Assistive Technology for the Elderly - Chapter 1: Access Control for Internet of Things - enabled assistive technologies: an architecture, challenges and requirements

Elsevier, Assistive Technology for the Elderly, 2020, Pages 1-43
Shantanu Pal, Michael Hitchens, Vijay Varadharajan

There has been a tremendous growth in the use of the Internet of Things (IoT) in recent years. One important application area for the IoT is in the area of assistive technologies. Assistive technology can improve the functional capabilities of persons with disabilities by, for example, improved mobility and accessibility. IoT technologies, by virtue of their ubiquity and edge intelligence, can significantly enhance the provision of such services. IoT systems may deal with large amounts of data. In the assistive technologies context, this data can be particularly sensitive, as it may include health, location, and other highly personal information. Security then becomes a pressing concern in IoT-enabled assistive technology. In the IoT, security and privacy are major challenges due the characteristics of such systems (e.g., resource-constrained nature of the devices and high mobility). Given the large amount of personal data involved, and the potential reliance on IoT devices in the home and in users’ lives, access to data and resources is an important aspect of security in such systems. This chapter provides a discussion of the critical issue of security in IoT-enabled assistive technologies, particularly addressing access control. After identifying the requirements for such a mechanism and detailing a number of use cases, we present a fine-grained access control architecture for use in IoT-enabled assistive technology based on a combination of attributes, roles, and capabilities. We then discuss the issue of access right delegation for such systems. This will allow flexible and dynamic propagation of access rights in a manner suited to the characteristics of these systems. Finally, we outline a set of challenges that are significant when considering issues for security in IoT-enabled assistive technologies and demonstrate how our design satisfies the identified requirements.