Zero Trust Real-Time Lightweight Access Control Protocol for Mobile Cloud-Based IoT Sensors

TL;DR

This paper introduces a lightweight, real-time zero-trust access control protocol for cloud-based IoT sensors, enhancing security, privacy, and trust assessment without relying on trusted third parties.

Contribution

It proposes a novel zero-trust access control protocol that integrates cryptographic primitives, trust measurement via Merkle Trees, and supports real-time, privacy-preserving data access in IoT networks.

Findings

Effective in securing IoT data access

Reduces computational load on sensors and data owners

Ensures real-time trust assessment and data confidentiality

Abstract

In IoT, smart sensors enable data collection, real-time monitoring, decision-making, and automation, but their proliferation exposes them to cybersecurity threats. Zero Trust Architecture enhances IoT security by challenging conventional trust models and emphasizing continuous trust verification in the overall \$875.0 billion IoT market projected by 2025. This paper presents a new zero-trust real-time lightweight access control protocol for Cloud-centric dynamic IoT sensor networks. This protocol empowers data owners, referred to as sensor coordinators, to define intricate access policies, blending recipient identifiers and data-related attributes for data encryption. Additionally, the protocol incorporates efficient cryptographic primitives, eliminating the need for reliance on a trusted party. Furthermore, it ensures real-time data access while preserving data confidentiality and user privacy through seamless data upload to the cloud and the offloading of computationally intensive tasks from resource-constrained data owners and sensors. The protocol utilizes Merkle Trees for lightweight, ongoing trust measurement of sensors, ensuring efficient trust assessment by sensor coordinators. Simultaneously, the cloud conducts thorough trust evaluations for network entities including users. Comprehensive security analysis and performance evaluation highlight the protocol's effectiveness in tackling the multifaceted security challenges of IoT ecosystems while ensuring scalability and high availability.