{"id":2892,"date":"2023-02-03T12:17:56","date_gmt":"2023-02-03T12:17:56","guid":{"rendered":"https:\/\/iot-ngin.eu\/?p=2892"},"modified":"2023-02-03T12:19:13","modified_gmt":"2023-02-03T12:19:13","slug":"applying-advanced-access-control-in-smart-agriculture","status":"publish","type":"post","link":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/","title":{"rendered":"Applying Advanced Access Control in Smart Agriculture"},"content":{"rendered":"\n<p>IoT-NGIN provides support for ambient intelligence-based access control while attempting to access IoT Device data through their Digital Twin, supported by the IoT Device Indexing (IDI). The IoT Device Access Control (IDAC) acts as a security middleware between the IoT devices and their (physical and digital) environment.<\/p>\n\n\n\n<p>The IoT Device Access Control is implemented as a flexible Ingress Gateway enforcing chained access control methods. In IoT-NGIN, the <em>Kong<\/em> open-source API gateway is employed as an Ingress\/API Gateway, backed up by a simple (PostgreSQL) database cluster mostly used to keep track of the API gateway configured routes, services, and up streams. Every request performed by an IoT-NGIN, or third-party service or user will be first evaluated by the gateway against a set of authentication and authorization plugins.<\/p>\n\n\n\n<p>In this post, the multi-criteria Access Control capabilities of IoT-NGIN will be presented attempting to access Synelixis\u2019 SynField<a href=\"#_ftn1\">[1]<\/a> IoT device data through its Digital Twin. Multi-criteria access control is imposed based on identity management, image recognition, and proximity to the requesting device. Identity management relies on the OpenID Connect plugin of IDAC, integrating Keycloak as the authorization server. Image recognition relies on IoT-NGIN IoT Device Discovery (IDD) variants for QR scanning (IDD-QR) and Computer-Vision based image recognition (IDD-CV). Last, but not least, proximity control is based on the proximity plugin of IDAC.<\/p>\n\n\n\n<p>In order to access SynField device data, the user must be first authenticated in the Smart Agri mobile app (Figure 1). This functionality relies on the Keycloak plugin of IDAC.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-6.png\" alt=\"\" class=\"wp-image-2894\" width=\"400\" height=\"388\" srcset=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-6.png 1022w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-6-300x291.png 300w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-6-768x745.png 768w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-6-600x582.png 600w\" sizes=\"(max-width: 400px) 100vw, 400px\" \/><\/figure><\/div>\n\n\n\n<p>In Figure 2, on the right-hand side screen, the black terminal corresponds to the OpenID Connect plugin logs, while the blue terminal corresponds to the proximity plugin logs.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-2.png\" alt=\"\" class=\"wp-image-2895\" width=\"472\" height=\"331\" srcset=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-2.png 488w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-2-300x210.png 300w\" sizes=\"(max-width: 472px) 100vw, 472px\" \/><figcaption><a>Figure <\/a>2 &#8211; IoT Devices Access Control Plugins&#8217; Logs (black terminal for the OpenID Connect Authentication plugin; the blue terminal for the Proximity plugin).<\/figcaption><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>First, a remote user logs in to the app in order to gain Keycloak authorization.<\/p>\n\n\n\n<p>In this first attempt, the user aspires to access SynField measurements via valid credentials and device images, but the user is not close enough to the device.<\/p>\n\n\n\n<p>Then, she scans a QR code, corresponding to the SynField device serial number (Figure 3a). This is supported by IDD \u2013 QR.<\/p>\n\n\n\n<p>Next, she scans a photo of the device to be recognized., which triggers the IDD-CV functionality (Figure 3b).<\/p>\n\n\n\n<p>The user is denied access and is prompted to move closer to the device (Figure 3c). This indicates that the proximity constraints set for the requester and the device are not satisfied.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3-1024x817.png\" alt=\"\" class=\"wp-image-2900\" width=\"460\" height=\"368\" srcset=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3-1024x817.png 1024w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3-300x239.png 300w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3-768x613.png 768w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3-600x479.png 600w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/figure-3.png 1108w\" sizes=\"(max-width: 460px) 100vw, 460px\" \/><\/figure><\/div>\n\n\n\n<p>Looking at the logs of Figure 2, on the top terminal, we see that the user indeed passed the OpenID Connect authorization plugin. While on the other, we see the device\u2019s information and location and the distance between the user and the device, which surpassed the allowable threshold, so the user got denied access.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5-1024x931.png\" alt=\"\" class=\"wp-image-2897\" width=\"496\" height=\"451\" srcset=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5-1024x931.png 1024w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5-300x273.png 300w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5-768x698.png 768w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5-600x546.png 600w, https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/picture-5.png 1104w\" sizes=\"(max-width: 496px) 100vw, 496px\" \/><\/figure><\/div>\n\n\n\n<p>The user tries again, but this time being close to the actual SynField device (Figure 4a). This time the user got access, and the device measurements are retrieved (Figure 4b), as the user\u2019s distance from the SynField device scanned is lower than the set threshold. The data illustrated are SynField data of the requested device, which have been provided through its digital twin (IDI).<\/p>\n\n\n\n<p>Interested in this functionality?<\/p>\n\n\n\n<p>The IoT-NGIN code is available on <a href=\"https:\/\/gitlab.com\/h2020-iot-ngin\">Gitlab<\/a>!<\/p>\n\n\n\n<hr class=\"wp-block-separator is-style-wide\">\n<p><meta charset=\"utf-8\"><strong>References<\/strong><\/p>\n\n\n\n<p><a href=\"#_ftnref1\">[1]<\/a> https:\/\/www.synfield.gr\/<\/p>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n","protected":false},"excerpt":{"rendered":"<p>IoT-NGIN provides support for ambient intelligence-based access control while attempting to access IoT Device data through their Digital Twin, supported by the IoT Device Indexing (IDI). The IoT Device Access Control (IDAC) acts as a security middleware between the IoT &hellip;<\/p>\n","protected":false},"author":2,"featured_media":2902,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[17],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Applying Advanced Access Control in Smart Agriculture - IOT NGIN<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Applying Advanced Access Control in Smart Agriculture - IOT NGIN\" \/>\n<meta property=\"og:description\" content=\"IoT-NGIN provides support for ambient intelligence-based access control while attempting to access IoT Device data through their Digital Twin, supported by the IoT Device Indexing (IDI). The IoT Device Access Control (IDAC) acts as a security middleware between the IoT &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/\" \/>\n<meta property=\"og:site_name\" content=\"IOT NGIN\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-03T12:17:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-03T12:19:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png\" \/>\n\t<meta property=\"og:image:width\" content=\"218\" \/>\n\t<meta property=\"og:image:height\" content=\"286\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Giannis Tsichlas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/iot-ngin.eu\/#website\",\"url\":\"https:\/\/iot-ngin.eu\/\",\"name\":\"IOT NGIN\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/iot-ngin.eu\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png\",\"contentUrl\":\"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png\",\"width\":218,\"height\":286},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#webpage\",\"url\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/\",\"name\":\"Applying Advanced Access Control in Smart Agriculture - IOT NGIN\",\"isPartOf\":{\"@id\":\"https:\/\/iot-ngin.eu\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#primaryimage\"},\"datePublished\":\"2023-02-03T12:17:56+00:00\",\"dateModified\":\"2023-02-03T12:19:13+00:00\",\"author\":{\"@id\":\"https:\/\/iot-ngin.eu\/#\/schema\/person\/dac2bc3c10805a89083986685c5801d1\"},\"breadcrumb\":{\"@id\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/iot-ngin.eu\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Applying Advanced Access Control in Smart Agriculture\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/iot-ngin.eu\/#\/schema\/person\/dac2bc3c10805a89083986685c5801d1\",\"name\":\"Giannis Tsichlas\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/iot-ngin.eu\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/740c19c414d2291ee24fcbe553ee2609?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/740c19c414d2291ee24fcbe553ee2609?s=96&d=mm&r=g\",\"caption\":\"Giannis Tsichlas\"},\"url\":\"https:\/\/iot-ngin.eu\/index.php\/author\/tsichlas\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Applying Advanced Access Control in Smart Agriculture - IOT NGIN","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/","og_locale":"en_US","og_type":"article","og_title":"Applying Advanced Access Control in Smart Agriculture - IOT NGIN","og_description":"IoT-NGIN provides support for ambient intelligence-based access control while attempting to access IoT Device data through their Digital Twin, supported by the IoT Device Indexing (IDI). The IoT Device Access Control (IDAC) acts as a security middleware between the IoT &hellip;","og_url":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/","og_site_name":"IOT NGIN","article_published_time":"2023-02-03T12:17:56+00:00","article_modified_time":"2023-02-03T12:19:13+00:00","og_image":[{"width":218,"height":286,"url":"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Giannis Tsichlas","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/iot-ngin.eu\/#website","url":"https:\/\/iot-ngin.eu\/","name":"IOT NGIN","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/iot-ngin.eu\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#primaryimage","inLanguage":"en-US","url":"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png","contentUrl":"https:\/\/iot-ngin.eu\/wp-content\/uploads\/2023\/02\/intro.png","width":218,"height":286},{"@type":"WebPage","@id":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#webpage","url":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/","name":"Applying Advanced Access Control in Smart Agriculture - IOT NGIN","isPartOf":{"@id":"https:\/\/iot-ngin.eu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#primaryimage"},"datePublished":"2023-02-03T12:17:56+00:00","dateModified":"2023-02-03T12:19:13+00:00","author":{"@id":"https:\/\/iot-ngin.eu\/#\/schema\/person\/dac2bc3c10805a89083986685c5801d1"},"breadcrumb":{"@id":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/iot-ngin.eu\/index.php\/2023\/02\/03\/applying-advanced-access-control-in-smart-agriculture\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/iot-ngin.eu\/"},{"@type":"ListItem","position":2,"name":"Applying Advanced Access Control in Smart Agriculture"}]},{"@type":"Person","@id":"https:\/\/iot-ngin.eu\/#\/schema\/person\/dac2bc3c10805a89083986685c5801d1","name":"Giannis Tsichlas","image":{"@type":"ImageObject","@id":"https:\/\/iot-ngin.eu\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/740c19c414d2291ee24fcbe553ee2609?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/740c19c414d2291ee24fcbe553ee2609?s=96&d=mm&r=g","caption":"Giannis Tsichlas"},"url":"https:\/\/iot-ngin.eu\/index.php\/author\/tsichlas\/"}]}},"cc_featured_image_caption":{"caption_text":"","source_text":"","source_url":""},"_links":{"self":[{"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/posts\/2892"}],"collection":[{"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/comments?post=2892"}],"version-history":[{"count":5,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/posts\/2892\/revisions"}],"predecessor-version":[{"id":2907,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/posts\/2892\/revisions\/2907"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/media\/2902"}],"wp:attachment":[{"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/media?parent=2892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/categories?post=2892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/iot-ngin.eu\/index.php\/wp-json\/wp\/v2\/tags?post=2892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}