices. | Proposes an end-to-end authentication framework for IoT by employing IBC and ECC. | No |
| [59] | Examining how to reduce the computational load requirements for sensor networks. | Proposes a user authentication protocol for WSNs using ECC and smart cards. | No |
| [60] | Examining how to reduce the computational load requirements for IoT systems. | Proposes a flexible and light-weight ECC based authentication scheme for resource constrained IoT systems. | No |
| [61] | Investigating the use of OAuth2 to build a federated and user-directed access control framework for the IoT. | Develops an access control framework for IoT based on OAuth. | Yes |
| [62] | Investigating the use OAuth2 to build an IoT access control framework. | Develops an access control framework, called ‘OAuth-IoT’, for the IoT based on open standards OAuth protocol. | Yes |
| [63] | Building a unified access control scheme that integrates heterogeneous IoT devices and internet-based services. | Develops an IoT access control framework by integrating IoT devices with web-based services. | Yes |
| [64] | Designing a light-weight access control mechanism for IoT systems. | Discusses an access control enforcement mechanism within MQTT-based IoT systems. | Yes |
| [65] | Building an access control framework by providing fine-grained (remote) customization of access policies. | Proposes an architecture called ‘IoT-OAS’ which is an OAuth-Based authorization service architecture for secure services in IoT scenarios. | Yes |
| [66] | Examining light-weight access control frameworks to provide flexibility to existing Web-based services. | Proposes an access control framework for IoT based on CoAP. | No |