Security and privacy based access control model for internet of connected vehicles

Accepted Manuscript Security and privacy based access control model for internet of connected vehicles Muhammad Asif Habib, Mudassar Ahmad, Sohail Jabbar, Shehzad Khalid, Junaid Chaudhry, Kashif Saleem, Joel J.P. C. Rodrigues, Muhammad Sayim Khalil

PII: DOI: Reference:

S0167-739X(18)31656-X https://doi.org/10.1016/j.future.2019.02.029 FUTURE 4782

To appear in:

Future Generation Computer Systems

Received date : 12 July 2018 Revised date : 14 January 2019 Accepted date : 18 February 2019 Please cite this article as: M.A. Habib, M. Ahmad, S. Jabbar et al., Security and privacy based access control model for internet of connected vehicles, Future Generation Computer Systems (2019), https://doi.org/10.1016/j.future.2019.02.029 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <

1

Security and Privacy Based Access Control Model for Internet of Connected Vehicles Muhammad Asif Habib, Mudassar Ahmad, Sohail Jabbar, Shehzad Khalid, Junaid Chaudhry, Kashif Saleem*, Joel J. P. C. Rodrigues*, Muhammad Sayim Khalil Abstract – Vehicular networks are continually gaining popularity, owing to the evolution of the Internet of things, by means of rapid communication in IP-based networks. Vehicles are being fitted with sensory devices to gain inputs from the external environment for information processing. Numerous applications of vehicular networks depend on the use of communication networks. The security and privacy of data communication are significant challenges, particularly in wireless applications, for example, the Internet of connected vehicles. When an official fleet of vehicles (government or military) begins its journey, the vehicles need to communicate with one another to share sensitive information. The security of such a fleet is maintained in various security layers, each of which coordinates and communicates with the others, but avoids disclosing sensitive information of higher security layers to lower security layers. No such access control model exists that can enforce the authority of security officials in layers. We propose a novel security and privacy based access control (SPBAC) model for the Internet of connected vehicles, which allows security officials to access information in combination with permissions and roles, instead of roles only, for officials traveling in vehicles belonging to the same fleet. Vehicleto-vehicle communication is performed with the aid of onboard unit sensory devices. The vehicles can also communicate through wireless technology, namely WiFi and cellular communications (4G/5G). The SPBAC model provides communication among security layers in a secure, private, and efficient manner compared to other state-of-the-art algorithms. The SPBAC model is demonstrated here using mathematical modeling along with implementation examples. Index Terms— Secure IoT vehicles, Privacy-based vehicular networks; Cybersecurity; Privacy; Access control; Internet of vehicles Muhammad Asif Habib, Department of Computer Science, National Textile University, Sheikhupura Road, Manawala 37610, Faisalabad, Pakistan (e-mail: [email protected]) Mudassar Ahmad, Department of Computer Science, National Textile University, Sheikhupura Road, Manawala 37610, Faisalabad, Pakistan (e-mail: [email protected]) Sohail Jabbar, Department of Computer Science, National Textile University, Sheikhupura Road, Manawala 37610, Faisalabad, Pakistan (e-mail: [email protected]) Shehzad Khalid, Department of Computer Engineering, Bahria University, Islamabad, Pakistan (e-mail: [email protected]) Junaid Chaudhry, College of Security and Intelligence, Embry-Riddle Aeronautical University, Prescott, AZ 86301, and Security Research Institute, Edith Cowan University, Joondalup, W.A., Australia (e-mail: [email protected]) *Kashif Saleem, Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, 11653, Saudi Arabia (e-mail: [email protected]) – Corresponding author *Joel J.P.C. Rodrigues, National Institute of Telecommunications (Inatel), 37540-000 Santa Rita do Sapucaí-MG, Brazil; Instituto de Telecomunicações, 1049-001 Lisboa, Portugal; Federal University of Piauí, Teresina-PI, 64049550, Brazil (e-mail: [email protected]) – Corresponding author Muhammad Sayim Khalil, Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, 11653, Saudi Arabia (e-mail: [email protected])

* Corresponding author

I. INTRODUCTION EHICULAR networks are continually gaining attention owing to the rapid increase in the use of technologies such as the Internet of things (IoT). Vehicle-to-vehicle communication is of great importance, particularly when vehicles are moving in a fleet. The significance is amplified when the fleet has an official status, such as a government or military affiliation. Communications among officials in such fleet vehicles are highly sensitive and need to be secure and private, even when the officials involved have different security clearance levels (referred to as “layer” from here forward). While the fleet is moving, government or military officials do not know the complete details of the journey plan. This information is highly sensitive and guarded, and only very few officials know the complete details at any given point in the journey. Therefore, there exists a strong need for a secure and an efficient access control mechanism. The Ciphertext policy-attribute-based encryption (CPABE) delegation structure has been proposed, which allows roadside units to apply the computational work for the refinement purpose of vehicular decryption productivity [1]. CP-ABE was the first access control scheme to be proposed that supports outsourced capabilities with the updating of attributes for fog computing [2]. We conducted an analysis after reading research papers from the area of vehicular applications in the IoT with respect to security, particularly access control. We studied top journals dealing with the security of vehicular networks and secured vehicular applications in the IoT. Following a thorough analysis of the respective literature, we found that no access control mechanisms exist that can control access to information by users of the same fleet traveling in vehicles. For this purpose, a modified version of role-based access control (RBAC) was deliberated as a strong candidate. Roles, permissions,

V

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < and users are the basic elements of RBAC. Roles are integrated with the permissions and users [3]. A permission is created as a result of an assignment of action against an object or a resource [4]. According to the RBAC standard [5], the action and object are not key role players if treated independently in RBAC. However, the action and objects are integral components of permission, which plays a vital role in the behavior of permission. Therefore, these are considered as key elements in the composition and behavior of permissions. The limitations and weaknesses of RBAC have been identified by numerous researchers [4, 6, 7]. In order to overcome these disadvantages, various authors have updated the RBAC model in different terms [7, 8]. A cyberspace-oriented access control model was proposed for cyberspace; generalized objects and subjects in cyberspace followed by scene-based access-control were developed [6]. The focus of this study is to enable communication among users traveling in vehicles belonging to the same fleet, while maintaining the privacy and security of the users. The security and privacy based access control (SPBAC) model implements mutually exclusive permissions (MEPs) assigned to users sitting in the vehicles of the same fleet. The SPBAC model ensures the application of dynamic separation of duty (DSD) owing to contradictory permissions. SPBAC is based on the concept of applying DSD according to MEPs as a replacement for roles; thus, SPBAC stores the objects in a tree-like directory structure. DSD in RBAC is applied owing to a contradiction in interest among diverse roles that have been circumvented. DSD is forcibly applied when roles are activated for the users instead of role assignment being carried out, as is practiced in static separation of duty (SSD). The definition of DSD reveals that a user can activate two conflicting roles simultaneously, in two different sessions [5]. In the future, conceding and canceling roles will be achieved dynamically, according to the Abstraction, Separation, Containment, Automation and Accountability (ASCAA) Ideologies for NextGeneration RBAC [6, 9]. By incorporating DSD implementation into RBAC, roles can be granted and revoked dynamically and optimally. In reality, RBAC is considered as a mechanism that is referenced for implementing several security

2

policies. RBAC is considered to be a mechanism/model used for implementing separation of duty (SOD) because it is closely attached thereto [7, 10]. In this research, a SPBAC method is proposed that incorporates DSD on the level of contradicting permissions. These contradictions are caused by various factors. Permissions are contradicted owing to contrasts by actions or objects, or both simultaneously. A local authentication access control scheme was developed that allows machineto-machine devices to verify access rights locally, as well as grant privileged access to all users [11]. The SPBAC model implements contradictory permissions associated with officials traveling in vehicles of the same fleet owing to contradictory objects. It has been established that the object is a key entity, as with permissions, users, and roles. The object can be considered as any of the resources such as a printer, directory, and file or folder, among others. The purpose and importance of using an object with DSD is discussed in depth in the SPBAC model [3]. II. STATE OF THE ART At present, no access control mechanism exists that can handle the communication of sensitive information among users traveling in various vehicles belonging to the same high-profile fleet, namely government or military. A new media access control (MAC) algorithm, “ResVMAC for VANETs”, has been proposed in recent years. The MAC protocol applies immediate storage of transmission, and incorporating this into vehicles that are willing to transmit this packet will be key to solving this challenge [11]. Whenever a vehicle encounters an emergency, it needs to broadcast this information to every nearby vehicle within the transmission range. These application types may accept single-hopped broadcasting of packets. MAC protocol has been revealed to be the prime component for determining the transmission efficacy of an emergency message [12]. Content delivery to vehicles is presented by an integrated algorithm, but will be improved with content-centric units. The contents are arranged according to popularity and priority, which are resolved by vehicle density [13]. When the abstract

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < exhibits a decline in the state of a continuous system, a safe, non-deadlocking state can be attained, and the maximum allowance is less supervision. This can be achieved by applying protection and nondeadlocking conditions to the abstract domain [14]. A model was proposed to achieve the objective of a network-level optimal capacity in a noncooperative game of power control [15]. Moreover, a model was proposed for a mobile crowd-sensing technology in order to support the creation of dynamic route selection for drivers who wish to avoid congestion on roads [16]. The key 5G building blocks were discussed within the context of vehicular communications, where design-level challenges were explored [17]. Several case studies have highlighted alerting people about vulnerability threats in IoT devices [18]. A fine-grained E-healthcare record (EHR) is a scheme for controlling access to resources. This scheme has been proven as a secured scheme in the decisional parallel bilinear Diffie–Hellman. This model produces ciphertexts offline. The important factor is that it is conducted before obtaining knowledge of data regarding EHR and its policies [19]. An IoT survey on cloud computing with an emphasis on security issues demonstrated the manner in which cloud computing can improve IoT functionality [20]. RBAC has been examined by researchers in terms of several aspects. The fusion of permissions and authorization times results in an optimal interoperable system in RBAC and the relationshipbased access control model [21]. Another access control methodology was developed for doctors and nurses in emergency situations to access patient information without an overt request, by merging critically aware access control and RBAC [22]. Cloud storage is becoming increasingly popular, making access control a critical and challenging issue. A model incorporating the RBAC hierarchy with users and attributes of roles saves on computational and transmission costs for users in the cloud network [23]. The security-based scheduling algorithm “secure and available trust relation in RBAC” has been proposed. This model uses the network availability

3

and security states as factors for a trust relationship [8]. For the ratification of long-listed access control policies, a first-order logic RBAC (FORBAC) model was proposed. To measure the degree of expensiveness, analysis was conducted in the European Bank [24]. The analysis of administrative RBAC has been performed irrespective of the limitations of the distinct administration [25]. The diversity of RBAC limitations was explained, following which the use of limitation mining was executed by implementing traditional data mining tools for RBAC limitations [26]. RBAC policies were implemented according to relevant data based on place and time. An automatic as well as efficient analysis method for the administration of temporary RBAC policies has been presented, in which the accessibility issues were translated correctly for reachability problems [27]. In the cloud, user data are selected/removed, and traditional RBAC models may result in administrative problems resulting from the increasing numbers of users. The concept of 4D roles has been presented to control the possibilities of information leaks and management complexity in the cloud environment [28]. The CP-ABE scheme was proposed by supporting the outsourced capability and updating attributes for fog computing [29]. A fine-grained, flexible, and privacy-aware model for controlling access in the field of big data was proposed in the form of “very lightweight proxy re-encryption”. This method reduces the cost of updating the policy during file re-encryption [30]. The origin-destination (OD) matrix of social vehicles was forecasted with calibration of the OD matrix under the average growth factor method [31]. The control of access to the cloud environment is substantially more challenging than other areas. Instead of relying on cloud providers, users may safely save cloud data with the aid of an encryption method [13]. RBAC and its extensions have already been discussed as well as implemented, owing to their management ease, firm security, and usability. Therefore, it is inevitable to discover its strengths and weaknesses with all of the potential extents. An algorithm has been suggested to provide a stable and reliable platform for chasing a vehicle owing to its graphical structures [9].

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < III. CONSTITUENTS OF CONFLICTING PERMISSIONS In this section, we propose potential reasons for which two permissions may be controversial. A permission is formed as a result of the assignment of an action or operation to an object. The conflicting roles are owing to the MEPs, which are ultimately a result of conflicting actions or objects, or both simultaneously. All of the possible artifacts constituting conflicting permissions are illustrated in Figure 1. Figures 1 (a) and (d) have the same white background owing to containing the same object; that is, object 1. Figures 1 (b) and (c) also have the same grey background owing to containing the same objects, namely objects 1 and 2.

4

B. Artifact 2 (same action performed on different objects) Two permissions may be conflicting owing to the same actions being applied on two different objects. This constitutes the second artifact illustrated in Figure 1 (b). For example, in a high-profile official fleet, the locking of brakes and doors is declared as conflicting, which ultimately creates conflicting permissions, because the same action is applied to two different objects. C. Artifact 3 (different actions performed on different objects) The third possibility that causes two permissions to be conflicting is the application of two different actions on two different objects. This is illustrated in Figure 1 (c) for an IoT-based fleet, where disabling the brakes and locking the doors is an example of conflicting permissions. D. Artifact 4 (same action performed on same object) The final artifact is the application of the same action on the same object, providing two different permissions that are then treated as conflicting, which is a clear contradiction, as demonstrated in Figure 1 (d). For example, locking the doors of a car of a fleet cannot conflict with locking the doors of the same car of the same fleet.

Figure 1: Constituents of conflicting permissions

A. Artifact 1 (different actions performed on same object) The first possibility is that two permissions may exhibit a conflict of interest owing to having conflicting actions against the same object. The resultant permissions will be treated as conflicting. One object may be allocated to two totally different actions for creating two totally different permissions [5]. This case is described in Figure 1 (a). For example, locking and unlocking the doors of a car permanently are declared as conflicting permissions owing to different actions being performed on the same objects.

IV. SPBAC MODEL As opposed to permissions rather than roles, it is necessary to address the level of permissions. DSD should be dependent on contradictory permissions compared to conflicting roles. This technique will aid in resolving the disputes among conflicting roles, which has been proven as a more applicable and challenging approach. Therefore, disputes must be referred to as conflicting permissions in the RBAC standard, rather than conflicting roles [5]. There usually exist a huge number of objects in an organization. The permissions are a combination of operations and resources; therefore, it is very difficult for the security administrator to create permissions manually. In an organization, a limited list of actions exists, but the list of objects is excessively long to handle. The list of objects

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < increases with the passage of time in the life of an organization. Therefore, the objects may number hundreds of thousands. The SPBAC model was proposed to ensure that mutually exclusive roles and other hindrances are mutually enforced in SOD. This also ensures the stability of RBAC models in relation to the processes. DSD is mobilized and implemented automatically. Researchers have obtained figures regarding the ratio of conflicting roles to the total number of roles in the user population. User roles exist in only 3% to 4% of the population. This proportion is indicated in case studies, and may differ from the results of this study [32]. The administrator does not need to explain clearly contradictory permissions whereby the same object will be provided with a MEP for the same object automatically. This will be favorable for the security administrator, who will be able to save many attempts and time, manually used to sign in through several MEPs. As opposed to the classic RBAC, a model is presented to users as a role-driven and selfassigned role. The researchers also pointed out the lack of induced role structures and the existing role hierarchy [33]. Janpitak and Sathitwiriyawong presented a model to enable DSD to be effective and dynamic. The major problem of DSD is solved by combining the workflow sequence with the mutually exclusive roles (MERs) limit, in which the conflict of interest is proven at runtime [34]. Various authors have added a workflow setting for multiple MERs in order to verify disputes at runtime [21, 22]. The main objective of the SPBAC model is to maintain security and privacy among the users traveling in vehicles belonging to the same highprofile fleet under the vehicular network. This involves the application of domain-driven design to the level of contradictive permissions. The SPBAC model applies DSD for such contradictive permissions with different objects. Figure 2 illustrates that the users traveling in yellow, green, blue, and red cars belong to the same fleet. This fleet is considered as official, as certain government or military officials are traveling in the fleet. The officials communicate with one another with the aid of on-board units and are also linked to

5

roadside units with the WiFi access point. These points are then connected using a base station controller. This connectivity may be enhanced or modified with various communication techniques, such as satellite and 5G. The SPBAC model is implemented on important concepts. DSD is applied at the level of controversial permissions as well as directory tree structure practices in order to store objects. When several MEPs exist with different objects, and the need arises to declare contradictions, SPBAC is applied to implement DSD. "Dissimilar objects" means that there exist two distinct and unique objects. The entities of objects may or may not belong to similar object categories.

Figure 2: Vehicle-to-vehicle communication belonging to same fleet

A. SPBAC model description In the SPBAC model, whenever DSD is required to be applied, the entire role is not in mutual exclusion (ME). However, DSD is applied to MEPs, as the usual normalized roles will be in ME, but the external role does not affect the ME. In this manner, users can enable all permissions that are not in conflict with another role, even though they may be allowed under MERs. The security manager announces these types of contradictions as mutually exclusive roles, which contradict another conflicting role. A complete set of contradictory permissions for the role is declared as a member of the main role under

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < this normalized role. Whenever users execute a permission that belongs to the normalized role, all of the normalized roles are brought into memory. These are permitted, and are in conflict with the targeted permissions [27]. In the case of implementing the SPBAC model, the organizational needs may vary. The SPBAC provides three different artifacts at this point. We recommend that, whenever the user attempts to execute a normalized role, it will be necessary to determine whether any normalized role has been activated before, particularly if it conflicts with the requested permission. In the case of activating any conflicting permission from any other normalized role, the user is not allowed to execute the targeted permission. Yumin claimed that an easy means of managing RBAC management should be presented, and his approach to organizing RBAC used a tree structure [35]. In order to organize DSD, it has been proven that tree-based data structures reduce the density and efforts of administration to a significant extent [11, 12]. A lightweight model for annotating the semantics of the big data used in heterogeneous devices in IoT was proposed [36]. B. Formal specifications of SPBAC model The Alloy language is an appropriate lightweight modeling system for the verification of algebraic properties, as well as the internal consistency of RBAC. The Alloy language specifies a conflict-free RBAC. The SPBAC model is formally specified so that the soundness and completeness properties can be verified. The prescribed description of the model is specified as follows [27].  TOTAL_USERS, TOTAL_ROLES, NET_PRMS, NET_OPS, and NET_OBS (total number of users in all categories, total number of all roles, net number of permissions, net number of operations, and net number of objects, respectively).  𝑈𝑈 _ 𝐴𝐴 ⊆ 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈 × 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅: Assignment of users to roles in many-to-many relationships.  𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃 = 2(𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑂𝑂𝑂𝑂𝑂𝑂 × 𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑂𝑂𝑂𝑂𝑂𝑂 , which denotes the permission set.  𝑃𝑃 _ 𝐴𝐴 ⊆ 𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃 × 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅: This denotes the permission-role assignment in terms of

6

many-to-many relationships.  TOTAL _SESSIONS: The session set.  OUTER_ROLE: This set contains the total nonconflicting permissions and belongs to the set TOTAL_ROLES.  OUTER_ROLE ⊆ TOTAL_ROLES.  INNER_ROLE: This is a set of conflicting permissions, which is a subset of the total number of roles.  INNER_ROLE ⊆ TOTAL_ROLES  INNER_RS is a set of inner roles.  session_inner_role This (s:TOTAL_SESSIONS)→2TOTAL_ROLES: represents TOTAL_SESSIONS “s” on a set of TOTAL_INNER roles.  Executes: This is a function that executes a certain permission.  ¬ Executes: This function does not allow a user to execute a permission.  Executed: If a permission has already been activated by a user, this function produces the Boolean value.  ¬ Executed: If a permission has not already been activated by a user, this function produces the Boolean value.  M_EXP: This causes permissions to be conflicting.  M_EX_OP: This function makes two operations conflicting. Its implementation defines whether or not this will be executed against the same object, different objects, or both simultaneously.  IS_PARENT_TO: This function calculates parentchild relationships.  USER_RQST_EXECUTE: This function is a request from a user to execute a certain permission. V. METHODOLOGY The administrator assigns operations to many resources (objects) that may have a directory, child directory, and file. An operation is allocated to an object or objects. Thereafter, an object is assigned to various actions. While allocating the operations in the case of a directory, the administrator mentions the status of assignment to actions affecting all directories, or its effect remains only on the targeted directory. New permissions are created owing to this assignment. The system administrator now allows

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < for several MEPs, according to the two contradictory permissions. Both have different mutually assigned specific objects, but the actions may differ. Therefore, the system stores the information regarding these clearly announced MEPs [3]. Whenever a user requires a role to be activated as a permission, the SPBAC model verifies whether or not the permission is already conflicting with another

7

permission. In such a case, where the SPBAC model does not detect any such permission, SPBAC provides user access. Thus, the SPBAC model will allow the user to execute targeted permissions if another conflicting permission has not been activated. Moreover, in the case of a controversial permission already having been activated, the SPBAC model does not allow for the activation of any such targeted permissions.

Figure 3: Conflicting permissions with dissimilar objects

The storage of various items under various directories is illustrated in Figure 3. Three permissions, namely P1, P2, and P3, are created by assigning three operations to directories (Dir.L1.1, Dir.L1.0, and Dir.L2.0), as indicated in Figure 3. The creation of permissions is confined to only those directories in which the inner directories are not affected by this assignment. Thereafter, the administrator creates two permissions, namely P1 and P2, as conflicting permissions [3]. Each directory is treated as an object. Whenever a user desires permission P1 to be executed, it is determined that it conflicts with permission P2. Therefore, the SPBAC model determines that a user activates P2, already having the same object in permission P2. By assuming that the permission has

already been executed by the user, an "Access denied" message is received. Therefore, the SPBAC model implements DSD exclusively applied to the MEP declaration level, which has a different object. The SPBAC model applies DSD to the controller security administrator, as well as the various permissions declared by an automatic declaration of MEPs. The SPBAC model achieves automatic assignment of conflicting permissions. The security administration describes the list of contradictions as manual permissions, rather than contradictory. According to the conflicting actions, a conflicting permissions set is created automatically. The SPBAC model is explained by means of an example. Assume that we are dealing with a management information system

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < that enables different permissions with different users. In Figure 3, items are protected under the tree structure; therefore, when any action is implemented in any directory, objects and directories are immediately promoted. A scenario exists when user U1 has the role R1 and wishes to write to File.txt with

8

permissions P1 and P2, which indicates the user intention for activating P1. Figure 4 illustrates the user intention in the Dir.L3 directory.

Figure 4: Executing conflicting permissions requested by users

When the system receives permission from the user, the system request for investigation is a controversial action in the list of conflict-related actions, namely "writing". The system determines that, in its list, the action “writing” is known, and there are two conflicting actions, namely “executing” and “printing”, as indicated in Table 1. Table 1: Conflicting actions list

No. Action to execute Conflicted action 1

Executing

Updating

2

Printing

Writing

3

Printing

Updating

4

Writing

Executing

Thereafter, the system detects whether any contradictory actions are allocated to the parent directories of the target directory. The system indicates that one of the contradictory processes,

namely "printing", is defined as the target directory parent, as illustrated in Figure 4. Following this confirmation, the system detects whether this permission is allowed in a parent directory of the target directory, by assigning "printing" to the user. This system examines P2, which can be set to the user of the action and object. It is necessary to know the status of the execution of conflicting permissions by the same user. We enable the conflicting permissions against the active permissions executed by user U1, as indicated in Table 2. Table 2: History of activated permissions

User Operation

Resource

Activation status

U2

Executing

Dir.L5.abc.exe

Positive

U3

Printing

Dir.L10.xyz.doc

Positive

U1

Printing

Dir.L3.File.txt

Positive

U4

Writing

Dir.L6.fm.doc

Positive

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < Therefore, after implementing DSD, the required results are obtained regarding MEPs, as opposed to the scenario in which the security manager disputes a permission as a MEP manually. Permissions are announced, as the SPBAC model performs optimization in the form of time and efforts for security administrators, where they announce several controversial permissions as MEPs. A. Checking access The step-by-step procedure for checking access is described below. • After successful authentication, a user U requests the execution of a certain permission P, which falls under role R. • The system verifies whether or not the requested user U is eligible and approved to execute the targeted permission. If the authorization test is not performed successfully, the user is not allowed to execute a certain action on a specific object, and an “Access denied” message is displayed to the user. • However, following a successful authorization test, the system verifies the list of all permissions conflicting with the requested permission, which means it is determined whether it falls under an inner-role. • The first possibility is that the targeted permission is not in conflict with any other permission in the system, in which case the system allows user access to execute the targeted permission. • The second possibility is that the targeted permission is found to be conflicting with any other permission, in which case, two further possibilities exist, as follows. • The first case is that a user did not already execute another conflicting permission, and the system permits any user to execute the targeted permission by granting access. • The second case is that the user has already executed another conflicting permission, and the system does not allow the user to execute the targeted permission by simply denying access to the user. Therefore, in this manner, user access is verified regarding the execution of a specific permission.

9

B. SPBAC model properties The SPBAC model is characterized by two properties, namely the "soundness property", which deals with safety, and the “completeness property”, regarding liveness. The soundness property protects the SPBAC model components and proves that the system does not perform badly. Addressing the completeness property proves the model availability, and a positive outcome is evident. We present these features formally and informally in the following sections. C. Soundness property The soundness property ensures that the system remains safe after implementing the SPBAC model. The soundness property is described formally below. ∀𝑝𝑝1, 𝑝𝑝2 ∈ 𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃, 𝑢𝑢1 ∈ 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈, 𝑟𝑟1 & 𝑟𝑟2 ∈ 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅, 𝑢𝑢1 ∈ 𝑟𝑟1, 𝑟𝑟2, 𝑝𝑝1 ∈ 𝑟𝑟1, 𝑝𝑝2 ∈ 𝑟𝑟2, 𝑝𝑝1 ∈ 𝑟𝑟1 _ 𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼, 𝑝𝑝2 ∈ 𝑟𝑟2 _ 𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼: 𝑀𝑀 _ 𝐸𝐸𝐸𝐸 _ 𝑃𝑃𝑃𝑃𝑃𝑃 (𝑝𝑝1, 𝑝𝑝2) ∧ 𝑢𝑢1 _ 𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟 _ 𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸(𝑢𝑢1, 𝑟𝑟1, 𝑝𝑝𝑝𝑝) ∧ 𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸(𝑢𝑢1, 𝑟𝑟2, 𝑝𝑝2) ⇒ ¬𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸(𝑢𝑢1, 𝑟𝑟1, 𝑝𝑝𝑝𝑝)

The user may be outside the role of any authorized permission, without any restrictions, which may be carried out without any restrictions or trials. If a certain permission that conflicts with any other permission is requested to be activated, the conflicting permission must not be activated by the same user. D. Completeness property This property ensures that, if a user wishes to execute a certain permission, this permission is not in a state of conflict with another permission. The completeness property is formally described as follows. ∀𝑝𝑝1, 𝑝𝑝2 ∈ 𝑁𝑁𝑁𝑁𝑁𝑁 _ 𝑃𝑃𝑃𝑃𝑃𝑃𝑃𝑃, 𝑢𝑢1 ∈ 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈𝑈, 𝑟𝑟1 & 𝑟𝑟2 ∈ 𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇𝑇 _ 𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅𝑅, 𝑢𝑢1 ∈ 𝑟𝑟1, 𝑟𝑟2, 𝑝𝑝1 ∈ 𝑟𝑟1, 𝑝𝑝2 ∈ 𝑟𝑟2, 𝑝𝑝1 ∈ 𝑟𝑟1 _ 𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼, 𝑝𝑝2 ∈ 𝑟𝑟2 _ 𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼: 𝑀𝑀 _ 𝐸𝐸𝐸𝐸 _ 𝑃𝑃𝑃𝑃𝑃𝑃 (𝑝𝑝1, 𝑝𝑝2)

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < ∧ 𝑢𝑢1 _ 𝑟𝑟𝑟𝑟𝑟𝑟𝑟𝑟 _ 𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸(𝑢𝑢1, 𝑟𝑟1, 𝑝𝑝𝑝𝑝) ∧ ¬𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸𝐸(𝑢𝑢1, 𝑟𝑟2, 𝑝𝑝2) ⇒ 𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎𝑎(𝑢𝑢1, 𝑟𝑟1, 𝑝𝑝1)

If a conflict of interest is created with another permission, and that permission has not been executed by the same user, access should be allowed to execute such a permission. E. Results and discussion The SPBAC model for the Internet of connected vehicles allows the authorities of security officials to access information using a combination of permissions and roles, instead of roles only, regarding officials traveling in vehicles belonging to the same fleet. The SPBAC model implements secured communication among security layers in a secure, private, and efficient manner. Only legitimate users will be able to access sensitive information regarding officials moving in a fleet, which may include route information, moving speed, and timing information. The SPBAC model has been demonstrated by using mathematical modeling along with implementation examples. The SPBAC has been proven as a privacy and security-based model, as demonstrated in the verification of the model properties such as soundness and completeness. The soundness property protects the SPBAC model components and proves that the system does not perform badly, while addressing the completeness property proves the model availability and evidences a desirable outcome. The SPBAC model has been proven to be efficient, dynamic, and secure compared to other authorization models i.e. Role Based Access Control (RBAC), Discretionary Access Control (DAC), and Mandatory Access Control models. This SPBAC model implements the behavior of ME at the permission level instead of the role level. The results are presented in Figures 5 and 6, and compared with RBAC, DAC, and MAC. In Figure 5, it is observed that the SPBAC model (in red color plotted values) implementation in hierarchy levels provides a better execution time compared to DAC (in orange color plotted values) and RBAC (in green color plotted values). This result is compared with DAC and RBAC due to having nature of maintaining hierarchy levels. The SPBAC model also performs more

10

effectively when the execution time is measured in terms of the distance of the communicating vehicles. The SPBAC model outperforms the state-of-the-art access control models concerning the distance of the communication vehicles and hierarchy levels. In Figure 6, the distance is measured in meters and time is measured in milliseconds. It is observed that SPBAC model (yellow curve) performs better than RBAC (red curve) and MAC (blue curve). The SPBAC model exhibits a limitation in terms of implementing DSD in such a manner that a child directory does not inherit operations from hierarchical parent directories; it inherits actions only from the single parent directory. For future works, this will provide a good starting point.

Figure 5: SPBAC algorithm execution time with hierarchy levels

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) <

11

fleet is implemented in layers, where a different officer manages the individual layers. The officer from one layer coordinates with the officer of another layer but may remain unaware of secret information. ACKNOWLEDGMENTS This study was partially supported by National Funding from the FCT - Fundação para a Ciência e a Tecnologia through the UID/EEA/50008/2019 Project; by RNP, with resources from MCTIC, Grant No. 01250.075413/2018-04, under the Radiocommunication Reference Center (Centro de Referência em Radiocomunicações - CRR) project of the National Institute of Telecommunications (Instituto Nacional de Telecomunicações - Inatel), Brazil; and by Brazilian National Council for Research and Development (CNPq) via Grant No. 309335/2017-5. The authors extend their appreciation to the Deanship of Scientific Research at King Saud University for funding this work through research group no (RG-1439-022). Figure 6: Algorithm execution time with distance of vehicles

Another limitation is that copying and moving the directory is not currently incorporated into the SPBAC model. Whenever a copy or directory movement takes place, the action assignment should be updated accordingly. We would begin from this perspective in future research. VI. CONCLUSION AND FUTURE WORK It can be concluded that DSD cannot be implemented completely automatically in terms of the creation and announcement of all conflicting permissions. For this reason, two specific actions may create conflicts against certain objects; however, this will not always be the case, because these actions cannot be controversial to another interest. In this manner, the declaration of conflicting permissions cannot be fully automatic. The second option is for an administrator to announce MEPs explicitly. Finally, another option may be the clear announcement of negative permissions that are in ME. In order to implement DSD for creating as well as declaring MEPs, all three methods are combined to provide the required application. There is a significant need to develop such access control models or techniques that implement vehicle-vehicle communication in a secure, private, and efficient manner. The SPBAC model ensures the implementation of the communication security and privacy among vehicles in a vehicular network belonging to the same fleet. The security of such a

REFERENCES [1] Xia, Y., Chen, W., Liu, X., Zhang, L., Li, X., & Xiang, Y. (2017). Adaptive multimedia data forwarding for privacy preservation in vehicular ad-hoc networks. IEEE Transactions on Intelligent Transportation Systems, 18(10), 2629-2641. [2] Zhang, P., Chen, Z., Liu, J. K., Liang, K., & Liu, H. (2018). An efficient access control scheme with outsourcing capability and attribute update for fog computing. Future Generation Computer Systems, 78, 753-762. [3] Habib, M. A. (2011). Secure RBAC with dynamic, efficient, & usable DSD. Institute for Information Processing and Microprocessor Technology. [4] Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Rolebased access control models. Computer, 29(2), 38-47. [5] INCITS, A. (2004). INCITS 359-2004, American national standard for information technology, role based access control. American National Standards Institute. [6] Li, F., Li, Z., Han, W., Wu, T., Chen, L., Guo, Y., & Chen, J. (2018). Cyberspace-Oriented Access Control: A Cyberspace Characteristics based Model and its Policies. IEEE Internet of Things Journal. [7] Sandhu, R., & Year, V. B. (2008). The ASCAA principles for nextgeneration role-based access control. Engineer, 1, E1. [8] Crampton, J., Morisset, C., & Zannone, N. (2015). Access control with nondeterministic and probabilistic attribute retrieval. In 3rd Workshop on Hot Issues in Security Principles and Trust (HotSpot 2015), April 18, 2015, London, UK. [9] Rath, M., Rout, U. P., Pujari, N., Nanda, S. K., & Panda, S. P. (2017). Congestion Control Mechanism for Real Time Traffic in Mobile Adhoc Networks. In Computer Communication, Networking and Internet Security (pp. 149-156). Springer, Singapore. [10] Hossain, M. K., Datta, S., Hossain, S. I., & Edmonds, J. (2017). ResVMAC: A Novel Medium Access Control Protocol for Vehicular Ad hoc Networks. Procedia Computer Science, 109, 432-439. [11] Lin, Y. H., Huang, J. J., Fan, C. I., & Chen, W. T. (2018). Local Authentication and Access Control Scheme in M2M Communications with Computation Offloading. IEEE Internet of Things Journal.

> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < [12] Bi, Y., Zhou, H., Zhuang, W., & Zhao, H. (2017). Overview of Safety Message Broadcast in Vehicular Networks. In Safety Message Broadcast in Vehicular Networks (pp. 11-24). Springer, Cham. [13] Su, Z., Hui, Y., & Yang, Q. (2017). The next generation vehicular networks: A content-centric framework. IEEE Wireless Communications, 24(1), 60-66. [14] Rizvi, S. Z. R., & Fong, P. W. (2016, March). Interoperability of relationship-and role-based access control. In Proceedings of the Sixth ACM Conference on Data and Application Security and Privacy (pp. 231-242). ACM. [15] Lin, D., Tang, Y., Labeau, F., Yao, Y., Imran, M., & Vasilakos, A. V. (2017). Internet of vehicles for e-health applications: a potential game for optimal network capacity. IEEE Systems Journal, 11(3), 1888-1896. [16] Wan, J., Liu, J., Shao, Z., Vasilakos, A. V., Imran, M., & Zhou, K. (2016). Mobile crowd sensing for traffic prediction in internet of vehicles. Sensors, 16(1), 88. [17] Shah, S. A. A., Ahmed, E., Imran, M., & Zeadally, S. (2018). 5g for vehicular communications. IEEE Communications Magazine, 56(1), 111-117. [18] Yaqoob, I., Ahmed, E., ur Rehman, M. H., Ahmed, A. I. A., Al-garadi, M. A., Imran, M., & Guizani, M. (2017). The rise of ransomware and emerging security challenges in the Internet of Things. Computer Networks, 129, 444458. [19] Liu, Y., Zhang, Y., Ling, J., & Liu, Z. (2018). Secure and fine-grained access control on e-healthcare records in mobile cloud computing. Future Generation Computer Systems, 78, 1020-1026. [20] Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2018). Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, 964-975. [21] Pulur, N. A., Altop, D. K., & Levi, A. (2016). A role and activity based access control for secure healthcare systems. In Information Sciences and Systems 2015 (pp. 93-103). Springer, Cham. [22] Abo-Alian, A., Badr, N. L., & Tolba, M. F. (2016). Hierarchical attributerole based access control for cloud computing. In The 1st International Conference on Advanced Intelligent System and Informatics (AISI2015), November 28-30, 2015, Beni Suef, Egypt (pp. 381-389). Springer, Cham. [23] Luo, J., Wang, H., Gong, X., & Li, T. (2016). A novel role-based access control model in cloud environments. International Journal of Computational Intelligence Systems, 9(1), 1-9. [24] Li, J., Liao, Z., Zhang, C., & Shi, Y. (2016). A 4d-role based access control model for multitenancy cloud platform. Mathematical Problems in Engineering, 2016.

12

[25] Armando, A., & Ranise, S. (2010, September). Automated symbolic analysis of arbac-policies. In International Workshop on Security and Trust Management (pp. 17-34). Springer, Berlin, Heidelberg. [26] Khakpour, S., Pazzi, R. W., & El-Khatib, K. (2017). Using clustering for target tracking in vehicular ad hoc networks. Vehicular Communications, 9, 8396. [27] Habib, M. A., Mahmood, N., Shahid, M., Aftab, M. U., Ahmad, U., & Faisal, C. M. N. (2014, December). Permission Based Implementation of Dynamic Separation of Duty (DSD) in Role Based Access Control (RBAC). In Signal Processing and Communication Systems (ICSPCS), 2014 8th International Conference on (pp. 1-10). IEEE. [28] Habib, M. A., & Praher, C. (2009, November). Object based dynamic separation of duty in RBAC. In Internet Technology and Secured Transactions, 2009. ICITST 2009. International Conference for (pp. 1-5). IEEE. [29] Jiang, Y., Susilo, W., Mu, Y., & Guo, F. (2018). Ciphertext-policy attribute-based encryption against key-delegation abuse in fog computing. Future Generation Computer Systems, 78, 720-729. [30] Fugkeaw, S., & Sato, H. (2018). Scalable and secure access control policy update for outsourced big data. Future Generation Computer Systems, 79, 364373. [31] Kong, X., Xia, F., Ning, Z., Rahim, A., Cai, Y., Gao, Z., & Ma, J. (2018). Mobility dataset generation for vehicular social networks based on floating car data. IEEE Trans. Veh. Technol., 67(5), 3874-3886. [32] Schaad, A., Moffett, J., & Jacob, J. (2001, May). The role-based access control system of a European bank: a case study and discussion. In Proceedings of the sixth ACM symposium on Access control models and technologies (pp. 39). ACM. [33] Al-Kahtani, M. A., & Sandhu, R. (2003, June). Induced role hierarchies with attribute-based RBAC. In Proceedings of the eighth ACM symposium on Access control models and technologies (pp. 142-148). ACM. [34] Janpitak, N., & Sathitwiriyawong, C. (2010, October). Run-time enforcement model for Dynamic Separation of Duty. In Communications and Information Technologies (ISCIT), 2010 International Symposium on (pp. 115120). IEEE. [35] Xie, Y. (2009, December). An access rights administration model in rolebased security systems. In Information Engineering and Computer Science, 2009. ICIECS 2009. International Conference on (pp. 1-4). IEEE. [36] Ullah, F., Habib, M. A., Farhan, M., Khalid, S., Durrani, M. Y., & Jabbar, S. (2017). Semantic interoperability for big-data in heterogeneous IoT infrastructure for healthcare. Sustainable Cities and Society, 34, 90-96.

Secure and Privacy based Access Control Model for Internet of Connected Vehicles Muhammad Asif Habib, Mudassar Ahmad, Sohail Jabbar, Shehzad Khalid, Junaid Chaudhry, Kashif Saleem*, Joel J. P. C. Rodrigues*, Muhammad Sayim Khalil Author’s Biographies Dr. Muhammad Asif Habib completed his PhD from JKU Linz Austria. He is currently working as Assistant Professor at the Department of Computer Science, National Textile University Faisalabad, Pakistan. His research interests include Information/Network Security, Authorization/Role Based Access Control, IoT, Cloud/Grid Computing, Association Rule Mining, Recommender Systems, Wireless Sensor Networks, Vehicular Networks,. He is also serving as a technical reviewer of Top Journals and conferences. Mudassar Ahmad is serving as Assistant Professor in Department of Computer Science, National Textile University, Pakistan. He has 17 Years’ experience as Network Manager in a Textile Industry. He is an Associate Editor in IEEE Newsletters. His research work is published in many conferences and journals. His research includes Internet of Things, Bid Data and Health care. Sohail Jabbar is Assistant Professor at Department of Computer Science, and Director of Graduate Programs at Faculty of Sciences, National Textile University, Faisalabad Pakistan. He was Post-Doctoral Researcher at Kyungpook National University, Daegu, South Korea. He also served as Assistant Professor in the Department of Computer Science, COMSATS Institute of Information Technology (CIIT), Sahiwal and also headed Networks and Communication Research Group at CIIT, Sahiwal. He received many awards and honors from Higher Education Commission of Pakistan, Bahria University, CIIT, and the Korean Government. Among those awards, Best Student Research Awards of the Year, Research Productivity Award, BK-21 Plus Post Doc. Fellowship are few. He received the Research Productivity Award from CIIT in 2014 and 2015. He has been engaged in many National and International Level Projects. He has authored 1 Book, 2 Book Chapters and 60 + research papers. His research work is published in various renowned journals and magazines of IEEE, Springer, Elsevier, MDPI, Old City Publication and Hindawi, and conference proceedings of IEEE, ACM, and IAENG. He has been the reviewer for leading journals (ACM TOSN, JoS, MTAP, AHSWN, ATECS, among many) and conferences (C/var/folders/s7/jh6js2lx4rxggph90bykxm780000gq/T/com.microsoft.Word/WebArchiveCopyPasteTemp Files/sbndCODE 2017, ACM SAC 2016, ICACT 2016, among others). He is currently engaged as TPC member/chair in many conferences. He is guest editor of Sis in Concurrency and Computation Practice and Experience, (Wiley), Future Generation Computer Systems (Elsevier), Peer-to-Peer Networking and Applications (Springer), Journal of Information and Processing System (KIPS), and Cyber Physical System (Taylor & Francis). Sohail is on collaborative research with renowned research centers and institutes around the globe on various issues in the domains of Internet of Things, Wireless Sensor Networks and Big Data. Shehzad Khalid received the degree from the Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Pakistan, in 2000, the M.Sc. degree from the National University of Science and Technology, Pakistan, in 2003, and the Ph.D. degree from the University of Manchester, U.K., in 2009. He is currently a Professor and the Head of Department with the Department of Computer Engineering, Bahria University, Pakistan. He is also a qualified Academician and a Researcher with over 60 international publications in various renowned journals and conference proceedings. He is also the Head of Computer Vision and Pattern Recognition Research Group which is a vibrant research group undertaking various funded research projects. His areas of research include but are not limited to shape analysis and recognition, motion based data mining and behavior recognition, medical image analysis, ECG analysis for disease detection, biometrics using fingerprints, vessels patterns of hands/retina of eyes, ECG, Urdu stemmer development, short and long multi-lingual text mining, and Urdu OCR. He was a recipient of the Best Researcher Award for the year 2014 from Bahria University. He was also a recipient of the Letter of Appreciation for Outstanding research contribution in year 2013 and outstanding performance award from 2013 to 2014. He was the Reviewer for various leading ISI indexed journals. Dr. Junaid Chaudhry completed his PhD from Ajou University South Korea. In addition to holding a full time role at Adnevitas in Secuirty and Fraud Detection, he is also an adjunct member of Embry-Riddle Aeronautical University, University of Western Australia, Edith Cown University, and Murdoch University.

His research interests include Critical Infrastructure Protection, Anomaly Dectection in Security and Fraud domain, the DFIR, and Context Aware cyber security. Kashif Saleem is an Associate Professor at the Center of Excellence in Information Assurance (CoEIA), King Saud University, Riyadh, Saudi Arabia. He received his Master of Engineering (M.E.) in Electrical Engineering - Electronics & Telecommunication, and Doctor of Philosophy (Ph.D.) in Electrical Engineering from University Technology Malaysia in 2007 and 2011, respectively. The Post Graduate Diploma (P.G.D.) in Computer Technology & Communication from Government College University, Lahore, Pakistan in 2004 and B.Sc. (Computer Science) from Allama Iqbal Open University, Islamabad, Pakistan in 2002. He took professional trainings and certifications from the Massachusetts Institute of Technology (MIT), IBM, Microsoft, and Cisco. Dr. Saleem has authored and coauthored over 100 papers in refereed international journals and conferences. Dr. Saleem is an Associate Editor of Journal of Multimedia Information System (JMIS), IEEE Access, International Journal of E-Health and Medical Communications (IJEHMC), The International Journal of Cyber-Security and Digital Forensics (IJCSDF). He has organized, co-organized, and served as a technical program committee member in numerous renowned international workshops and conferences. Dr. Saleem acquired several research grants in KSA, EU, and the other parts of the world. His research interests are Ubiquitous Computing, Mobile Computing, Internet of Things (IoT), Machine to Machine (M2M) Communication, Wireless Mesh Networks (WMNs), Wireless Sensor Networks (WSNs) & Mobile Adhoc Networks (MANETs), Intelligent Autonomous Systems, Information Security, Biological Inspired Optimization Algorithms.

Joel J. P. C. Rodrigues [S’01, M’06, SM’06] is a professor at the National Institute of Telecommunications (Inatel), Brazil and senior researcher at the Instituto de Telecomunicações, Portugal. He received the Academic Title of Aggregated Professor in informatics engineering from UBI, the Habilitation in computer science and engineering from the University of Haute Alsace, France, a PhD degree in informatics engineering and an MSc degree from the UBI, and a five-year BSc degree (licentiate) in informatics engineering from the University of Coimbra, Portugal. His main research interests include e-health, sensor networks and IoT, vehicular communications, and mobile and ubiquitous computing. Prof. Joel is the leader of the Internet of Things Research Group (CNPq), Director for Conference Development - IEEE ComSoc Board of Governors, IEEE Distinguished Lecturer, Technical Activities Committee Chair of the IEEE ComSoc Latin America Region Board, the President of the scientific council at ParkUrbis – Covilhã Science and Technology Park, the Past-Chair of the IEEE ComSoc Technical Committee on eHealth, the Past-chair of the IEEE ComSoc Technical Committee on Communications Software, Steering Committee member of the IEEE Life Sciences Technical Community and Publications co-Chair, and Member Representative of the IEEE Communications Society on the IEEE Biometrics Council. He is the editor-in-chief of the International Journal on E-Health and Medical Communications and editorial board member of several high-reputed journals. He has been general chair and TPC Chair of many international conferences, including IEEE ICC, GLOBECOM, and HEALTHCOM. He is a member of many international TPCs and participated in several international conferences organization. He has authored or coauthored over 650 papers in refereed international journals and conferences, 3 books, and 2 patents. He had been awarded several Outstanding Leadership and Outstanding Service Awards by IEEE Communications Society and several best papers awards. Prof. Rodrigues is a licensed professional engineer (as senior member), member of the Internet Society, and a senior member ACM and IEEE. Muhammad Sayim Khalil is an associate professor at Center of Excellence in Information Assurance (CoEIA) at King Saud University since 2011. He received his Ph.D. in computer Science from Universiti Teknologi Malaysia, Malaysia 2010. He has been working on Image processing, Biometric, Multimedia forensic, pattern recognition and deep learning. He has published numerous works in international prestigious journals and conferences.

Secure and Privacy based Access Control Model for Internet of Connected Vehicles Muhammad Asif Habib, Mudassar Ahmad, *Sohail Jabbar, Shehzad Khalid, Junaid Chaudhry, *Kashif Saleem, Joel J. P. C. Rodrigues, Muhammad Sayim Khalil Author’s Pictures Muhammad Asif Habib

Mudassar Ahmad

Sohail Jabbar

Shehzad Khalid

Junaid Chaudhry

Kashif Saleem

Joel J.P.C. Rodrigues

Muhammad Sayim Khalil

Highlights 1.

Research focus on security and privacy of data communication in Internet of Connected Vehicles (IoCV).

2.

An access control model is proposed that allows the access-authorities of security officials in layers.

3.

The vehicles can communicate through wireless technology, i.e. Wi-Fi and cellular communication (4G/5G).

4.

The proposed model communication.

5.

The model is demonstrated by using mathematical modelling along with implementation.

ensures

security,

private

and an

efficient