Access Management in Lightweight IoT: A Comprehensive review of ACE-OAuth framework

With the expansion of Internet of Things (IoT), the need for secure and scalable authentication and authorization mechanism for resource-constrained devices is becoming increasingly important. This thesis reviews the authentication and authorization mechanisms in resource-constrained Internet of Things (IoT) environments. The thesis focuses on the ACE-OAuth framework, which is a lightweight and scalable solution for access management in IoT. Traditional access management protocols are not well-suited for the resource-constrained environment of IoT devices. This makes the lightweight devices vulnerable to cyber-attacks and unauthorized access. This thesis explores the security mechanisms and standards, the protocol flow and comparison of ACE-OAuth profiles. It underlines their potential risks involved with the implementation. The thesis delves into the existing and emerging trends technologies of resource-constrained IoT and identifies limitations and potential threats in existing authentication and authorization methods. Furthermore, comparative analysis of ACE profiles demonstrated that the DTLS profile enables constrained servers to effectively handle client authentication and authorization. The OSCORE provides enhanced security and non-repudiation due to the Proof-of-Possession (PoP) mechanism, requiring client to prove the possession of cryptographic key to generate the access token. The key findings in this thesis, including security implications, strengths, and weaknesses for ACE OAuth profiles are covered in-depth. It shows that the ACE-OAuth framework’s strengths lie in its customization capabilities and scalability. This thesis demonstrates the practical applications and benefits of ACE-OAuth framework in diverse IoT deployments through implementation in smart home and factory use cases. Through these discussions, the research advances the application of authentication and authorization mechanisms and provides practical insights into overcoming the challenges in constrained IoT settings

Enterprise Cloud Security Guidance and Strategies for Enterprises

Hinnanguliselt 72% ettevõtetest kasutavad vähemalt ühte pilves olevat rakendust või on mingi osa nende IT infrastruktuurist pilves. Uurimistööd näitavad, et 56% tehnoloogia valdkonna otsustajatest uurivad erinevaid võimalusi pilvelahenduste kasutamiseks. Eel-toodu tõttu on oluline mõista erinevaid pilveteenuste kasutusvõimalusi, ärivajadusi ja investeeringuid. Antud magistritöö hindab paljusid kasutegureid, mida pilverakenduste ja pilvearvutuse kasutamine pakub äritegevusele. Pilvearvutus pakub paindliku, taskuko-hast ja end tõestanud platvormi ärilahenduste ja IT lahenduste loomiseks. Pilvearvutuse kasutamine pakub ettevõtetele harukordset võimalust muuta teenuse pakkumist tõhusa-maks, juhtimist sujuvamaks ning viia IT teenused vastavusse pidevalt muutuvate äriva-jadustega. Pilvearvutuse kasutamine pakub rohkem kui ühe võimaluse ärivaldkondade usaldusväärseks toeks ning ühtlasi tõstab võimekust luua uusi ja innovaatilisi teenuseid. Olemasoleva kirjanduse mittetäielik analüüs toob esile selle, et enne ettevõtetes pilvela-henduste ja pilvearvutuse kasutuselevõttu on väga oluline pöörata tähelepanu kaasneva-tele turvalisuse väljakutsetele. Antud magistritöös on detailselt käsitletud peamisi pil-vandmetöötluse valdkonna turvalisuse probleeme ning töö järeldusena pakutakse välja soovitusi pilve turvalisuse juurutamiseks.Today an estimated 72% of enterprises use at least one cloud application or a percentage of their I.T infrastructure in the cloud. Research shows that 56% of the decision makers in technology are investigating more ways of leveraging the cloud. This makes it impor-tant to understand the different usage plans in cloud service models, business drivers and investments. This thesis measures the myriad benefits of using cloud applications, and the effect of cloud computing on business performance. As will be seen in the the-sis, cloud computing offers a flexible, affordable as well as proven platform for the pro-vision of business and IT services via the internet. Cloud computing provides companies with the rare opportunity of strengthening their efficiencies in service delivery, mana-gement streamlining, and the aligning of IT services with the ever changing business needs. In more ways than one, cloud computing provides solid support for business functions, alongside increasing the capacity for the development of new as well as inno-vative services. A non-exhaustive review of the existing literature revels that the security challenges faced by enterprises during cloud adoption and interoperability have to be addressed before the implementation of cloud computing. In this thesis, we provide a detailed overview of the key security issues in the realm of cloud computing and con-clude with the recommendations on the implementation of cloud security

Access Control for IoT: Problems and Solutions in the Smart Home

The Internet of Things (IoT) is receiving considerable amount of attention from both industry and academia due to the business models that it enables and the radical changes it introduced in the way people interact with technology. The widespread adaption of IoT in our everyday life generates new security and privacy challenges. In this thesis, we focus on "access control in IoT": one of the key security services that ensures the correct functioning of the entire IoT system. We highlight the key differences with access control in traditional systems (such as databases, operating systems, or web services) and describe a set of requirements that any access control system for IoT should fulfill. We demonstrate that the requirements are adaptable to a wide range of IoT use case scenarios by validating the requirements for access control elicited when analyzing the smart lock system as sample use case from smart home scenario. We also utilize the CAP theorem for reasoning about access control systems designed for the IoT. We introduce MQTT Security Assistant (MQTTSA), a tool that automatically detects misconfigurations in MQTT-based IoT deployments. To assist IoT system developers, MQTTSA produces a report outlining detected vulnerabilities, together with (high level) hints and code snippets to implement adequate mitigations. The effectiveness of the tool is assessed by a thorough experimental evaluation. Then, we propose a lazy approach to Access Control as a Service (ACaaS) that allows the specification and management of policies independently of the Cloud Service Providers (CSPs) while leveraging its enforcement mechanisms. We demonstrate the approach by investigating (also experimentally) alternative deployments in the IoT platform offered by Amazon Web Services on a realistic smart lock solution

Context-driven Policies Enforcement for Edge-based IoT Data Sharing-as-a-Service

Sharing real-time data originating from connected devices is crucial to real-world intelligent Internet of Things (IoT) applications, i.e., based on artificial intelligence/machine learning (AI/ML). Such IoT data sharing involves multiple parties for different purposes and is usually based on data contracts that might depend on the dynamic change of IoT data variety and velocity. It is still an open challenge to support multiple parties (aka tenants) with these dynamic contracts based on the data value for their specific contextual purposes.This work addresses these challenges by introducing a novel dynamic context-based policy enforcement framework to support IoT data sharing (on-Edge) based on dynamic contracts. Our enforcement framework allows IoT Data Hub owners to define extensible rules and metrics to govern the tenants in accessing the shared data on the Edge based on policies defined with static and dynamic contexts. We have developed a proof-of-concept prototype for sharing sensitive data such as surveillance camera videos to illustrate our proposed framework. The experimental results demonstrated that our framework could soundly and timely enforce context-based policies at runtime with moderate overhead. Moreover, the context and policy changes are correctly reflected in the system in nearly real-time.acceptedVersio

The Systemic Risk of Consolidation in the Cloud Computing Industry

Title from PDF of title page viewed January 13, 2022Dissertation advisor: James SturgeonVitaIncludes bibliographical references (page 180-194)Thesis (Ph.D.)--Department of Economics, Henry W. Bloch School of Management. University of Missouri--Kansas City, 2021The purpose of this study is to examine the effects of consolidation within the cloud computing industry related to the reliability and availability of computing resources. This dissertation begins by assessing the scale and scope of the cloud computing industry leader, Amazon Web Services. Included in this assessment are a collection of case studies that reveal some of the unique transactions between actors in this industry. The next section uses a bowtie analysis to frame for discussion the key risks related to cloud computing. This framework is used to analyze how the economic risks of compromise and unavailability have changed with a shift from on premise computing to cloud computing. A normative systems analysis examines the policy considerations for addressing the consolidation in the cloud computing industry, and the social fabric matrix is applied to discuss the unique deliveries among processing institutions and between processing institutions and authorizing institutions. On the basis of the normative systems analysis, several policy implications are examined, including the extent to which government spending reinforces consolidation of power and risk within the cloud computing industry.Introduction, Problem Statement and Background -- Literature Review -- Scale and Scope of AWS -- Analyzing the Risk if AWS Failure -- A Normative systems Analysis of AWS -- The Social Fabric Matrix -- Conclusion and Discussion -- Appendix A.State Apportionment Formulas -- Appendix B. The Senior Management Team over Amazon.com, Inc. -- Appendix C. The Senior Management Team over AW

SoK: A Systematic Review of TEE Usage for Developing Trusted Applications

Trusted Execution Environments (TEEs) are a feature of modern central processing units (CPUs) that aim to provide a high assurance, isolated environment in which to run workloads that demand both confidentiality and integrity. Hardware and software components in the CPU isolate workloads, commonly referred to as Trusted Applications (TAs), from the main operating system (OS). This article aims to analyse the TEE ecosystem, determine its usability, and suggest improvements where necessary to make adoption easier. To better understand TEE usage, we gathered academic and practical examples from a total of 223 references. We summarise the literature and provide a publication timeline, along with insights into the evolution of TEE research and deployment. We categorise TAs into major groups and analyse the tools available to developers. Lastly, we evaluate trusted container projects, test performance, and identify the requirements for migrating applications inside them.Comment: In The 18th International Conference on Availability, Reliability and Security (ARES 2023), August 29 -- September 01, 2023, Benevento, Italy. 15 page

The twofold role of Cloud Computing in Digital Forensics: target of investigations and helping hand to evidence analysis

This PhD thesis discusses the impact of Cloud Computing infrastructures on Digital Forensics in the twofold role of target of investigations and as a helping hand to investigators. The Cloud offers a cheap and almost limitless computing power and storage space for data which can be leveraged to commit either new or old crimes and host related traces. Conversely, the Cloud can help forensic examiners to find clues better and earlier than traditional analysis applications, thanks to its dramatically improved evidence processing capabilities. In both cases, a new arsenal of software tools needs to be made available. The development of this novel weaponry and its technical and legal implications from the point of view of repeatability of technical assessments is discussed throughout the following pages and constitutes the unprecedented contribution of this wor

Identity management in a public IaaS Cloud

In this thesis the unique environment that is the public IaaS cloud along with its differences from a traditional data center environment has been considered. The Cloud Security Alliance (CSA), states that “Managing identities and access control for enterprise applications remains one of the greatest challenges facing IT today”. The CSA also points out that “there is a lack of consistent secure methods for extending identity management into the cloud and across the cloud” [1]. This thesis examines this challenge of managing identities in the cloud by developing a list of best practices for implementing identity management in the cloud. These best practices were then tested by simulated misuse cases which were tested in a prototype of the implementation strategy. The results and analysis of the misuse cases show that the implementation of the identity management solution solves the problem of managing identities for the control of the infrastructure in the cloud. However, the analysis also shows that there are still areas where the properly implemented identity management solution fails to mitigate attacks to the infrastructure. These failures in particular are attacks that are sourced from the subscriber environments in the cloud. Finally, the best practices from this thesis also present some consistent methods for extending identity management into the cloud

Measuring Large-Scale Social Networks with High Resolution

This paper describes the deployment of a large-scale study designed to measure human interactions across a variety of communication channels, with high temporal resolution and spanning multiple years-the Copenhagen Networks Study. Specifically, we collect data on face-to-face interactions, telecommunication, social networks, location, and background information (personality, demographics, health, politics) for a densely connected population of 1 000 individuals, using state-of-the-art smartphones as social sensors. Here we provide an overview of the related work and describe the motivation and research agenda driving the study. Additionally, the paper details the data-types measured, and the technical infrastructure in terms of both backend and phone software, as well as an outline of the deployment procedures. We document the participant privacy procedures and their underlying principles. The paper is concluded with early results from data analysis, illustrating the importance of multi-channel high-resolution approach to data collection

DevOps for Trustworthy Smart IoT Systems

ENACT is a research project funded by the European Commission under its H2020 program. The project consortium consists of twelve industry and research member organisations spread across the whole EU. The overall goal of the ENACT project was to provide a novel set of solutions to enable DevOps in the realm of trustworthy Smart IoT Systems. Smart IoT Systems (SIS) are complex systems involving not only sensors but also actuators with control loops distributed all across the IoT, Edge and Cloud infrastructure. Since smart IoT systems typically operate in a changing and often unpredictable environment, the ability of these systems to continuously evolve and adapt to their new environment is decisive to ensure and increase their trustworthiness, quality and user experience. DevOps has established itself as a software development life-cycle model that encourages developers to continuously bring new features to the system under operation without sacrificing quality. This book reports on the ENACT work to empower the development and operation as well as the continuous and agile evolution of SIS, which is necessary to adapt the system to changes in its environment, such as newly appearing trustworthiness threats