950 research outputs found
Access Management in Lightweight IoT: A Comprehensive review of ACE-OAuth framework
With the expansion of Internet of Things (IoT), the need for secure and scalable authentication and
authorization mechanism for resource-constrained devices is becoming increasingly important. This
thesis reviews the authentication and authorization mechanisms in resource-constrained Internet of
Things (IoT) environments. The thesis focuses on the ACE-OAuth framework, which is a lightweight
and scalable solution for access management in IoT. Traditional access management protocols are not
well-suited for the resource-constrained environment of IoT devices. This makes the lightweight
devices vulnerable to cyber-attacks and unauthorized access. This thesis explores the security
mechanisms and standards, the protocol flow and comparison of ACE-OAuth profiles. It underlines
their potential risks involved with the implementation. The thesis delves into the existing and
emerging trends technologies of resource-constrained IoT and identifies limitations and potential
threats in existing authentication and authorization methods.
Furthermore, comparative analysis of ACE profiles demonstrated that the DTLS profile enables
constrained servers to effectively handle client authentication and authorization. The OSCORE
provides enhanced security and non-repudiation due to the Proof-of-Possession (PoP) mechanism,
requiring client to prove the possession of cryptographic key to generate the access token.
The key findings in this thesis, including security implications, strengths, and weaknesses for ACE
OAuth profiles are covered in-depth. It shows that the ACE-OAuth framework’s strengths lie in its
customization capabilities and scalability. This thesis demonstrates the practical applications and
benefits of ACE-OAuth framework in diverse IoT deployments through implementation in smart
home and factory use cases. Through these discussions, the research advances the application of
authentication and authorization mechanisms and provides practical insights into overcoming the
challenges in constrained IoT settings
Towards Cyber Security for Low-Carbon Transportation: Overview, Challenges and Future Directions
In recent years, low-carbon transportation has become an indispensable part
as sustainable development strategies of various countries, and plays a very
important responsibility in promoting low-carbon cities. However, the security
of low-carbon transportation has been threatened from various ways. For
example, denial of service attacks pose a great threat to the electric vehicles
and vehicle-to-grid networks. To minimize these threats, several methods have
been proposed to defense against them. Yet, these methods are only for certain
types of scenarios or attacks. Therefore, this review addresses security aspect
from holistic view, provides the overview, challenges and future directions of
cyber security technologies in low-carbon transportation. Firstly, based on the
concept and importance of low-carbon transportation, this review positions the
low-carbon transportation services. Then, with the perspective of network
architecture and communication mode, this review classifies its typical attack
risks. The corresponding defense technologies and relevant security suggestions
are further reviewed from perspective of data security, network management
security and network application security. Finally, in view of the long term
development of low-carbon transportation, future research directions have been
concerned.Comment: 34 pages, 6 figures, accepted by journal Renewable and Sustainable
Energy Review
A Fast and Scalable Authentication Scheme in IoT for Smart Living
Numerous resource-limited smart objects (SOs) such as sensors and actuators
have been widely deployed in smart environments, opening new attack surfaces to
intruders. The severe security flaw discourages the adoption of the Internet of
things in smart living. In this paper, we leverage fog computing and
microservice to push certificate authority (CA) functions to the proximity of
data sources. Through which, we can minimize attack surfaces and authentication
latency, and result in a fast and scalable scheme in authenticating a large
volume of resource-limited devices. Then, we design lightweight protocols to
implement the scheme, where both a high level of security and low computation
workloads on SO (no bilinear pairing requirement on the client-side) is
accomplished. Evaluations demonstrate the efficiency and effectiveness of our
scheme in handling authentication and registration for a large number of nodes,
meanwhile protecting them against various threats to smart living. Finally, we
showcase the success of computing intelligence movement towards data sources in
handling complicated services.Comment: 15 pages, 7 figures, 3 tables, to appear in FGC
Efficient Queue And Gsi Security Management Framework For Mobile Desktop Grid
Kemajuan dan perkembangan yang amat besar dalam teknologi barangan
pegang-tangan telah membuatkan pihak pengkaji berfikir akan cara untuk menggunakan
kuasa alat-alat mobil dalam bidang arkitek yang begitu luas berhubungan dengan
Penggunaan Komputer Bergrid. Peralatan mobil mempunyai sumber komputer dan
kuasa operasi yang terhad, isu-isu lain yang terbatas dalam persumberan komputer
adalah seperti jaringan terselindung, ketidaksinambungan jaringan yang kerap berlaku,
penggunaan tenaga bateri, sekuriti dan kualiti servis dan lain-lain. Salah satu kajian
pendekatan untuk membangkitkan isu ini ialah bidang arkitek proksi grid yang mobil
dimana, alat-alat mobil berkomunikasi dengan alat servis proksi grid yang
menghantarkan permintaan ke grid komputer bagi pihak alat mobil itu, dengan itu ia
memperolehi kebanyakan daripada kegunaan grid komputer.
Tremendous advancement and growth in the hand-held technology make the
researchers think to utilize the power of mobile devices into the vast architecture of the
Grid Computing hence lead to the new paradigm of mobile grid computing. Mobile
devices are resource limited and have many issues such as computational resources
limitations, network latency, frequent network disconnection, battery power
consumption, security etc. To address these issues, researchers proposed mobile proxy
grid architecture in which mobile devices communicated with grid proxy server which
sends the request to the computational grid on behalf of the mobile device hence gets the
most of the functionality of the grid computing
Security architecture for Fog-To-Cloud continuum system
Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version
Secure Identification in Social Wireless Networks
The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices.
The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future
- …