{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,17]],"date-time":"2025-11-17T02:58:05Z","timestamp":1763348285270,"version":"build-2065373602"},"reference-count":55,"publisher":"MDPI AG","issue":"15","license":[{"start":{"date-parts":[[2020,8,4]],"date-time":"2020-08-04T00:00:00Z","timestamp":1596499200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Sensors"],"abstract":"<jats:p>The Internet of Things (IoT) brings plenty of opportunities to enhance society\u2019s activities, from improving a factory\u2019s production chain to facilitating people\u2019s household tasks. However, it has also brought new security breaches, compromising privacy and authenticity. IoT devices are vulnerable to being accessed from the Internet; they lack sufficient resources to face cyber-attack threats. Keeping a balance between access control and the devices\u2019 resource consumption has become one of the highest priorities of IoT research. In this paper, we evaluate an access control architecture based on the IAACaaS (IoT application-Scoped Access Control as a Service) model with the aim of protecting IoT devices that communicate using the Publish\/Subscribe pattern. IAACaaS is based on the OAuth 2.0 authorization framework, which externalizes the identity and access control infrastructure of applications. In our evaluation, we implement the model using FIWARE Generic Enablers and deploy them for a smart buildings use case with a wireless communication. Then, we compare the performance of two different approaches in the data-sharing between sensors and the Publish\/Subscribe broker, using Constrained Application Protocol (CoAP) and Hypertext Transfer Protocol (HTTP) protocols. We conclude that the integration of Publish\/Subscribe IoT deployments with IAACaaS adds an extra layer of security and access control without compromising the system\u2019s performance.<\/jats:p>","DOI":"10.3390\/s20154341","type":"journal-article","created":{"date-parts":[[2020,8,4]],"date-time":"2020-08-04T05:56:46Z","timestamp":1596520606000},"page":"4341","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Evaluation of an IoT Application-Scoped Access Control Model over a Publish\/Subscribe Architecture Based on FIWARE"],"prefix":"10.3390","volume":"20","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2160-1978","authenticated-orcid":false,"given":"Alejandro","family":"Pozo","sequence":"first","affiliation":[{"name":"Departamento de Ingenier\u00eda de Sistemas Telem\u00e1ticos, Escuela T\u00e9cnica Superior de Ingenieros de Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8456-8351","authenticated-orcid":false,"given":"\u00c1lvaro","family":"Alonso","sequence":"additional","affiliation":[{"name":"Departamento de Ingenier\u00eda de Sistemas Telem\u00e1ticos, Escuela T\u00e9cnica Superior de Ingenieros de Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7269-8079","authenticated-orcid":false,"given":"Joaqu\u00edn","family":"Salvach\u00faa","sequence":"additional","affiliation":[{"name":"Departamento de Ingenier\u00eda de Sistemas Telem\u00e1ticos, Escuela T\u00e9cnica Superior de Ingenieros de Telecomunicaci\u00f3n, Universidad Polit\u00e9cnica de Madrid, 28040 Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2020,8,4]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Atwady, Y., and Hammoudeh, M. (2017, January 19\u201320). A survey on authentication techniques for the internet of things. Proceedings of the International Conference on Future Networks and Distributed Systems, Cambridge, UK.","DOI":"10.1145\/3102304.3102312"},{"key":"ref_2","unstructured":"Hardt, E.D. (2020, August 04). The OAuth 2.0 Authorization Framework. RFC 6749. Available online: https:\/\/tools.ietf.org\/html\/rfc6749."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"79","DOI":"10.1016\/j.jnca.2019.06.017","article-title":"Access control in Internet-of-Things: A survey","volume":"144","author":"Ravidas","year":"2019","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., and Bianchi, G. (2017, January 3\u20136). OAuth-IoT: An access control framework for the Internet of Things based on open standards. Proceedings of the 2017 IEEE Symposium on Computers and Communications (ISCC), Heraklion, Greece.","DOI":"10.1109\/ISCC.2017.8024606"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Fremantle, P., Aziz, B., Kopeck\u1ef3, J., and Scott, P. (2014, January 10). Federated identity and access management for the internet of things. Proceedings of the 2014 International Workshop on Secure Internet of Things, Wroclaw, Poland.","DOI":"10.1109\/SIoT.2014.8"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Alonso, A., Fernandez, F., Marco, L., and Salvachua, J. (2017). IAACaaS: IoT Application-Scoped Access Control as a Service. Future Internet, 9.","DOI":"10.3390\/fi9040064"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Fern\u00e1ndez, F., Alonso, A., Marco, L., and Salvach\u00faa, J. (2017, January 7\u20139). A model to enable application-scoped access control as a service for IoT using OAuth 2.0. Proceedings of the 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), Paris, France.","DOI":"10.1109\/ICIN.2017.7899433"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"590","DOI":"10.1016\/j.procs.2019.11.042","article-title":"An Architecture for Providing Data Usage and Access Control in Data Sharing Ecosystems","volume":"160","author":"Pozo","year":"2019","journal-title":"Procedia Comput. Sci."},{"key":"ref_9","unstructured":"(2020, February 22). IoT Developer Survey 2019 Results. Available online: https:\/\/iot.eclipse.org\/resources\/iot-developer-survey\/iot-developer-survey-2019.pdf."},{"key":"ref_10","unstructured":"OASIS Standard (2019, June 03). eXtensible Access Control Markup Language (XACML) Version 3.0. Available online: http:\/\/docs.oasis-open.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.pdf."},{"key":"ref_11","unstructured":"Otto, B., Lohmann, S., Auer, S., Cirullies, J., Haas, C., J\u00fcrjens, J., Lange, C., Mader, C., Nagel, R., and Quix, C. (2020, July 02). Reference architecture model for the Industrial Data Space. Available online: https:\/\/www.internationaldataspaces.org\/wp-content\/uploads\/2019\/03\/IDS-Reference-Architecture-Model-3.0.pdf."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Pullmann, J., Petersen, N., Mader, C., Lohmann, S., and Kemeny, Z. (2017, January 12\u201315). Ontology-based information modelling in the industrial data space. Proceedings of the 2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA), Limassol, Cyprus.","DOI":"10.1109\/ETFA.2017.8247688"},{"key":"ref_13","unstructured":"(2020, March 02). OMA Next Generation Services Interface V1.0. Available online: https:\/\/www.openmobilealliance.org\/release\/NGSI."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Alonso, \u00c1., Pozo, A., Cantera, J.M., la Vega, F., and Hierro, J.J. (2018). Industrial Data Space Architecture Implementation Using FIWARE. Sensors, 18.","DOI":"10.3390\/s18072226"},{"key":"ref_15","unstructured":"Mikl\u00f3s, Z. (2002, January 2\u20135). Towards an access control mechanism for wide-area publish\/subscribe systems. Proceedings of the 22nd International Conference on Distributed Computing Systems Workshops, Vienna, Austria."},{"key":"ref_16","unstructured":"(2020, March 12). 5 Common Cyber Attacks in the IoT\u2014Threat Alert on a Grand Scale. Available online: https:\/\/www.globalsign.com\/en\/blog\/five-common-cyber-attacks-in-the-iot."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Pesonen, L.I., Eyers, D.M., and Bacon, J. (2007, January 20\u201322). Encryption-enforced access control in dynamic multi-domain publish\/subscribe networks. Proceedings of the 2007 Inaugural International Conference on Distributed Event-Based Systems, Toronto, ON, Canada.","DOI":"10.1145\/1266894.1266916"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Bacon, J., and Pietzuch, D.M.E.J.S.P.R. (2008, January 1\u20134). Access control in publish\/subscribe systems. Proceedings of the DEBS \u201908: Proceedings of the Second International Conference on Distributed Event-Based Systems, Rome, Italy.","DOI":"10.1145\/1385989.1385993"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Belokosztolszki, A., Eyers, D.M., Pietzuch, P.R., Bacon, J., and Moody, K. (2003, January 8). Role-based access control for publish\/subscribe middleware architectures. Proceedings of the 2nd International Workshop on Distributed Event-Based Systems, San Diego, CA, USA.","DOI":"10.1145\/966618.966622"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1016\/j.is.2016.05.004","article-title":"AUPS: An open source AUthenticated publish\/subscribe system for the internet of things","volume":"62","author":"Rizzardi","year":"2016","journal-title":"Inf. Syst."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Malina, L., Srivastava, G., Dzurenda, P., Hajny, J., and Fujdiak, R. (2019, January 26\u201329). A secure publish\/subscribe protocol for internet of things. Proceedings of the 14th International Conference on Availability, Reliability and Security, Canterbury, UK.","DOI":"10.1145\/3339252.3340503"},{"key":"ref_22","unstructured":"Wang, C., Carzaniga, A., Evans, D., and Wolf, A.L. (2002, January 7\u201310). Security issues and requirements for internet-scale publish-subscribe systems. Proceedings of the 35th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA."},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Tamboli, M.B., and Dambawade, D. (2016, January 20\u201321). Secure and efficient CoAP based authentication and access control for Internet of Things (IoT). Proceedings of the 2016 IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), Bangalore, India.","DOI":"10.1109\/RTEICT.2016.7808031"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Pereira, P.P., Eliasson, J., and Delsing, J. (November, January 29). An authentication and access control framework for CoAP-based Internet of Things. Proceedings of the IECON 2014-40th Annual Conference of the IEEE Industrial Electronics Society, Dallas, TX, USA.","DOI":"10.1109\/IECON.2014.7049308"},{"key":"ref_25","first-page":"2321","article-title":"OAuth based Secured authentication mechanism for IoT Applications","volume":"6","author":"Polu","year":"2018","journal-title":"Int. J. Eng. Dev. Res."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"1224","DOI":"10.1109\/JSEN.2014.2361406","article-title":"Iot-oas: An oauth-based authorization service architecture for secure services in iot scenarios","volume":"15","author":"Cirani","year":"2014","journal-title":"IEEE Sens. J."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Niruntasukrat, A., Issariyapat, C., Pongpaibool, P., Meesublak, K., Aiumsupucgul, P., and Panya, A. (2016, January 23\u201327). Authorization mechanism for mqtt-based internet of things. Proceedings of the 2016 IEEE International Conference on Communications Workshops (ICC), Kuala Lumpur, Malaysia.","DOI":"10.1109\/ICCW.2016.7503802"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Wu, X., Steinfeld, R., Liu, J., and Rudolph, C. (2017, January 24\u201326). An implementation of access-control protocol for IoT home scenario. Proceedings of the 2017 IEEE\/ACIS 16th International Conference on Computer and Information Science (ICIS), Wuhan, China.","DOI":"10.1109\/ICIS.2017.7959965"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Navas, R.E., Lagos, M., Toutain, L., and Vijayasankar, K. (2016, January 12\u201314). Nonce-based authenticated key establishment over OAuth 2.0 IoT proof-of-possession architecture. Proceedings of the 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), Reston, VA, USA.","DOI":"10.1109\/WF-IoT.2016.7845424"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Naik, N. (2017, January 11\u201313). Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP. Proceedings of the 2017 IEEE international systems engineering symposium (ISSE), Vienna, Austria.","DOI":"10.1109\/SysEng.2017.8088251"},{"key":"ref_31","unstructured":"Tschofenig, H., and Fossati, T. (2020, August 04). Transport Layer Security (TLS)\/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things. Available online: https:\/\/tools.ietf.org\/html\/rfc7925."},{"key":"ref_32","unstructured":"Rescorla, E., and Modadugu, N. (2020, August 04). Datagram Transport Layer Security Version 1.2, Available online: https:\/\/tools.ietf.org\/html\/rfc6347."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"2505","DOI":"10.1007\/s12652-018-0729-z","article-title":"Analysis of CoAP Implementations for Industrial Internet of Things: A Survey","volume":"10","author":"Orive","year":"2019","journal-title":"J. Ambient. Intell. Humaniz. Comput."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Moosavi, S.R., Gia, T.N., Nigussie, E., Rahmani, A.M., Virtanen, S., Tenhunen, H., and Isoaho, J. (2015, January 26\u201328). Session resumption-based end-to-end security for healthcare internet-of-things. Proceedings of the 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Liverpool, UK.","DOI":"10.1109\/CIT\/IUCC\/DASC\/PICOM.2015.83"},{"key":"ref_35","doi-asserted-by":"crossref","unstructured":"Park, J., and Kang, N. (2014, January 22\u201324). Lightweight secure communication for CoAP-enabled internet of things using delegated DTLS handshake. Proceedings of the 2014 International Conference on Information and Communication Technology Convergence (ICTC), Busan, Korea.","DOI":"10.1109\/ICTC.2014.6983078"},{"key":"ref_36","unstructured":"Oliveira, C.T., Moreira, R., de Oliveira Silva, F., Miani, R.S., and Rosa, P.F. (2018, January 16\u201318). Improving Security on IoT Applications Based on the FIWARE Platform. Proceedings of the 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), Krakow, Poland."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"De Caro, N., Colitti, W., Steenhaut, K., Mangino, G., and Reali, G. (2013, January 21). Comparison of two lightweight protocols for smartphone-based sensing. Proceedings of the 2013 IEEE 20th Symposium on Communications and Vehicular Technology in the Benelux (SCVT), Namur, Belgium.","DOI":"10.1109\/SCVT.2013.6735994"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Barreto, L., Celesti, A., Villari, M., Fazio, M., and Puliafito, A. (2015, January 28\u201330). Identity management in iot clouds: A fiware case of study. Proceedings of the 2015 IEEE Conference on Communications and Network Security (CNS), Florence, Italy.","DOI":"10.1109\/CNS.2015.7346887"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Huang, J.Y., Tsai, P.H., and Liao, I.E. (2017, January 3\u20135). Implementing publish\/subscribe pattern for CoAP in fog computing environment. Proceedings of the 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC, Canada.","DOI":"10.1109\/IEMCON.2017.8117190"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"102496","DOI":"10.1016\/j.jnca.2019.102496","article-title":"LAM-CIoT: Lightweight authentication mechanism in cloud-based IoT environment","volume":"150","author":"Wazid","year":"2020","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"1267","DOI":"10.1016\/j.future.2018.04.019","article-title":"Design and analysis of authenticated key agreement scheme in cloud-assisted cyber\u2013physical systems","volume":"108","author":"Challa","year":"2020","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_42","unstructured":"Shelby, Z., Hartke, K., and Borman, C. (2020, August 04). The Constrained Application Protocol (CoAP). Available online: https:\/\/tools.ietf.org\/html\/rfc7252."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/SURV.2009.090205","article-title":"Sensor network security: A survey","volume":"11","author":"Chen","year":"2009","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"ref_44","unstructured":"Sen, J. (2010). A Survey on Wireless Sensor Network Security. arXiv."},{"key":"ref_45","first-page":"31","article-title":"Security Vulnerabilities In Wireless Sensor Networks: A Survey","volume":"5","author":"Tamil","year":"2009","journal-title":"J. Inf. Assur. Secur."},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Modares, H., Salleh, R., and Moravejosharieh, A. (2011, January 20\u201322). Overview of Security Issues in Wireless Sensor Networks. Proceedings of the 2011 Third International Conference on Computational Intelligence, Modelling Simulation, Langkawi, Malaysia.","DOI":"10.1109\/CIMSim.2011.62"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"487","DOI":"10.1016\/j.enbuild.2017.06.070","article-title":"Actual energy savings from the use of thermostatic radiator valves in residential buildings \u2013 Long term field evaluation","volume":"151","author":"Cholewa","year":"2017","journal-title":"Energy Build."},{"key":"ref_48","unstructured":"Chen, H., Jia, X., and Li, H. (2011, January 14\u201316). A brief introduction to IoT gateway. Proceedings of the IET International Conference on Communication Technology and Application (ICCTA 2011), Beijing, China."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"206","DOI":"10.1109\/TMSCS.2017.2705683","article-title":"Internet of everything: A large-scale autonomic IoT gateway","volume":"3","author":"Kang","year":"2017","journal-title":"IEEE Trans. Multi-Scale Comput. Syst."},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"644","DOI":"10.1109\/TIT.1976.1055638","article-title":"New directions in cryptography","volume":"22","author":"Diffie","year":"1976","journal-title":"IEEE Trans. Inf. Theory"},{"key":"ref_51","unstructured":"(2020, July 02). Secure Hash Standard, Available online: https:\/\/csrc.nist.gov\/csrc\/media\/publications\/fips\/180\/2\/archive\/2002-08-01\/documents\/fips180-2.pdf."},{"key":"ref_52","unstructured":"Okta (2020, July 24). Access Token Lifetime. Available online: https:\/\/www.oauth.com\/oauth2-servers\/access-tokens\/access-token-lifetime."},{"key":"ref_53","unstructured":"Martin, J.E., Mills, D., Delaware, U., Burbank, J., and Kasch, W. (2020, August 04). Network Time Protocol Version 4: Protocol and Algorithms Specification. Available online: https:\/\/tools.ietf.org\/html\/rfc5905."},{"key":"ref_54","doi-asserted-by":"crossref","unstructured":"Selander, G., Mattsson, J., Palombini, F., and Seitz, L. (2020, August 04). Object Security for Constrained RESTful Environments (OSCORE). Available online: https:\/\/tools.ietf.org\/html\/rfc8613.","DOI":"10.17487\/RFC8613"},{"key":"ref_55","unstructured":"Hammer-Lahav, E.E. (2020, August 04). HTTP Authentication: MAC Access Authentication, Available online: https:\/\/tools.ietf.org\/html\/draft-ietf-oauth-v2-http-mac-01."}],"container-title":["Sensors"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4341\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T09:54:09Z","timestamp":1760176449000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1424-8220\/20\/15\/4341"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,8,4]]},"references-count":55,"journal-issue":{"issue":"15","published-online":{"date-parts":[[2020,8]]}},"alternative-id":["s20154341"],"URL":"https:\/\/doi.org\/10.3390\/s20154341","relation":{},"ISSN":["1424-8220"],"issn-type":[{"type":"electronic","value":"1424-8220"}],"subject":[],"published":{"date-parts":[[2020,8,4]]}}}