Delegated Anonymous Credentials With Revocation Capability for IoT Service Chains (DANCIS)

This article deals with providing privacy-preserving access control in Internet of Things (IoT) systems. Here, a user/IoT device requests access to services provided by other IoT devices and multiple requests are combined to a request-specific service chain. An anonymous delegated credential-based system architecture is proposed, where the requester's identity is not exposed to the services. The article presents the proposed architecture's various components including the security aspects. Various options for implementing the architecture on resource-full and resource-constrained services are presented. A prototype of the proposed architecture is then implemented using Linux-based containers to emulate the services. Two representative systems, namely, a small-scale home automation system using a short service chain and a large-scale industrial automation system using a long service chain are considered. Timing measurements from the implementation are presented to demonstrate that the architecture is feasible and can be adapted for practical use in large-scale IoT systems.

Automated summary

This article presents an approach for providing privacy-preserving access control in IoT systems. It proposes an anonymous delegated credential-based system architecture to protect the requester's identity, and explores options for implementing the architecture on resource-full and resource-constrained services. A prototype implementation using Linux-based containers is demonstrated, showing the feasibility of the architecture for practical use in large-scale IoT systems.