27,071 research outputs found
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
Smart cards: State-of-the-art to future directions
The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present
Challenges of Multi-Factor Authentication for Securing Advanced IoT (A-IoT) Applications
The unprecedented proliferation of smart devices together with novel
communication, computing, and control technologies have paved the way for the
Advanced Internet of Things~(A-IoT). This development involves new categories
of capable devices, such as high-end wearables, smart vehicles, and consumer
drones aiming to enable efficient and collaborative utilization within the
Smart City paradigm. While massive deployments of these objects may enrich
people's lives, unauthorized access to the said equipment is potentially
dangerous. Hence, highly-secure human authentication mechanisms have to be
designed. At the same time, human beings desire comfortable interaction with
their owned devices on a daily basis, thus demanding the authentication
procedures to be seamless and user-friendly, mindful of the contemporary urban
dynamics. In response to these unique challenges, this work advocates for the
adoption of multi-factor authentication for A-IoT, such that multiple
heterogeneous methods - both well-established and emerging - are combined
intelligently to grant or deny access reliably. We thus discuss the pros and
cons of various solutions as well as introduce tools to combine the
authentication factors, with an emphasis on challenging Smart City
environments. We finally outline the open questions to shape future research
efforts in this emerging field.Comment: 7 pages, 4 figures, 2 tables. The work has been accepted for
publication in IEEE Network, 2019. Copyright may be transferred without
notice, after which this version may no longer be accessibl
Managing Access to Service Providers in Federated Identity Environments: A Case Study in a Cloud Storage Service
© 2015 IEEE. Currently the diversity of services, which are adhering to Identity Federation, has raised new challenges in the area. Increasingly, service providers need to control the access to their resources by users from the federation as, even though the user is authenticated by the federation, its access to resources cannot be taken for granted. Each Service Provider (SP) of a federation implements their own access control mechanism. Moreover, SPs might need to allow different access control granularity. For instance, all users from a particular Identity Provider (IdP) may access the resources due to some financial agreement. On the other hand, it might be the case that only specific users, or groups of users, have access to the resources. This paper proposes a solution to this problem through a hierarchical authorization system. Our approach, which can be customized to different SPs, allows the SP administrator to manage which IdPs, or users, have access to the provided resources. In order to demonstrate the feasibility of our approach, we present a case study in the context of a cloud storage solution
Permissão para partilha seletiva em ambientes IoT
The increasing use of smart devices for monitoring spaces has caused an increase
in concerns about the privacy of users of these spaces. Given this problem, the
legislation on the right to privacy has been worked to ensure that the existing
laws on this subject are sufficiently comprehensive to preserve the privacy of users.
In this way, research on this topic evolves in the sense of creating systems that
ensure compliance with these laws, that is, increase transparency in the treatment
of user data. In the context of this dissertation, a demonstrator-based strategy
is presented to provide users control over their stored data during the temporary
use of an intelligent environment. In addition, this strategy includes transparency
guarantees, highlights the right to forgetting, provides the ability to consent and
proof of that consent. A strategy for privacy control in such environments is also
mentioned in this paper. This dissertation was developed within the CASSIOPEIA
project where the case study focuses on the SmartBnB problem where a user rents
a smart home for a limited time. This paper presents the developed system that
ensures the user’s privacy and control over their data.O uso crescente de dispositivos inteligentes para monitorização de espaços tem
provocado um aumento das preocupações sobre a privacidade dos utilizadores destes
espaços. Face a este problema, a legislação sobre o direito à privacidade tem
sido trabalhada de forma a garantir que as leis existentes sobre este tema são
suficientemente abrangentes para preservar a privacidade dos utilizadores. Desta
forma, a investigação neste tópico evolui no sentido de criar sistemas que garantam
o cumprimento destas leis, ou seja aumentam a transparência no tratamentos dos
dados dos utilizadores. No contexto desta dissertação, é apresentada uma estratégia
baseado num demonstrador para fornecer um controlo ao utilizador sobre os
seus dados armazenados durante a utilização temporária de um ambiente inteligente.
Para além disso, esta estratégia inclui garantias de transparência, evidencia
o direito ao esquecimento, fornece a capacidade de consentimento e prova desse
consentimento. É também mencionada neste documento uma estratégia para um
controlo de privacidade neste tipo de ambientes. Esta dissertação foi desenvolvida
no âmbito do projeto CASSIOPEIA onde o caso de estudo se foca no SmartBnB
problem onde um utilizador arrenda uma casa inteligente durante um tempo limitado.
Este documento apresenta o sistema desenvolvido que garante a privacidade
e controlo do utilizador sobre os seus próprios dados.This work is partially funded by NGI Trust, with number 3.85, Pro-ject CASSIOPEIA.Mestrado em Engenharia de Computadores e Telemátic
- …