Abstract

The emergence of Internet of Things (IoT) brings tremendous benefits and opportunities for individuals and businesses. However, there exist several challenges that need to be addressed before a full realization of IoT can be achieved. Fundamentally, IoT enables constant transfer and sharing of data between several “things” (i.e. humans and objects) in order to achieve particular objectives. In such sharing environments, security and privacy of data and messages become important. Authentication, authorization. access control, non-repudiation are important to ensure secure communication in an IoT environment. The lack of computing resources (such as processing power, storage, etc.) and ad-hoc nature of such networks requires researcher to re-think existing techniques to adopt to such environments. In this paper, we propose a framework for authentication, authorization and access control for an IoT environment using capability tokens, PKI and encryption which aims to use minimal computing resources.