Research On Capability-based Edge-cloud Collaboration Access Control Technology Of IoT

Access control is the means by which a system restricts the ability of a user to use resources to their identity and the predefined policy groups to which they belong,which is of great significance for Io T security.With the expansion of the scale of Io T devices and the increase of the demand for authority delegation in smart home and other scenarios,the traditional centralized access control methods encounter challenges in terms of efficiency and ease of delegation.Therefore,this paper investigates the capability-based Io T edge-cloud collaborative access control technology for large-scale heterogeneous Io T scenarios.The main research contents of this paper are as follows.(1)To address the problem of poor scalability of the traditional centralized Io T access control system,we study the Io T architecture,edge-cloud collaboration and access control and other related technologies,and propose a capability-based Io T edge-cloud collaborative access control method to guarantee the high-quality provision of access control services in large-scale heterogeneous Io T scenarios.Experiments show that the method has a lower average response time for access requests compared with the scheme that verifies access requests directly on Io T devices.(2)Based on the edge-cloud collaborative access control method,a capability delegation method is proposed for the problem of cumbersome steps among users to achieve authorization among users without central participation.To address the problem of increasing access request response latency after multiple authority delegation,we propose an authority token reduction method to reduce the access request processing time by reducing the length of the authority token chain through reauthorization.Compared with the unused capability reduction,the use of the reduction method can effectively reduce the delay of access request response in the case of multiple capability delegation.(3)Based on the above proposed method,we design and implement a capability-based Io T edge-cloud collaboration access control system.In this system,the central cloud has services such as device information management,user information management,role information management,role authority management,etc.,which provide a series of functions related to user access control to Io T devices together with edge nodes.The system functional verification and performance test results show the usability of the access control system.