Treffer: Edge-enabled IAM for IoTs with edge-based access management and context-driven syncservice.

The number of edge IoT services is experiencing explosive growth. As an entry point for network services, Identity and Access Management (IAM) effectively prevents unauthorized access and blocks most cyber-attacks. However, most edge systems still rely on remote, cloud-based IAM for permission verification. The few edge-enabled IAM solutions that do exist operate on the assumption that attribute values are always up-to-date and provided by a completely trustworthy source, which make access decisions questionable in highly dynamic and distributed IoT environments. To address these challenges, this work proposes EIAM-IoT, an edge-enabled IAM architecture, and an improved Local Authentication and Authorization (LAA) method. The LAA evaluates multi-factor attributes, incorporating the freshness of attribute values and the trustworthiness of attribute providers, to achieve reliable access control. Additionally, the identity information required for LAA is synchronized and stored in the edge database by a context-aware synchronization strategy, which selectively and timely extends relevant identity data based on edge context, optimizing the trade-off between local data management costs and LAA performance. The performance and security analyses show that the LAA does not introduce significant overhead to traditional attribute-based solutions while enabling more fine-grained access control, increasing decision reliability, and offering additional features, such as local verification and federated identity management. While the LAA relies on cloud-extended local data, the system ensures greater availability and resilience to connectivity issues in edge-to-cloud setups. EIAM-IoT is particularly more suitable for dynamic, multi-authority, and edge-native IoT applications to achieve secure, low-latency, offline access to edge IoT services. [ABSTRACT FROM AUTHOR]