DCapBAC: embedding authorization logic into smart things through ECC optimizations

In recent years, the increasing development of wireless communication technologies and IPv6 is enabling a seamless integration of smart objects into the Internet infrastructure. This extension of technology to common environments demands greater security restrictions, since any unexpected information leakage or illegitimate access to data could present a high impact in our lives. Additionally, the application of standard security and access control mechanisms to these emerging ecosystems has to face new challenges due to the inherent nature and constraints of devices and networks which make up this novel landscape. While these challenges have been usually addressed by centralized approaches, in this work we present a set of Elliptic Curve Cryptography optimizations for point and field arithmetic which are used in the design and implementation of a security and capability-based access control mechanism (DCapBAC) on smart objects. Our integral solution is based on a lightweight and flexible design that allows this functionality is embedded on resource-constrained devices, providing the advantages of a distributed security approach for Internet of Things (IoT) in terms of scalability, interoperability and end-to-end security. Additionally, our scheme has been successfully validated by using AVISPA tool and implemented on a real scenario over the Jennic/NXP JN5148 chipset based on a 32-bit RISC CPU. The results demonstrate the feasibility of our work and show DCapBAC as a promising approach to be considered as security solution for IoT scenarios.