Dynamic Trust-based Access Control with Hybrid Encryption for Secure IoT Applications
, 
Profil Orcid, Profil Orcid et Profil Orcid
Madhavi Damle
Symbiosis Institute of Digital and Telecom Management (SIDTM), Symbiosis International (Deemed University)Pune, India
Profil OrcidRecherchez cet auteur sur
, Peter Soosai Anandaraj Abraham
Department of CSE, Vel Tech Rangarajan Dr. Sagunthala R&D Institute of Science and TechnologyChennai, India
Profil OrcidRecherchez cet auteur sur
et Jampani Satish Babu
Department of CSE, Koneru Lakshmaiah Education FoundationGuntur, India
Profil OrcidRecherchez cet auteur sur
02 mai 2025
À propos de cet article
Publié en ligne: 02 mai 2025
Pages: 48 - 52
Reçu: 27 juil. 2024
Accepté: 04 févr. 2025
DOI: https://doi.org/10.2478/msr-2025-0007
Mots clés
© 2025 A Velliangiri et al., published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Fig. 1.
Performance comparison analysis_
| Metric | Traditional model | ISM-AAC |
|---|---|---|
| Confidentiality | 85 % | 92 % |
| Integrity | 72 % | 80 % |
| Authentication | 88 % | 91 % |
| Energy consumption | 2.5 J | 1.2 J |
| Scalability efficiency | 80 % | 86 % |
Terminology_
| Terminology | Explanation |
|---|---|
| IoT | A network of interconnected devices that communicate and exchange data, often including sensors, actuators, and smart devices. |
| ISM-AAC | A security framework for IoT networks integrating FE and RBAC to ensure secure communication and data access. |
| FE | An advanced encryption technique that enables selective decryption of specific functionalities or computations of encrypted data without exposing the entire dataset. |
| Re-encryption | The process of updating encryption keys when a device's role changes or unauthorized access is detected, ensuring continued security and integrity of transmitted data. |
| Access control | A mechanism that regulates who can access certain data or resources in the IoT network, based on role assignments and permissions. |
| Key management | The process of generating, distributing, storing, and updating cryptographic keys used in encryption and decryption processes. |
| Data confidentiality | Ensuring that sensitive data remains protected from unauthorized access during transmission and storage within the IoT network. |
| Data integrity | Ensuring that the data is accurate, unmodified, and has not been manipulated during transmission or storage. |
j_msr-2025-0007_tab_003
| 1. Initialize the IoT network with devices (deviceID) and users (UserCredentials) |
| 2. Assign Roles to the users (RoleAssignments) |
| 3. Authenticate the user/device using the credentials |
| 4. If the user is authenticated: |
| 5. Check the access permissions for the assigned role (RBAC) |
| 6. If access is allowed: |
| 7. Encrypt the data with FE |
| 8. Transmit the encrypted data via the IoT network |
| 9. If unauthorized access is detected: |
| 10. Trigger Re-encryption process to update the encryption keys |
| 11. Upon reception, the recipient decrypts the data with their decryption keys |
| 12. Verify the recipient’s access permissions based on their role |
| 13. If access is verified: |
| 14. Decrypt the data and process it |
| Otherwise: |
| 15. Deny access and log the event |
| End algorithm |