233 research outputs found
Is DNS Ready for Ubiquitous Internet of Things?
The vision of the Internet of Things (IoT) covers not only the well-regulated processes of specific applications in different areas but also includes ubiquitous connectivity of more generic objects (or things and devices) in the physical world and the related information in the virtual world. For example, a typical IoT application, such as a smart city, includes smarter urban transport networks, upgraded water supply, and waste-disposal facilities, along with more efficient ways to light and heat buildings. For smart city applications and others, we require unique naming of every object and a secure, scalable, and efficient name resolution which can provide access to any object\u27s inherent attributes with its name. Based on different motivations, many naming principles and name resolution schemes have been proposed. Some of them are based on the well-known domain name system (DNS), which is the most important infrastructure in the current Internet, while others are based on novel designing principles to evolve the Internet. Although the DNS is evolving in its functionality and performance, it was not originally designed for the IoT applications. Then, a fundamental question that arises is: can current DNS adequately provide the name service support for IoT in the future? To address this question, we analyze the strengths and challenges of DNS when it is used to support ubiquitous IoT. First, we analyze the requirements of the IoT name service by using five characteristics, namely security, mobility, infrastructure independence, localization, and efficiency, which we collectively refer to as SMILE. Then, we discuss the pros and cons of the DNS in satisfying SMILE in the context of the future evolution of the IoT environment
A Mobile Secure Bluetooth-Enabled Cryptographic Provider
The use of digital X509v3 public key certificates, together with different standards
for secure digital signatures are commonly adopted to establish authentication proofs
between principals, applications and services. One of the robustness characteristics commonly
associated with such mechanisms is the need of hardware-sealed cryptographic
devices, such as Hardware-Security Modules (or HSMs), smart cards or hardware-enabled
tokens or dongles. These devices support internal functions for management and storage
of cryptographic keys, allowing the isolated execution of cryptographic operations, with
the keys or related sensitive parameters never exposed.
The portable devices most widely used are USB-tokens (or security dongles) and internal
ships of smart cards (as it is also the case of citizen cards, banking cards or ticketing
cards). More recently, a new generation of Bluetooth-enabled smart USB dongles appeared,
also suitable to protect cryptographic operations and digital signatures for secure
identity and payment applications. The common characteristic of such devices is to offer
the required support to be used as secure cryptographic providers. Among the advantages
of those portable cryptographic devices is also their portability and ubiquitous use, but,
in consequence, they are also frequently forgotten or even lost. USB-enabled devices imply
the need of readers, not always and not commonly available for generic smartphones
or users working with computing devices. Also, wireless-devices can be specialized or
require a development effort to be used as standard cryptographic providers.
An alternative to mitigate such problems is the possible adoption of conventional
Bluetooth-enabled smartphones, as ubiquitous cryptographic providers to be used, remotely,
by client-side applications running in users’ devices, such as desktop or laptop
computers. However, the use of smartphones for safe storage and management of private
keys and sensitive parameters requires a careful analysis on the adversary model assumptions.
The design options to implement a practical and secure smartphone-enabled
cryptographic solution as a product, also requires the approach and the better use of
the more interesting facilities provided by frameworks, programming environments and
mobile operating systems services.
In this dissertation we addressed the design, development and experimental evaluation
of a secure mobile cryptographic provider, designed as a mobile service provided in a smartphone. The proposed solution is designed for Android-Based smartphones and
supports on-demand Bluetooth-enabled cryptographic operations, including standard
digital signatures. The addressed mobile cryptographic provider can be used by applications
running on Windows-enabled computing devices, requesting digital signatures.
The solution relies on the secure storage of private keys related to X509v3 public certificates
and Android-based secure elements (SEs). With the materialized solution, an
application running in a Windows computing device can request standard digital signatures
of documents, transparently executed remotely by the smartphone regarded as a
standard cryptographic provider
A Privacy-Preserving, Accountable and Spam-Resilient Geo-Marketplace
Mobile devices with rich features can record videos, traffic parameters or
air quality readings along user trajectories. Although such data may be
valuable, users are seldom rewarded for collecting them. Emerging digital
marketplaces allow owners to advertise their data to interested buyers. We
focus on geo-marketplaces, where buyers search data based on geo-tags. Such
marketplaces present significant challenges. First, if owners upload data with
revealed geo-tags, they expose themselves to serious privacy risks. Second,
owners must be accountable for advertised data, and must not be allowed to
subsequently alter geo-tags. Third, such a system may be vulnerable to
intensive spam activities, where dishonest owners flood the system with fake
advertisements. We propose a geo-marketplace that addresses all these concerns.
We employ searchable encryption, digital commitments, and blockchain to protect
the location privacy of owners while at the same time incorporating
accountability and spam-resilience mechanisms. We implement a prototype with
two alternative designs that obtain distinct trade-offs between trust
assumptions and performance. Our experiments on real location data show that
one can achieve the above design goals with practical performance and
reasonable financial overhead.Comment: SIGSPATIAL'19, 10 page
Liquid stream processing on the web: a JavaScript framework
The Web is rapidly becoming a mature platform to host distributed applications. Pervasive computing application running on the Web are now common in the era of the Web of Things, which has made it increasingly simple to integrate sensors and microcontrollers in our everyday life. Such devices are of great in- terest to Makers with basic Web development skills. With them, Makers are able to build small smart stream processing applications with sensors and actuators without spending a fortune and without knowing much about the technologies they use. Thanks to ongoing Web technology trends enabling real-time peer-to- peer communication between Web-enabled devices, Web browsers and server- side JavaScript runtimes, developers are able to implement pervasive Web ap- plications using a single programming language. These can take advantage of direct and continuous communication channels going beyond what was possible in the early stages of the Web to push data in real-time. Despite these recent advances, building stream processing applications on the Web of Things remains a challenging task. On the one hand, Web-enabled devices of different nature still have to communicate with different protocols. On the other hand, dealing with a dynamic, heterogeneous, and volatile environment like the Web requires developers to face issues like disconnections, unpredictable workload fluctuations, and device overload. To help developers deal with such issues, in this dissertation we present the Web Liquid Streams (WLS) framework, a novel streaming framework for JavaScript. Developers implement streaming operators written in JavaScript and may interactively and dynamically define a streaming topology. The framework takes care of deploying the user-defined operators on the available devices and connecting them using the appropriate data channel, removing the burden of dealing with different deployment environments from the developers. Changes in the semantic of the application and in its execution environment may be ap- plied at runtime without stopping the stream flow. Like a liquid adapts its shape to the one of its container, the Web Liquid Streams framework makes streaming topologies flow across multiple heterogeneous devices, enabling dynamic operator migration without disrupting the data flow. By constantly monitoring the execution of the topology with a hierarchical controller infrastructure, WLS takes care of parallelising the operator execution across multiple devices in case of bottlenecks and of recovering the execution of the streaming topology in case one or more devices disconnect, by restarting lost operators on other available devices
Internet of Things for enabling smart environments: a technology-centric perspective
The Internet of Things (IoT) is a computing paradigm whereby everyday life objects are augmented with computational and wireless communication capabilities, typically through the incorporation of resource-constrained devices including
sensors and actuators, which enable their connection to the Internet. The IoT is seen as the key ingredient for the development
of smart environments. Nevertheless, the current IoT ecosystem offers many alternative communication solutions with diverse
performance characteristics. This situation presents a major challenge to identifying the most suitable IoT communication solution(s) for a particular smart environment. In this paper we consider the distinct requirements of key smart environments,
namely the smart home, smart health, smart cities and smart factories, and relate them to current IoT communication solutions.
Specifically, we describe the core characteristics of these smart environments and then proceed to provide a comprehensive
survey of relevant IoT communication technologies and architectures. We conclude with our reflections on the crucial features
of IoT solutions in this setting and a discussion of challenges that remain open for research
Blockchain-Enabled DPKI Framework
Public Key Infrastructures (PKIs), which rely on digital signature technology and establishment
of trust and security association parameters between entities, allow entities
to interoperate with authentication proofs, using standardized digital certificates (with
X.509v3 as the current reference). Despite PKI technology being used by many applications
for their security foundations (e.g. WEB/HTTPS/TLS, Cloud-Enabled Services,
LANs/WLANs Security, VPNs, IP-Security), there are several concerns regarding their
inherent design assumptions based on a centralized trust model.
To avoid some problems and drawbacks that emerged from the centralization assumptions,
a Decentralized Public Key Infrastructure (DPKI), is an alternative approach. The
main idea for DPKIs is the ability to establish trust relations between all parties, in a
web-of-trust model, avoiding centralized authorities and related root-of-trust certificates.
As a possible solution for DPKI frameworks, the Blockchain technology, as an enabler
solution, can help overcome some of the identified PKI problems and security drawbacks.
Blockchain-enabled DPKIs can be designed to address a fully decentralized ledger for
managed certificates, providing data-replication with strong consistency guarantees, and
fairly distributed trust management properties founded on a P2P trust model. In this
approach, typical PKI functions are supported cooperatively, with validity agreement
based on consistency criteria, for issuing, verification and revocation of X509v3 certificates.
It is also possible to address mechanisms to provide rapid reaction of principals in
the verification of traceable, shared and immutable history logs of state-changes related
to the life-cycle of certificates, with certificate validation rules established consistently by
programmable Smart Contracts executed by peers.
In this dissertation we designed, implemented and evaluated a Blockchain-Enabled
Decentralized Public Key Infrastructure (DPKI) framework, providing an implementation
prototype solution that can be used and to support experimental research. The
proposal is based on a framework instantiating a permissioned collaborative consortium
model, using the service planes supported in an extended Blockchain platform leveraged
by the Hyperledger Fabric (HLF) solution. In our proposed DPKI framework model,
X509v3 certificates are issued and managed following security invariants, processing
rules, managing trust assumptions and establishing consistency metrics, defined and executed in a decentralized way by the Blockchain nodes, using Smart Contracts. Certificates
are issued cooperatively and can be issued with group-oriented threshold-based
Byzantine fault-tolerant (BFT) signatures, as group-oriented authentication proofs. The
Smart Contracts dictate how Blockchain peers participate consistently in issuing, signing,
attestation, validation and revocation processes. Any peer can validate certificates
obtaining their consistent states consolidated in closed blocks in a Meckle tree structure
maintained in the Blockchain. State-transition operations are managed with serializability
guarantees, provided by Byzantine Fault Tolerant (BFT) consensus primitives
Identity Management in M2M Networks
Evolving communication technologies stimulate a rapid growth in utilisation of communication-capable devices and therefore amount of transmitted data. This imposes new requirements for automatic device and data management necessary for successful exploitation of new opportunities. Unfortunately, currently developed systems, including Internet of Things and Machine-to-Machine communications, mainly focus on industrial applications that involve fixed users, proprietary environments as well as ad-hoc devices and things, whereas regular users along with possibilities and challenges created by growing sets of personal user equipment remain ignored.
This thesis addresses the defined problem by analysing currently developed and utilised communication technologies and identity management systems as well as proposing an advanced identity management system that considers user-related needs and enables user-aware automatic device-to-device communications. Our system is unique compared to other automatic communication systems in that it enables global communication of devices owned or used by different parties and supports dynamic connection and relationship establishment based on data administered in a sophisticated identity management infrastructure. Unlike existing identity management mechanisms, our system extends the notion of an identified and authenticated entity to a combination of both user and device. Furthermore, the system introduces an original Single Device Sign-On feature that simplifies user login procedure when accessing a service with multiple devices. As a consequence, this thesis suggests a new direction for evolution of communication technologies as well as user-targeted Internet-based services and applications
- …