Virtualization of Internet of Things(IoT) is a concept of dynamicallyudbuilding customized high-level IoT services whichudrely on the real time data streams from low-level physicaludIoT sensors. Security in IoT virtualization is challenging,udbecause with the growing number of available (buildingudblock) services, the number of personalizable virtualudservices grows exponentially. This paper proposes ServiceudObject Capability(SOC) ticket system, a decentralized accessudcontrol mechanism between servers and clients to effi-udciently authenticate and authorize each other without usingudpublic key cryptography. SOC supports decentralizedudpartial delegation of capabilities specified in each server/-udclient ticket. Unlike PKI certificates, SOC’s authenticationudtime and handshake packet overhead stays constant regardlessudof each capability’s delegation hop distance from theudroot delegator. The paper compares SOC’s security bene-udfits with Kerberos and the experimental results show SOC’sudauthentication incurs significantly less time packet overheadudcompared against those from other mechanisms based onudRSA-PKI and ECC-PKI algorithms. SOC is as secure as,udand more efficient and suitable for IoT environments, thanudexisting PKIs and Kerberos.
展开▼