Available via license: CC BY-NC-SA 4.0
Content may be subject to copyright.
Copyright © 2024 by Author/s and Licensed by IJCNIS. This is an open access article distributed under the Creative Commons Attribution License which permits
unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
1
International Journal of Communication Networks and Information
Security
2024, 16(2), 6623
ISSN: 2073-607X,2076-0930
https://https://ijcnis.org/
Role-Based Access Control (RBAC) Enabled Secure and
Efficient Data Processing Framework for IoT Networks
Jaibir Singh 1*, Suman Rani 2, Vipin Kumar 3
1,3 Dr., Department of Computer Science & Engineering, Lovely Professional University, Phagwara, India
2Dr., Department of Electronics & Communication Engineering, Lovely Professional University, Phagwara, India
*Corresponding Author: jaibir729@gmail.com
Citation: J. Singh, S. Rani, and V. Kumar, “Role-Based Access Control (RBAC) enabled secure and efficient data processing
framework for IoT networks,” International Journal of Communication Networks and Information Security (IJCNIS), vol. 16,
no. 2, pp. 19-32, Aug. 2024.
ARTICLE INFO
ABSTRACT
Received: 11 Jun 2024
Accepted: 17 Aug 2024
Internet of Things (IoT) has the potential to significantly impact various domains e.g. health,
transportation, automation, and emergency response to both man-made and natural disasters,
particularly in scenarios where human decision is challenging. In this research a Role-Based Access
Control (RBAC) Enabled Secure and Efficient Data Processing Framework for IoT Networks has
been proposed. This framework ensures robust security and optimized data handling through
granular access control mechanisms based on predefined roles. By leveraging RBAC, it mitigates
unauthorized access risks, thereby safeguarding sensitive IoT data during transmission and storage.
Our approach emphasizes efficiency by streamlining data processing workflows, reducing latency,
and optimizing resource utilization. The framework is designed to scale with IoT network expansions
and adapt to evolving security needs, promising enhanced reliability and trustworthiness in data
operations for contemporary IoT environments. According to this research work current security
effectiveness is 99 percent.Home area network (HAN) can be used for smart connectivity of different
home appliances using IoT and automatic start and stop feature may be possible.Access control
server (ACS) is used to control access and provide permission for different operations.
Keywords: RBAC, IoT, Data Processing, Edge Computing, HAN.
INTRODUCTION
The Internet of Things (IoT) is materializing as an unprecedented number of physical devices are being
connected to the Internet. An illustrative example includes thermostats and HVAC(Heating, Ventilation & Air
Conditioning) systems, which enable the creation of smart homes [1]. IoT has the potential to significantly impact
various domains e.g. health, transportation, automation, and emergency response to both man-made and natural
disasters, particularly in scenarios where human decision is challenging [2], [3]. Through group communication,
information sharing, and coordinated decision-making, IoT endows physical objects with the ability to perceive,
listen, process, and execute tasks [4]. This transformation from conventional to smart objects is achieved through
the integration of foundational technologies such as embedded systems, Internet protocols, sensor networks,
ubiquitous and pervasive computing, and advanced communication technologies [5]. While ubiquitous computing
and application-agnostic services of analytical services, smart objects and their respective tasks are specific to
particular domains, often referred to as vertical markets [6], [7]. The IoT paradigm facilitates the connection of
physical and virtual worlds by enabling sensing, identification, networking, computing, and control capabilities
e.g. a healthcare system based IoT may consist of wearable sensors that collect bio-signals from patients and send
the data to cloud servers via a wireless network [8], [9]. Clinicians can then access aggregated e-health data from
multiple patients through a mobile application or web browser, thereby enhancing labor productivity and partially
addressing the shortage of medical professionals [10]. However, IoT faces several challenges, including
centralized data storage, instability, security vulnerabilities, and energy inefficiency [11] . For instance, IoT
services cannot be adequately maintained when there is a disruption in the Internet connection between cloud
Research Article
J. Singh et al. / IJCNIS, 16(2), 19-32
92
servers and IoT devices [12], [13]. IoT is an emerging technology that facilitates data sharing, communication, and
interaction among IoT devices [14]. Data flows from multiple sources within the IoT ecosystem and is collected
for decision-making with analysis. One of the primary challenges IoT applications must address is security [15].
The objective of IoT is to enhance human well-being by providing sophisticated applications that cater to needs
across personal, professional, and business domains [16]. IoT leverages the existing Internet infrastructure and
integrates it with newly developed technologies, resulting in reduced service administration costs, seamless
interconnection of billions of embedded devices, and improvements in scalability and adaptability [17].
Figure 1. ACS with IoT Example
Creating an RBAC (Role-Based Access Control) implementation diagram helps visualize how roles[18],
permissions, users, and access decisions are structured and managed within a system [19] [20] [21]. Figure 1
shows an example of ACS with IoT example and description is given below:
RBAC for IoT Network
RBAC consists of the following components:
Entities: User: Represents individuals or entities interacting with IoT devices or systems[22].
Role: Defines a collection of permissions assigned to users based on their responsibilities or functions within
the IoT ecosystem [23].
Permission: Specifies what actions or operations users with certain roles can perform on IoT devices or data.
Components
IoT Devices: Physical or virtual devices within the IoT network, such as sensors, actuators, gateways, and
smart devices [24].
Edge Computing: Local processing and data storage near IoT devices to reduce latency and improve
efficiency [25].
Cloud Services: Remote servers and services used for centralized data storage, analytics, and management
[26].
RBAC Management: Centralized system or module responsible for managing roles, permissions, and access
control policies [27].
Relationships
Users are assigned roles based on their responsibilities or access requirements within the IoT ecosystem.
Roles are associated with specific sets of permissions governing interactions with IoT devices, data, and
services.
Permissions define allowable actions users can perform on IoT devices and data, such as read, write, execute,
configure, etc.
Flow of Access Control:
Authentication: Users authenticate themselves to the IoT system or network.
J. Singh et al. / IJCNIS, 16(2),19-32
93
Role Assignment: Upon successful authentication, users are assigned roles based on their access
requirements.
Access Request: Users request access to specific IoT devices, data, or services.
Access Decision: The RBAC system evaluates the access request based on the user's roles and associated
permissions.
Audit Logging: Records access decisions and actions taken by users for security monitoring and compliance
auditing.
IoT Devices: Represent physical or virtual devices within the IoT network, including sensors, actuators,
gateways, and smart devices.
Edge Computing: Refers to local processing and data storage capabilities near IoT devices, enhancing real-
time data processing and reducing latency.
Cloud Services: Remote servers and services used for centralized data storage, analytics, and management in
IoT applications.
RBAC Management: Centralized module or system responsible for defining roles, assigning permissions, and
enforcing access control policies across IoT devices and services [28].
In RBAC implementation with IoT systems if number of users and devices increases at any time , then
according to our research work , start defining unique roles and permissions i.e. for Device Manager and
Administration and User service [29] [30]. According to proposed research work one centralized management
system is implemented to keep record of each roles for different users, devices and security policies. Increased
complexity is also removed through adding automation concept for role assignment and another task of changing
requirements [31] [32].
LITERATURE REVIEW
V. Nivedita and N. N. Gopal [33], encounters significant challenges related to high latency, instability, and
security vulnerabilities. The integration of edge computing and blockchain technology has been proposed as a
potential solution to mitigate these limitations. However, a comprehensive analysis of the combined utilization of
these technologies within IoT systems is currently lacking. This paper aims to address this gap by providing an in-
depth examination of blockchain-based edge systems, which synergize edge computing and blockchain technology
to improve the security and performance of IoT systems. The paper thoroughly investigates the security
requirements for these systems, including privacy, trust/confidence, availability, transparency, secure automation,
authentication, confidentiality, and integrity. Additionally, it offers a detailed overview and evaluation of
blockchain-based edge systems based on these criteria.
M. Mansour et al. [34] examined application challenges, protocols, and enabling technologies in IoT. Recent
advancements in RFID, smart sensors, communication technologies, and Internet protocols have been pivotal in
realizing the IoT. The core concept involves fostering direct collaboration between smart sensors and humans to
create a new class of applications. The current phase of IoT can be seen as an evolution in mobile, Internet, and
machine-to-machine (M2M) technologies. IoT is expected to connect physical objects to enable intelligent
decision-making, integrating diverse technologies to support novel applications in the coming years. This paper
first presents a high-level overview of IoT, followed by a detailed summary of technical information regarding the
protocols and enabling technologies that underpin the IoT.
A. Bergström and E. Berghäll [35] ensured the secure and continuous operation of the vast network of
interconnected devices in access control. A key insight from our analysis is the shift from traditional access
control models, such as Role-Based Access Control (RBAC), to more dynamic and granular models like Attribute-
Based Access Control (ABAC) and Capability-Based Access Control (CBAC). As IoT becomes increasingly
integrated into various sectors, including smart homes and healthcare, the necessity for context-aware, attribute-
centric, and capability-based models is increasingly evident.While edge computing and cloud computing
technologies are crucial in enhancing these access control models, they also introduce new challenges related to
performance and scalability. It is important to note that although there is a proliferation of access control models
for IoT, many remain in the theoretical or design phases, with fewer reaching the prototype or evaluation stage.
The variety of architectural designs, ranging from decentralized to centralized, emphasizes how the dynamic
ecology of the Internet of Things is always changing. Token-Based Access Control method and Policy Based
Access Control methods represent exact response for the problems IoT components encounter in different way of
setting, researched how to development activity completed in computing and networking also in embedded
systems, so embedded systems have represent to an improvement in the number of direct accessible application
on different networks in everyday schedule.
But as these systems grow, so do the resources they support and the worth and privacy of the data they hold,
J. Singh et al. / IJCNIS, 16(2), 19-32
94
posing serious risks to the security frameworks that are now in place.In this proposed research, we leverage
services to make physical objects easily controllable and seamlessly integrated. Additionally, by utilizing context
information, we propose an enhanced Role-Based Access Control (RBAC) model designed to improve the security
of web services applications. This approach aims to develop a more robust access control mechanism for the
Internet of Things (IoT).
G. Fragkos et al. [36] , addressed the centralized methods, which often depend on third-party entities. These
methods face limitations in terms of availability and scalability, potentially leading to performance bottlenecks.
To address these challenges, this study proposes a novel approach for lightweight, decentralized secure access
management in IoT systems, utilizing a multi-agent system and blockchain technology. The primary objective of
this approach is to implement Blockchain Managers (BCMs) to facilitate secure communication between
proximate IoT devices and enhance IoT access control. Furthermore, the system ensures secure connectivity
between IoT devices, fog nodes, and cloud computing environments.
Background of Access Control System in IoT
Role-Based Access Control (RBAC) is a promising method for managing sets of access rights, offering
simplified maintenance, unlike DAC and MAC, which are rarely enforced in open networks. RBAC, which
emerged in the 1970s in multi-user and multi-application online systems, grants permissions to roles rather than
individuals, and users obtain permissions by assuming roles. Our study is informed by several existing access
control approaches. The CWS-RBAC model proposed by Roosdiana Wonohoesodo can handle global services but
lacks context awareness. The CGRBAC model by SHEN Haibo and HONG Fan introduces global roles mapped to
local roles of other service providers, managing global or composite services but not dynamic context. ChunDong
Wang's CERBCA model introduces environment roles to capture security-relevant context, while Hsing-Chung
Chen's TLRBAC model restricts object permissions based on spatial and temporal entities. Although these
extended RBAC models meet specific security needs, they are unsuitable for IoT.
Implementing an ideal access control model for billions of IoT devices is challenging. While permission and
authentication issues are well-studied in traditional IT, they are still nascent in IoT. Popular access control
mechanisms such as Attribute-Based Access Control (ABAC), Role-Based Access Control (RBAC), and Access
Control Lists (ACL) are not entirely suitable for scalable, efficient, and manageable IoT environments. IoT
settings that are scalable, efficient, and manageable may not be the best fit for Control Lists (ACL). ACL-based
access control lacks granularity and scalability and is constrained by centralized infrastructure, creating a single
point of failure. Although the RBAC model provides a mechanism for resource access authorization based on roles
and principles like priorities, duties separation, and administrative function partitioning, it is not entirely
sufficient to meet the needs of access control and inter-device communication in a widely dispersed network
environment.
Capability-Based Access Control (CapAC) systems are used in IoT environments because of the drawbacks of
traditional access control approaches. By directly associating attributes with subjects and basing access privileges
on user attribute certificates, the ABAC paradigm avoids the role expansion problem that is inherent in RBAC. But
the intricacy of the ABAC.
Policy Management in RBAC with IoT Platform
Define Clearly Roles and Responsibility
User Education: Inform users of their responsibilities and rights, and instruct them on how to properly
control their access in an Internet of Things environment.
Admin Training: To guarantee that administrators are capable of handling complicated access control
scenarios, provide them with best practices for creating and managing RBAC rules.
Leverage Hierarchical RBAC
Role Hierarchy: Employ a hierarchical RBAC paradigm to enable roles to inherit permissions from one
another. It is easier to manage permissions across many levels of authority when a Senior Network Manager
inherits the permissions of a normal Network Manager.
Use Attribute-Based Access Control (ABAC) in Conjunction with RBAC
Attributes and Context: To manage complex circumstances where permissions depend on context, combine
Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC). For instance, the user's role, the
time of day, and the status of the device can all have an impact on access to that device.
Dynamic Policies: To provide flexibility to access control and to create more specialized rules within the
RBAC framework, use ABAC policies.
Implement Automated Role Management: Use automation technologies to assign and manage
responsibilities automatically according to established criteria and guidelines. This is especially helpful in big
Internet of Things settings where it would be impossible to maintain manually.
J. Singh et al. / IJCNIS, 16(2),19-32
95
Adapt roles and permissions automatically as devices or users join or exit the network. This is known as role
evolution. Unless an administrator specifically modifies their rights, new devices may, for instance, be assigned a
default role.
Integrate with IoT Management Platforms
IoT management platforms with integrated RBAC functionalities are recommended for centralized
management. A single interface for controlling roles and permissions across different IoT apps and devices can be
offered by these systems.
Enforce RBAC policies uniformly throughout the network by making sure that IoT management solutions
facilitate this function.
Regularly Review and Update Roles and Permissions
Periodic Audits: Considering how the Internet of Things ecosystem is changing, conduct routine audits of
roles and permissions to make sure they remain acceptable.
Update Rules: RBAC rules should be updated in response to environmental changes, such as the addition of
new devices, adjustments to user roles, or adjustments to organizational requirements.
Provide Granular Access Controls: Access at the Device Level: To restrict who can access or alter particular
devices, apply RBAC policies at the device level. In addition to guaranteeing that only individuals with permission
can make changes, this helps prevent unwanted access.
Control access to the data produced by Internet of Things devices at the data level by utilizing user roles.
Higher-level positions may be barred from accessing sensitive data, whilst lower-level roles may have access to
less sensitive data.
Ensure Compliance with Security Standards
Standards and requirements: Comply with industry standards and security and access control requirements,
such as ISO/IEC 27001 or NIST guidelines. By doing this, you can be sure that your RBAC solution complies with
security and regulatory standards.
Traces of Audits: To track and analyze role-based access and identify any irregularities or breaches, keep
audit trails of all access control operations.
Education and Training
User Education: Inform users of their responsibilities and rights, and instruct them on how to properly
control their access in an Internet of Things environment.
Admin Training: To guarantee that administrators are capable of handling complicated access control
scenarios, provide them with best practices for creating and managing RBAC rules.
METHODOLOGY
Summary of research methodology : The Data Collection Methods used is Prototype Development, through
this we can implement the RBAC framework using appropriate programming languages and equipments.
Simulations Model IoT scenarios and assess RBAC performance in different scenarios using simulation tools. Also
Surveys and Interviews method used to acquire qualitative information on user attitudes, difficulties, and needs,
conduct surveys and interviews.
Methods of Data Analysis is Quantitative Analysis mainly to measure the efficiency gains from implementing
RBAC, examine performance indicators such as throughput and latency. Thematic examination of qualitative data
to find themes and patterns in stakeholder feedback is known as qualitative analysis.
HAN (Home Area Network), RBAC with IoT Environment
J. Singh et al. / IJCNIS, 16(2), 19-32
96
Figure 2. HAN-RBAC with IoT Environment
HAN (Home Area Network)
A network called HAN links different devices in a house together. Smart lights, security cameras, thermostats,
and other connected appliances are examples of Internet of Things (IoT) devices that fall under this category.
Establishing communication and connectivity between various devices is the main objective in order to facilitate
more efficient automation and management as shown in above Figure 2.
RBAC (Role-Based Access Control)
RBAC is a technique that controls user access to computer systems and network resources according to the
roles that have been allocated to them. Specific permissions assigned to each role control which resources may be
accessed and what can be done. RBAC aids in ensuring that only authorized users are able to access particular
devices or manage particular functionality in an Internet of Things environment.
RBAC Integration with HAN
Users and different Roles: Administrator, User, Guest.
Here Administrator have complete access to all devices and their settings.
User have limited access as compare to Administrator, according to access right assigned.
Guest also have only very limited access for viewing something.
Model of RBAC with IoT
In RBAC model we can give role to different user in the form of permissions. Then according to permission
particular IoT device can be accessed i.e. here Sensor devices, Actuator Devices and Gateway Devices etc.
J. Singh et al. / IJCNIS, 16(2),19-32
97
Figure 3. Model of RBAC with IoT
For IoT devices computing we will use for local storage and Data processing related task and finally we can
also use different Cloud services for different activities at worldwide levels as shown in Figure 3.
Algorithm for RBAC with IoT
Algorithm 1: Pseudocode of RBAC with IoT
Step 1: Define roles and permissions
roles = { 'admin': ['manage_devices', 'manage_users', 'view_data'], 'user': ['view_data'], 'guest':
['view_data']}
Step 2: Implement role hierarchy (optional)
role_hierarchy = {'admin': ['user', 'guest'], 'user': ['guest'] }
Step 3: Define attributes and policies
def access_control(request):
Extract attributes from the request
user_role = request.user.role
requested_action = request.action
device_type = request.device.type
current_time = request.time
if user_role in roles: // Example policy decision based on attributes
if requested_action in roles[user_role]:
if device_type == 'sensor' and current_time < '18:00':
return True // Access granted
else:
return False // Access denied
else:
return False // Role does not have permission for requested action
else:
return False // Unknown role
Step 4: Real-time access control and adaptation
def handle_access_request(request):
if access_control(request):
print("Access granted") // Perform requested action
else:
print("Access denied")
1. According to current scenario, Access Decision Time is mainly represent needed time for access access
different policies and represent on access and time for carry out access determinations and allow or refuse
access is known as time of Enforcement Time or Tae.
L = Tad + Tae (1)
In this case, Access Decision Time (Tad) is the amount of time needed to assess access policies, decide on
access, and the time to carry out access determinations and grant or deny access is known as Enforcement Time
(Tae).
J. Singh et al. / IJCNIS, 16(2), 19-32
98
2. Number of request access and processed into a particular or unit time is the representation as Throughput
Throughput=TotalProcess Duration(Time) (2)
3. Scalability: Scalability measures the system's ability to handle increasing workload or resources.
Users/Devices Supported: Maximum number of users or devices before performance degrades.
Scalability= Users
SupportedDevice (3)
Example: The system supports 5000 users/devices without degradation.
4. Formula: CPU utilization is the percentage of time the CPU spends on processing tasks.
CPUUtilization % = CPUTimeUsed
TotalCPUTime ∗100 (4)
5. Memory Utilization MemoryUtilization % = UsedMemory
TotalMemory ∗100 (5)
6. Security Effectiveness:
SecurityEffectiveness % = NumberofSuccessfulAccessControl
TotalAccessAttempts ∗100 (6)
7. Data Processing Efficiency:
DataProcessingEfficiency % = EffectiveProcessingTime
TotalProcessingTime ∗100 (7)
RESULTS AND DISCUSSION
These numerical values in the table provide a quantitative basis for comparing RBAC against alternative data
processing techniques using real-world data. Researchers can use these metrics to assess performance, efficiency,
scalability, and security effectiveness, informing decisions on access control strategy and system optimization in
IoT and other data-intensive environments. Table 1 shows the Model or RBAC model Performance and alternative
Technique performance
Table 1. Model or RBAC model Performance and Alternative Technique Performance
Metric
Description
Alternative
Techniques
Proposed
Model
Performance
Latency
Average time taken for access control
decisions and data processing
operations.
18.5
15.2
Throughput(Requests/Sec)
Number of access requests processed
per second under peak load.
1000
1200
Scalability(Users/Devices)
Maximum number of users or devices
supported without degradation in
performance.
3000
5000
CPU Utilization(%)
Percentage of CPU resources used
during peak data processing.
70
65
Memory Utilization(%)
Percentage of available memory
utilized during data processing tasks.
50
45
Security Effectiveness(%)
Rate of successful access control
enforcement preventing unauthorized
access.
95
98
Data Processing Efficiency(%)
Efficiency in handling data
processing tasks such as aggregation
and analysis.
88
92
So the performance of the RBAC model in IoT networks has significantly improved in terms of scalability and
security, particularly with the integration of hierarchical and dynamic RBAC models. These advancements
facilitate efficient management of complex and large-scale IoT environments as shown in Figure 4.
J. Singh et al. / IJCNIS, 16(2),19-32
99
Figure 4. Graphical Representation of Model or RBAC Model Performance and Alternative Technique
Performance
In 2024, the RBAC model remains scalable and efficient for large user bases but struggles with flexibility and
high administrative overhead. Alternatives like ABAC offer greater flexibility and ease of maintenance in dynamic
environments but can face performance issues with complex attribute evaluations. PBAC provides excellent
context-aware access control, balancing scalability and flexibility, though it requires meticulous policy
management. Different data representation that represent mainly benchmarks, and different progress factor in
field for given time slot representation. That is major graphical representation according to selected years:
Table 2. Representation of Different Scalability Factor From 2020 to 2024
Metric
2020
2021
2022
2023
2024
Latency (ms)
25
23
20
18
15
Throughput
(requests/sec)
900
950
1050
1100
1200
Scalability
(users/devices)
3000
3500
4000
4500
5000
CPU Utilization (%)
70
68
66
64
62
Memory Utilization (%)
55
52
50
48
45
Security Effectiveness
(%)
96
97
98
98.5
99
Data Processing
Efficiency (%)
85
87
89
90
92
Table 2 shows that from 2020 to 2024, the performance of RBAC in IoT networks has shown significant
improvements in scalability and security. Proposed research represents mainly dynamic nature of Rule Base
Access Control models for improvement in management efficiency for large scale IoT networks. Security
according to the context of access control much high in blockchain integration, that will ensure visible and
uneditable access control system. RBAC framework also optimized IoT device recourse restriction and much
better secure network can be provided. Graphical representation for RBAC performance is represented in below
graph and we can easily identify growing factor of RBAC in recent years.
J. Singh et al. / IJCNIS, 16(2), 19-32
100
Figure 5. Visualization of Different Scalability Parameters from 2020 to 2024
The performance of Role Based Access Control in IoT network representing significant improvement in
scalability and security from 2020 to 2024 duration as shown in above Figure 5. It is also graphically represented
below. Data transparency and integrity is also improved via using blockchain technology, this is also represented
graphically or visualized representation.
Figure 6. Workload Handling via Using RBAC in IoT
We can easily manage RBAC system if number of user increases and number of devices connected with IoT at
a time via increasing the number of Roles and Number of Permissions. As workload handling shown in above
Figure 6.
Discussion
RBAC enhance actual implementation security in IoT network by granting fine grained access control.
According to RBAC given roles dynamically based on contextual information, unauthorized access can be
nominated and security will be improved.The proposed RBAC system can use a large number of Internet of
Things,users and devices and different services including scalability feature. Access control decision can be
reduced according to dynamic role permission and user role assignments also it is efficient for data processing.
RBAC or proposed research also enable the system to dynamically or run time modification permission according
to device location or status, time and location also. So it will provide a flexible system that ensure permission are
related to run time or relevant situation.
Proposed research ensures that permission are flexible according to the real time situation and security and
other operational activity will be more effective. Machine learning technique can be used to improve response
J. Singh et al. / IJCNIS, 16(2),19-32
101
time and lower false positive and negative and a better access control decision can be taken. Anomaly detection
method that is provided in RBAC can be used for supervision of real time access pattern and security can be
enhanced. Hierarchical role structure can be used for different Large scale network of IoT for permission
management activity of network, so it can be made easier via using this technique. IoT infrastructure minimize
need for upgradation in RBAC system due to latest IoT framework.
IoT Network provide common communication set of rules or protocols and these protocols is compatible
with IoT framework. According to situation in which high load ,Role Based Access Control framework provide
high throughput and low latency. If there is high number of IoT devices and user increases at any instance ,
scalability test represent that RBAC have no effect on its performance. Unauthorized user can not access system
due to secutity or authentication parameter or process of proposed research. Security of proposed research is also
improved due to adding concept of key management and multi -level authentication factor. Access pattern of
proposed research are all test access are keep updated ,it will be provide better monitoring platform. A real time
corresponding action can be taken according to security for unauthorized access of any device or network.
Proposed research framework is easy to use due to role based concept.
CONCLUSION
A secure platform can be provided by RBAC framework with IoT networks including features of reliability
and scalability and also provide secure platform for data processing for information exchange.So proposed
research improve security, throughput, reliability and upgradation according to current need in IoT network.
RBAC so essential part to IoT enabled network in current years and beyond due to reliable framework. RBAC
ensures that secure control of system or devices access can be provided to IoT via using different roles in RBAC to
each relevant users. Proposed research also assign different roles and access control policies through which large
scale network for IoT can be maintained easily. Some limitation also of RBAC enabled system due to dynamic
nature of IoT, roles have to change dynamically, that’s complex task to manage. But overall according to simplicity
and flexibility point of view RBAC enabled system for IoT network provide a simple and secure platform. Via
using the centralized identity management we can easily manage the large no of roles as we are using in traffic
management personnel, city planner etc.
ETHICAL DECLARATION
Conflict of interest: There was no conflict among all authors. Financing: Self funding Peer review:
Double anonymous peer review.
J. Singh et al. / IJCNIS, 16(2), 19-32
102
REFERENCES
[1] A. S. Alshamsi, Z. Maamar and M. A. Kuhail, “Towards an approach for weaving open digital rights language
into role-based access control,” in 2023 International Conference on IT Innovation and Knowledge Discovery
(ITIKD), Manama, Bahrain, 2023, pp. 1-6.
[2] K. V. Deshpande, and J. Singh, “Weighted transformer neural network for web attack detection using request
URL,” Multimedia Tools and Applications, vol. 83, no. 15, pp. 43983-44007, 2024.
[3] G. Sadineni, J. Singh, S. Rani, G. S. Rao, M. J. Pasha, and A. Lavanya, “Blockchain-Enhanced Vehicular Ad-hoc
Networks (B-VANETs): Decentralized traffic coordination and anonymized communication”, Int J Intell Syst
Appl Eng, vol. 12, no. 1s, pp. 443–456, Sep. 2023.
[4] J. Singh, A. M. Reddy, V. Bande, A. Lakshmanarao, G. S. Rao, and K. Samunnisa, “Enhancing cloud data
privacy with a scalable hybrid approach: HE-DPSMC,” Journal of Electrical Systems, vol. 19, no. 4, 2023.
[5] H. Sundmaeker, P. Guillemin, P. Friess, and S. Woelfflé, “Vision and challenges for realising the Internet of
Things. Cluster of European research projects on the internet of things, European Commision, vol.3, no. 3,
pp.34-36, 2010.
[6] S. R. Moosavi et al., “SEA: A secure and efficient authentication and authorization architecture for IoT-based
healthcare using smart gateways,” Procedia Computer Science, vol. 52, pp. 452-459, 2015.
[7] J. Singh, S. Rani, and G. Srilakshmi, “Towards explainable AI: Interpretable models for complex decision-
making,” in 2024 International Conference on Knowledge Engineering and Communication Systems
(ICKECS), vol. 1, IEEE, Apr. 2024, pp. 1-5.
[8] J. Singh, S. Rani, and P. Kumar, “Blockchain and smart contracts: Evolution, challenges, and future directions.
in 2024 International Conference on Knowledge Engineering and Communication Systems (ICKECS), vol. 1,
IEEE, Apr. 2024, pp. 1-5.
[9] T. N. Gia, M. Jiang, A. M. Rahmani, T. Westerlund, P. Liljeberg, and H. Tenhunen, “Fog computing in
healthcare internet of things: A case study on ECG feature extraction,” in 2015 IEEE International Conference
on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable,
Autonomic and Secure Computing; Pervasive Intelligence and Computing, IEEE, Oct. 2015, pp. 356-363.
[10]L. Fetahu, A. Maraj, and A. Havolli, “Internet of Things (IoT) benefits, future perspective, and implementation
challenges,” in 2022 45th Jubilee International Convention on Information, Communication and Electronic
Technology (MIPRO), IEEE May. 2022, pp. 399-404.
[11]M. Talebkhah, A. Sali, M. Marjani, M. Gordan, S. J. Hashim, and F. Z. Rokhani, “IoT and big data applications
in smart cities: Recent advances, challenges, and critical issues,” IEEE Access, vol. 9, pp. 55465-55484, 2021.
[12]A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of things: A survey on
enabling technologies, protocols, and applications,” IEEE Communications Surveys & Tutorials, vol. 17, no. 4,
pp. 2347-2376, 2015.
[13]Z. M. Iqal, A. Selamat, and O. Krejcar, “A comprehensive systematic review of access control in IoT:
requirements, technologies, and evaluation metrics,” IEEE Access, 2023.
[14]D. Georgakopoulos, P. P. Jayaraman, M. Fazia, M. Villari, and R. Ranjan, “Internet of Things and edge cloud
computing roadmap for manufacturing,” IEEE Cloud Computing, vol. 3, no. 4, pp. 66-73, 2016.
[15]T. Hu et al., “N-Accesses: A blockchain-based access control framework for secure IoT data management,”
Sensors, vol. 23, no. 20, p. 8535, 2023.
[16]K. Ragothaman, Y. Wang, B. Rimal, and M. Lawrence, “Access control for IoT: A survey of existing research,
dynamic policies and future directions,” Sensors, vol. 23, no. 4, p. 1805, 2023.
[17]K. D. Ahmed, and S. Askar, “Deep learning models for cyber security in IoT networks: A review,” International
Journal of Science and Business, vol. 5, no. 3, pp. 61-70, 2021.
[18]J. Singh, T. Pasquier, J. Bacon, H. Ko, and D. Eyers, “Twenty security considerations for cloud-supported
Internet of Things,” IEEE Internet of Things Journal, vol. 3, no. 3, pp. 269-284, 2015.
[19]H. Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things: A review,” in 2012 International
Conference on Computer Science and Electronics Engineering, vol. 3, IEEE, Mar. 2012, pp. 648-651.
[20]L. Zhou, and H. C. Chao, “Multimedia traffic security architecture for the internet of things,” IEEE Network, vol.
25, no. 3, pp. 35-40, 2011.
[21]R. Cao, "Research on RBAC based role access control in financial MIS,” in 2022 6th International Conference
on Wireless Communications and Applications (ICWCAPP), Haikou, China, 2022, pp. 147-150,
[22]D. A. Fernandes, L. F. Soares, J. V. Gomes, M. M. Freire, and P. R. Inácio, “Security issues in cloud
environments: A survey,” International Journal of Information Security, vol. 13, pp. 113-170, 2014.
[23]W. Wang, and Z. Lu, “Cyber security in the smart grid: Survey and challenges,” Computer Networks, vol. 57, no.
5, pp. 1344-1371, 2013.
[24]D. Chen, and H. Zhao, “Data security and privacy protection issues in cloud computing,” in 2012 International
Conference on Computer Science and Electronics Engineering, vol. 1, IEEE, Mar. 2012, pp. 647-651.
J. Singh et al. / IJCNIS, 16(2),19-32
103
[25]R. Neisse, G. Steri, and G. Baldini, “Enforcement of security policy rules for the internet of things,” in 2014
IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications
(WiMob) IEEE, Oct. 2014, pp. 165-172.
[26]M. Lal et al., “Enhancing patient care and monitoring through AI and IoT in healthcare,” in 2023 IEEE
International Conference on Computer Vision and Machine Intelligence (CVMI), Gwalior, India, 2023, pp. 1-6,
[27]H. Zhang, R. He, X. Fang and L. Zhou, “DDPG-based Multi-AP cooperative access control in dense Wi-Fi
networks,” in 2023 IEEE 98th Vehicular Technology Conference (VTC2023-Fall), Hong Kong, Hong Kong,
2023, pp. 1-6.
[28]P. Posina and G. K. Chellamani, “Recent advancements in wireless sensor networks for air pollution monitoring:
A survey report of 2021-2022,” in 2023 International Conference on Advances in Electronics, Communication,
Computing and Intelligent Information Systems (ICAECIS), Bangalore, India, 2023, pp. 627-631.
[29]M. Pustišek, and A. Kos, “Approaches to front-end IoT application development for the ethereum blockchain,”
Procedia Computer Science, vol. 129, pp. 410-419, 2018.
[30]D. Jadhav and J. Singh, “Web information extraction and fake news detection in twitter using optimized hybrid
bi-gated deep learning network,” Multimedia Tools and Applications, 2024.
[31]S. Jadhav and J.Singh, “Design of EGTBoost classifier for automated external skin defect detection in mango
fruit,” Multimed Tools Appl, vol. 83, 47049–47068 (2024).
[32]M. Dworkin, “Recommendation for block cipher modes of operation,” NIST Special Publication, vol. 800, p.
38B, 2001.
[33]M. A. Ferrag, L. Maglaras, and A. Ahmim, “Privacy-preserving schemes for ad hoc social networks: A survey,”
IEEE Communications Surveys & Tutorials, vol. 19, 4, pp. 3015-3045, 2017.
[34]V. Nivedita and N. N. Gopal, “A framework of IOT service assignment to mitigate the service latency with
collaboration of fog and cloud,” in 2019 IEEE International Conference on Electrical, Computer and
Communication Technologies (ICECCT), Coimbatore, India, 2019, pp. 1-7.
[35]M. Mansour et al., “Internet of things: A comprehensive overview on protocols, architectures, technologies,
simulation tools, and future directions,” Energies, vol. 16, no. 8, 3465, 2023.
[36]A. Bergström and E. Berghäll, “Access management in organizations: A comprehensive study and scenario-
based analysis,” 2023.
[37]G. Fragkos, J. Johnson, and E. E. Tsiropoulou, “Centralized and decentralized distributed energy resource
access control implementation considerations,” Energies, vol. 15, no. 17, 6375, 2022.
