An access control management protocol for Internet of things devices

Internet enabled computing devices are increasingly at risk of misuse by individuals or malware. Initially such misuse was targeted mainly at computers, however there is increasing targeting of tablet and smartphone devices. In this paper we examine an access control management protocol for Internet of things devices in order to attempt to provide some protection against misuse of such devices. Although anti-malware software is commonly used in computers, and is increasingly being used for tablets and smartphones, this may be a less practicable approach for Internet of things devices. The access control management protocol for Internet of things devices examined in this paper involves the use of physical proximity ‘registration’ for remote control of such devices, encryption of communications, verification of geo-location of the mobile device used to control the IoT device, safe operation controls, and exception reporting as a means of providing a tiered security approach for such devices

SUPPORTING L2 MULTICAST IN L2VNI-ONLY DEPLOYMENTS

Techniques are presented herein that support an optimized Layer 2 (L2) multicast capability in software-defined access (SDA) fabric environments by modifying Internet Group Management Protocol (IGMP) snooping, IGMP forwarding, and multicast forwarding behavior in such environments. Such modifications help to address multiple customer requirements where customers need multicast traffic to be forwarded at L2, especially for Internet of Things (IoT) devices. Aspects of the presented techniques encompass modifying multicast router (mrouter) learning, handling IGMP control traffic, and handling sources and receivers

Secure Lifecycle Management for Internet of Things Devices

In recent years, IoT devices have been adopted for various uses cases including for home applications such as smart lighting and heating and cooling systems. The IoT devices are simple and constrained devices. Usually, these simple devices are paired with and managed by controller devices such as smartphones over home wireless network. The pairing protocol along with the command and control protocols between the IoT device and the smartphone are usually proprietary. Therefore, users are required to install a dedicated application to access and control each brand and type of device. LwM2M has been designed as an open standard to increase interoperability between the simple devices from different ecosystems. It can be used to secure the connection between the simple device and the controller. The LwM2M protocol uses pre-shared keys, raw public keys, and X.509 certificates for authentication. However, these authentication methods have some deployment and scalability problems, and out-of-band authentication has been suggested as an alternative. This thesis project aims to adapt the LwM2M protocol for secure device pairing and lifecycle management for Internet of Things device in such a way that it can be used with out-of-band authentication. A proof-of-concept prototype has been implemented with Raspberry Pi 3 B+ as the simple device and an Android smartphone as the controller

Impact assessment of policy expressivenessof an optimised access control model forsmart sensors

In the incoming internet of things (IoT) applications, smart sensors expose services to interact with them, to be parameterised, managed and maintained. Therefore, fine-grained end-to-end access control enforcement is mandatory to tackle the derived security requirements. However, it is still not feasible in very constrained devices. There is an innovative access control model that conveys an expressive policy language and an optimised codification for tight and flexible access control enforcement in very constrained devices. Such tightness enabled by the expressiveness of the policy language leads to detailed policy instances that might impact on the performance and therefore, in the feasibility and further applicability. In this context, this study assesses how the policy length impacts the performance of the establishment of a security association through the protocol named Hidra proposed by such an adapted access control model. Consequently, the notable results of the performance evaluation prove the feasibility and adequacy of this access control model for the new smart IoT scenarios.Part of this work is funded by the Department of Economic Development and Competitiveness of the Basque Government through the SEKUrtasun TEKnologiak SEKUTEK KK-2017/00044 collaborative research project and by the Spanish Ministry of Economy, Industry and Competitiveness through the State Secretariat for Research, Development and Innovation under the 'Adaptive Management of 5G Services to Support Critical Events in Cities (5G-City)' project TEC2016-76795-C6-5-R

Domain-protocol mapping based middleware for distributed application development, A

2014 Spring.Includes bibliographical references.Distributed systems such as Internet of Things, Sensor Networks and Networked Control Systems are being used in various application domains, including industrial, environmental, medical and energy management domains. A distributed application in these domains may need to access data from different devices, where they may all be of the same type or a combination of different types. In addition, these devices may communicate through standardized protocols or proprietary interfaces. The development of such a distributed application may also require a team of developers with expertise in different disciplines. Therefore, the application development that involves heterogeneous devices and multidisciplinary teams can be made more effective by introducing an interface layer that shields developers from aspects of software and hardware heterogeneity. This work proposes a 'domain-protocol mapping' technique that is implemented as a middleware framework. The proposed mapping method maps the application data schema represented as object-oriented domain object to the appropriate communication protocol packet data and also updates the domain object from the response packet data. The middleware provides APIs for the domain experts to read the data from the device or to write the data to the device. The marshalling and unmarshalling process of the domain objects are hidden from the domain expert who may or may not be a software engineer. The use of the developed middleware is illustrated in two case-studies, one involving a simulation of distributed network controls for power system and the other involving integration of different types of power meters in power monitoring application

Recent advances in industrial wireless sensor networks towards efficient management in IoT

With the accelerated development of Internet-of- Things (IoT), wireless sensor networks (WSN) are gaining importance in the continued advancement of information and communication technologies, and have been connected and integrated with Internet in vast industrial applications. However, given the fact that most wireless sensor devices are resource constrained and operate on batteries, the communication overhead and power consumption are therefore important issues for wireless sensor networks design. In order to efficiently manage these wireless sensor devices in a unified manner, the industrial authorities should be able to provide a network infrastructure supporting various WSN applications and services that facilitate the management of sensor-equipped real-world entities. This paper presents an overview of industrial ecosystem, technical architecture, industrial device management standards and our latest research activity in developing a WSN management system. The key approach to enable efficient and reliable management of WSN within such an infrastructure is a cross layer design of lightweight and cloud-based RESTful web service

Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions

Traditional power grids are being transformed into Smart Grids (SGs) to address the issues in existing power system due to uni-directional information flow, energy wastage, growing energy demand, reliability and security. SGs offer bi-directional energy flow between service providers and consumers, involving power generation, transmission, distribution and utilization systems. SGs employ various devices for the monitoring, analysis and control of the grid, deployed at power plants, distribution centers and in consumers' premises in a very large number. Hence, an SG requires connectivity, automation and the tracking of such devices. This is achieved with the help of Internet of Things (IoT). IoT helps SG systems to support various network functions throughout the generation, transmission, distribution and consumption of energy by incorporating IoT devices (such as sensors, actuators and smart meters), as well as by providing the connectivity, automation and tracking for such devices. In this paper, we provide a comprehensive survey on IoT-aided SG systems, which includes the existing architectures, applications and prototypes of IoT-aided SG systems. This survey also highlights the open issues, challenges and future research directions for IoT-aided SG systems

Fine-grained management of CoAP interactions with constrained IoT devices

As open standards for the Internet of Things gain traction, the current Intranet of Things will evolve to a truly open Internet of Things, where constrained devices are first class citizens of the public Internet. However, the large amount of control over constrained networks offered by today's vertically integrated platforms, becomes even more important in an open IoT considering its promise of direct end-to-end interactions with constrained devices. In this paper a set of challenges is identified for controlling interactions with constrained networks that arise due to their constrained nature and their integration with the public Internet. Furthermore, a number of solutions are presented for overcoming these challenges by means of an intercepting intermediary at the edge of the constrained network