Identifying, authenticating and authorizing smart objects and end users to cloud services in Internet of Things

Smart objects connected within the Internet of Things (IoT) are often poorly physically protected, low-cost and simple embedded systems connected using Machine to Machine (M2M) and Machine to Cloud (M2C) lightweight communication protocols. These protocols guarantee basic data confidentiality and integrity, securing communication channels using cryptography, but there are still important challenges related to access control in IoT. This work proposes SmartObjectConnect, a new Identity and Access Management mechanism for smart objects based on current Internet federated specifications but adapted, and re-defined in certain aspects, to the specific requirements of this kind of environment. The proposed mechanism allows IoT services deployed locally or in the cloud to identify, to authenticate and to authorize smart objects using HTTP and CoAP. It also allows end users to be identified, authenticated and authorized via these smart objects if possible and/or required. Furthermore, the proposed mechanism is validated and its usability, efficiency and security are evaluated using a real healthcare case study.