{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T03:48:29Z","timestamp":1760240909164,"version":"build-2065373602"},"reference-count":37,"publisher":"MDPI AG","issue":"10","license":[{"start":{"date-parts":[[2019,10,19]],"date-time":"2019-10-19T00:00:00Z","timestamp":1571443200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001871","name":"Funda\u00e7\u00e3o para a Ci\u00eancia e a Tecnologia","doi-asserted-by":"publisher","award":["CMU\/CS\/0042\/2017"],"award-info":[{"award-number":["CMU\/CS\/0042\/2017"]}],"id":[{"id":"10.13039\/501100001871","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Assuring security and privacy is one of the key issues affecting the Internet of Things (IoT), mostly due to its distributed nature. Therefore, for the IoT to thrive, this problem needs to be tackled and solved. This paper describes a security-oriented architecture for managing IoT deployments. Our main goal was to deal with a fine-grained control in the access to IoT data and devices, to prevent devices from being manipulated by attackers and to avoid information leaking from IoT devices to unauthorized recipients. The access control is split: the management of authentication and access control policies is centered on special components (Authentication, Authorization, and Accounting Controllers), which can be distributed or centralized, and the actual enforcement of access control decisions happens on the entities that stay in the path to the IoT devices (Gateways and Device Drivers). The authentication in the entire system uses asymmetric cryptography and pre-distributed unique identifiers derived from public keys; no Public Key Infrastructure (PKI) is used. A Kerberos-like ticket-based approach is used to establish secure sessions.<\/jats:p>","DOI":"10.3390\/sym11101315","type":"journal-article","created":{"date-parts":[[2019,10,21]],"date-time":"2019-10-21T03:40:29Z","timestamp":1571629229000},"page":"1315","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Security-Oriented Architecture for Managing IoT Deployments"],"prefix":"10.3390","volume":"11","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9745-4361","authenticated-orcid":false,"given":"Andr\u00e9","family":"Z\u00faquete","sequence":"first","affiliation":[{"name":"DETI\/IEETA, University of Aveiro, 3810-193 Aveiro, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8443-4196","authenticated-orcid":false,"given":"H\u00e9lder","family":"Gomes","sequence":"additional","affiliation":[{"name":"ESTGA\/IEETA, University of Aveiro, 3810-193 Aveiro, Portugal"}]},{"given":"Jo\u00e3o","family":"Amaral","sequence":"additional","affiliation":[{"name":"IEETA, University of Aveiro, 3810-193 Aveiro, Portugal"}]},{"given":"Carlos","family":"Oliveira","sequence":"additional","affiliation":[{"name":"IEETA, University of Aveiro, 3810-193 Aveiro, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2019,10,19]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1007\/s10796-014-9489-2","article-title":"The Internet of Things\u2014A survey of topics and trends","volume":"17","author":"Whitmore","year":"2015","journal-title":"Inf. Syst. Front."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"1645","DOI":"10.1016\/j.future.2013.01.010","article-title":"Internet of Things (IoT): A vision, Architectural Elements, and Future Directions","volume":"29","author":"Gubbi","year":"2013","journal-title":"Future Gener. Comput. Syst."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Ibarra-Esquer, J., Gonz\u00e1lez-Navarro, F., Flores-Rios, B., Burtseva, L., and Astorga-Vargas, M. (2017). Tracking the Evolution of the Internet of Things Concept across Different Application Domains. Sensors, 17.","DOI":"10.3390\/s17061379"},{"key":"ref_4","unstructured":"Russell, B., and Van Duren, D. (2016). Practical Internet of Things Security, Packt Publishing Ltd."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"2787","DOI":"10.1016\/j.comnet.2010.05.010","article-title":"The Internet of Things: A survey","volume":"54","author":"Atzori","year":"2010","journal-title":"Comput. Netw."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Cho, M.C.Y., Wang, C., Hsu, C., Chen, C., and Shieh, S. (2014, January 17\u201319). IoT Security: Ongoing Challenges and Research Opportunities. Proceedings of the IEEE 7th International Conference on Service-Oriented Computing and Applications (SOCA 2014), Matsue, Japan.","DOI":"10.1109\/SOCA.2014.58"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"37","DOI":"10.1002\/hbe2.133","article-title":"Internet of Things: A primer","volume":"1","author":"Paul","year":"2019","journal-title":"Hum. Behav. Emerg. Technol."},{"key":"ref_8","unstructured":"Sikder, A.K., Petracca, G., Aksu, H., Jaeger, T., and Uluagac, A.S. (2018). A Survey on Sensor-based Threats to Internet-of-Things (IoT) Devices and Applications. arXiv."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Alrawi, O., Lever, C., Antonakakis, M., and Monrose, F. (2019, January 20\u201322). SoK: Security Evaluation of Home-Based IoT Deployments. Proceedings of the IEEE Symposium on Security and Privacy (SP 2019), San Francisco, CA, USA.","DOI":"10.1109\/SP.2019.00013"},{"key":"ref_10","unstructured":"Nassiri, A. (2019, September 14). IoT and DDoS Attacks: A Match Made in Heaven. A10 Networks, Inc., 2019. Available online: https:\/\/www.a10networks.com\/blog\/iot-and-ddos-attacks-a-match-made-in-heaven."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Kambourakis, G., Kolias, C., and Stavrou, A. (2017, January 23\u201325). The Mirai botnet and the IoT Zombie Armies. Proceedings of the IEEE Military Communications Conference (MILCOM 2017), Baltimore, MD, USA.","DOI":"10.1109\/MILCOM.2017.8170867"},{"key":"ref_12","unstructured":"Staff, A. (2019, September 14). IoT and DDoS: Cyberattacks on the Rise. A10 Networks, Inc., 2018. Available online: https:\/\/www.a10networks.com\/blog\/iot-and-ddos-cyberattacks-rise."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Hardt, D. (2012). The OAuth 2.0 Authorization Framework, Internet Engineering Task Force. RFC 6749.","DOI":"10.17487\/rfc6749"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Rescorla, E. (2018). The Transport Layer Security (TLS) Protocol Version 1.3, Internet Engineering Task Force. RFC 8446.","DOI":"10.17487\/RFC8446"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Rescorla, E. (2000). HTTP over TLS, Internet Engineering Task Force. RFC 2818.","DOI":"10.17487\/rfc2818"},{"key":"ref_16","unstructured":"Tschofenig, H., and Fossati, T. (2016). Transport Layer Security (TLS)\/Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things, Internet Engineering Task Force. RFC 7925."},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Ylonen, T., and Lonvick, C. (2006). The Secure Shell (SSH) Protocol Architecture, Internet Engineering Task Force. RFC 4251.","DOI":"10.17487\/rfc4251"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Neuman, C., Yu, T., Hartman, S., and Raeburn, K. (2005). The Kerberos Network Authentication Service (V5), Internet Engineering Task Force. RFC 4120.","DOI":"10.17487\/rfc4120"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Aumasson, J.P., Neves, S., Wilcox-O\u2019Hearn, Z., and Winnerlein, C. (2013, January 25\u201328). BLAKE2: Simpler, Smaller, Fast as MD5. Proceedings of the 11th International Conference on Applied Cryptography and Network Security (ACNS 2013), Banff, AB, Canada. LNCS 7954.","DOI":"10.1007\/978-3-642-38980-1_8"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Turner, S., and Chen, L. (2011). Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms, Internet Engineering Task Force. RFC 6151.","DOI":"10.17487\/rfc6151"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Shelby, Z., Hartke, K., and Bormann, C. (2014). The Constrained Application Protocol (CoAP), Internet Engineering Task Force. RFC 7252.","DOI":"10.17487\/rfc7252"},{"key":"ref_22","first-page":"32","article-title":"Federation of Attribute Providers for User Self-Sovereign Identity","volume":"3","author":"Coelho","year":"2018","journal-title":"J. Inf. Syst. Eng. Manag."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"1224","DOI":"10.1109\/JSEN.2014.2361406","article-title":"IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios","volume":"15","author":"Cirani","year":"2015","journal-title":"IEEE Sens. J."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Emerson, S., Choi, Y.K., Hwang, D.Y., Kim, K.S., and Kim, K.H. (2015, January 28\u201330). An OAuth based Authentication Mechanism for IOT Networks. Proceedings of the 2015 International Conference on Information and Communication Technology Convergence (ICTC 2015), Jeju, South Korea.","DOI":"10.1109\/ICTC.2015.7354740"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Sciancalepore, S., Piro, G., Caldarola, D., Boggia, G., and Bianchi, G. (2017, January 3\u20136). OAuth-IoT: An access control framework for the Internet of Things based on open standards. Proceedings of the 2017 IEEE Symposium on Computers and Communications (ISCC 2017), Heraklion, Greece.","DOI":"10.1109\/ISCC.2017.8024606"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"3521","DOI":"10.1007\/s11227-016-1684-0","article-title":"Secure IoT framework and 2D architecture for End-To-End security","volume":"74","author":"Choi","year":"2018","journal-title":"J. Supercomput."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Sridhar, S., and Smys, S. (2017, January 19\u201320). Intelligent Security Framework for IoT Devices: Cryptography based End-To-End security Architecture. Proceedings of the International Conference on Inventive Systems and Control (ICISC), Coimbatore, India.","DOI":"10.1109\/ICISC.2017.8068718"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Hsieh, G., Foster, K., Emamali, G., Patrick, G., and Marvel, L. (2009, January 16\u201319). Using XACML for embedded and fine-grained access control policy. Proceedings of the IEEE International Conference on Availability, Reliability and Security (ARES 2009), Fukuoka, Japan.","DOI":"10.1109\/ARES.2009.102"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Seitz, L., Selander, G., and Gehrmann, C. (2013, January 4\u20137). Authorization framework for the internet-of-things. Proceedings of the IEEE 14th International Symposium on A World of Wireless, Mobile and Multimedia Networks (WoWMoM 2013), Madrid, Spain.","DOI":"10.1109\/WoWMoM.2013.6583465"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Atlam, H.F., Alassafi, M.O., Alenezi, A., Walters, R.J., and Wills, G.B. (2018, January 19\u201321). XACML for Building Access Control Policies in Internet of Things. Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS 2018), Funchal, Portugal.","DOI":"10.5220\/0006725102530260"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1007\/s40860-018-0054-5","article-title":"Building accountability into the Internet of Things: The IoT Databox model","volume":"4","author":"Crabtree","year":"2018","journal-title":"J. Reliab. Intell. Environ."},{"key":"ref_32","first-page":"11","article-title":"LDAP-based IOT Object Information Management Scheme","volume":"1","author":"Hai","year":"2014","journal-title":"J. Logist. Inform. Serv. Sci."},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Sermersheim, J. (2006). Lightweight Directory Access Protocol (LDAP): The Protocol, Internet Engineering Task Force. RFC 4511.","DOI":"10.17487\/rfc4511"},{"key":"ref_34","first-page":"107041","article-title":"A DHT-Based Discovery Service for the Internet of Things","volume":"2012","author":"Paganelli","year":"2012","journal-title":"J. Comput. Netw. Commun."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1109\/MWC.2014.6845045","article-title":"Toward a standardized common M2M service layer platform: Introduction to oneM2M","volume":"21","author":"Swetina","year":"2014","journal-title":"IEEE Wirel. Commun."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Abramowicz, W., Llorente, I.M., Surridge, M., Zisman, A., and Vayssi\u00e8re, J. (2011). FI-WARE Security: Future Internet Security Core. Towards a Service-Based Internet, Proceedings of the 4th European Conference (ServiceWave 2011), Poznan, Poland, 26\u201328 October 2011, Springer. LNCS 6994.","DOI":"10.1007\/978-3-642-24755-2"},{"key":"ref_37","first-page":"8","article-title":"Internet of Things: A survey on the security of IoT frameworks","volume":"38","author":"Ammar","year":"2018","journal-title":"J. Inf. Secur. Appl."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/10\/1315\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T13:27:54Z","timestamp":1760189274000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/11\/10\/1315"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,10,19]]},"references-count":37,"journal-issue":{"issue":"10","published-online":{"date-parts":[[2019,10]]}},"alternative-id":["sym11101315"],"URL":"https:\/\/doi.org\/10.3390\/sym11101315","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2019,10,19]]}}}