Identity authentication and capability based access control (IACAC) for the internet of things

Parikshit N. Mahalle, Bayu Anggorojati, Neeli R. Prasad, Ramjee Prasad

Research output: Contribution to journalArticlepeer-review

207 Citations (Scopus)


In the last few years the Internet of Things (IoT) has seen widespread application and can be found in each field. Authentication and access control are important and critical functionalities in the context of IoT to enable secure communication between devices. Mobility, dynamic network topology and weak physical security of low power devices in IoT networks are possible sources for security vulnerabilities. It is promising to make an authentication and access control attack resistant and lightweight in a resource constrained and distributed IoT environment. This paper presents the Identity Authentication and Capability based Access Control (IACAC) model with protocol evaluation and performance analysis. To protect IoT from man-in-the-middle, replay and denial of service (Dos) attacks, the concept of capability for access control is introduced. The novelty of this model is that, it presents an integrated approach of authentication and access control for IoT devices. The results of other related study have also been analyzed to validate and support our findings. Finally, the proposed protocol is evaluated by using security protocol verification tool and verification results shows that IACAC is secure against aforementioned attacks. This paper also discusses performance analysis of the protocol in terms of computational time compared to other existing solutions. Furthermore, this paper addresses challenges in IoT and security attacks are modelled with the use cases to give an actual view of IoT networks.

Original languageEnglish
Pages (from-to)309-348
Number of pages40
JournalJournal of Cyber Security and Mobility
Issue number4
Publication statusPublished - 1 Oct 2012


  • Access control
  • Authentication
  • Capability
  • Internet of Things


Dive into the research topics of 'Identity authentication and capability based access control (IACAC) for the internet of things'. Together they form a unique fingerprint.

Cite this