5 research outputs found
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
SEABASS: Symmetric-keychain Encryption and Authentication for Building Automation Systems
There is an increasing security risk in Building Automation Systems (BAS) in that its communication is unprotected, resulting in the adversary having the capability to inject spurious commands to the actuators to alter the behaviour of BAS. The communication between the Human-Machine-Interface (HMI) and the controller (PLC) is vulnerable as there is no secret key being used to protect the authenticity, confidentiality and integrity of the sensor data and commands.
We propose SEABASS, a lightweight key management scheme to distribute and manage session keys between HMI and PLCs, providing a secure communication channel between any two communicating devices in BAS through a symmetric-key based hash-chain encryption and authentication of message exchange. Our scheme facilitates automatic renewal of session keys periodically based on the use of a reversed hash-chain. A prototype was implemented using the BACnet/IP communication protocol and the preliminary results show that the symmetric keychain approach is lightweight and incurs low latency
Twenty security considerations for cloud-supported Internet of Things
To realise the broad vision of pervasive computing,
underpinned by the “Internet of Things” (IoT), it is essential to
break down application and technology-based silos and support
broad connectivity and data sharing; the cloud being a natural
enabler. Work in IoT tends towards the subsystem, often focusing
on particular technical concerns or application domains, before
offloading data to the cloud. As such, there has been little regard
given to the security, privacy and personal safety risks that arise
beyond these subsystems; that is, from the wide-scale, crossplatform
openness that cloud services bring to IoT.
In this paper we focus on security considerations for IoT from
the perspectives of cloud tenants, end-users and cloud providers,
in the context of wide-scale IoT proliferation, working across
the range of IoT technologies (be they things or entire IoT
subsystems). Our contribution is to analyse the current state of
cloud-supported IoT to make explicit the security considerations
that require further work.This work was supported by UK Engineering and Physical Sciences
Research Council grant EP/K011510 CloudSafetyNet:
End-to-End Application Security in the Cloud and Microsoft
through the Microsoft Cloud Computing Research Centre
Secure service virtualization in IoT by dynamic service dependency verification
Virtualizing Internet of Things (IoT) services is a concept of dynamically building customized high-level IoT services that rely on the real time data streams flowing from lowlevel standalone IoT devices. IoT service virtualization is essential when a myriads of IoT devices can get on-line, interact with each other, exchange data and based on them create one’s own service. Especially, when virtualization occurs across multiple externals domains, it’s crucial for clients to verify the source of virtual services, i.e. whether they are built based on authentic original service sources. Also, original services sources must be constantly aware of the identity of entities who (recursively) virtualize their services. To address these issues, this paper proposes IoT Service Dependency Tree (SDT) validation scheme. SDT uses service dependency trees and dependency signature trees, which enable clients to validate the original sources of a virtual IoT service, verify its service dependency relationships, and have original service sources to be constantly notified of the list of entities (recursively) virtualizing their services. This paper explains SDT scheme and presents use cases for IoT service virtualization where SDT can be applied. Our experimental analysis shows SDT is scalable for practical use