An Access Control Framework for Cloud-Enabled Wearable Internet of Things

Internet of Things (IoT) has become a pervasive and diverse concept in recent years. IoT applications and services have given rise to a number of sub-fields in the IoT space. Wearable technology, with its particular set of characteristics and application domains, has formed a rapidly growing sub-field of IoT, viz., Wearable Internet of Things (WIoT). While numerous wearable devices are available in the market today, security and privacy are key factors for wide adoption of WIoT. Wearable devices are resource constrained by nature with limited storage, power, and computation. A Cloud-Enabled IoT (CEIoT) architecture, a dominant paradigm currently shaping the industry and suggested by many researchers, needs to be adopted for WIoT. In this paper, we develop an access control framework for cloud-enabled WIoT (CEWIoT) based on the Access Control Oriented (ACO) architecture recently developed for CEIoT in general. We first enhance the ACO architecture from the perspective of WIoT by adding an Object Abstraction Layer, and then develop our framework based on interactions between different layers of this enhanced ACO architecture. We present a general classification and taxonomy of IoT devices, along with brief introduction to various application domains of IoT and WIoT. We then present a remote health and fitness monitoring use case to illustrate different access control aspects of our framework and outline its possible enforcement in a commercial CEIoT platform, viz., AWS IoT. Finally, we discuss the objectives of our access control framework and relevant open problems.