A survey of communication protocols for internet of things and related challenges of fog and cloud computing integration

The fast increment in the number of IoT (Internet of Things) devices is accelerating the research on new solutions to make cloud services scalable. In this context, the novel concept of fog computing as well as the combined fog-to-cloud computing paradigm is becoming essential to decentralize the cloud, while bringing the services closer to the end-system. This article surveys e application layer communication protocols to fulfill the IoT communication requirements, and their potential for implementation in fog- and cloud-based IoT systems. To this end, the article first briefly presents potential protocol candidates, including request-reply and publish-subscribe protocols. After that, the article surveys these protocols based on their main characteristics, as well as the main performance issues, including latency, energy consumption, and network throughput. These findings are thereafter used to place the protocols in each segment of the system (IoT, fog, cloud), and thus opens up the discussion on their choice, interoperability, and wider system integration. The survey is expected to be useful to system architects and protocol designers when choosing the communication protocols in an integrated IoT-to-fog-to-cloud system architecture.Peer ReviewedPostprint (author's final draft

Access Management in Lightweight IoT: A Comprehensive review of ACE-OAuth framework

With the expansion of Internet of Things (IoT), the need for secure and scalable authentication and authorization mechanism for resource-constrained devices is becoming increasingly important. This thesis reviews the authentication and authorization mechanisms in resource-constrained Internet of Things (IoT) environments. The thesis focuses on the ACE-OAuth framework, which is a lightweight and scalable solution for access management in IoT. Traditional access management protocols are not well-suited for the resource-constrained environment of IoT devices. This makes the lightweight devices vulnerable to cyber-attacks and unauthorized access. This thesis explores the security mechanisms and standards, the protocol flow and comparison of ACE-OAuth profiles. It underlines their potential risks involved with the implementation. The thesis delves into the existing and emerging trends technologies of resource-constrained IoT and identifies limitations and potential threats in existing authentication and authorization methods. Furthermore, comparative analysis of ACE profiles demonstrated that the DTLS profile enables constrained servers to effectively handle client authentication and authorization. The OSCORE provides enhanced security and non-repudiation due to the Proof-of-Possession (PoP) mechanism, requiring client to prove the possession of cryptographic key to generate the access token. The key findings in this thesis, including security implications, strengths, and weaknesses for ACE OAuth profiles are covered in-depth. It shows that the ACE-OAuth framework’s strengths lie in its customization capabilities and scalability. This thesis demonstrates the practical applications and benefits of ACE-OAuth framework in diverse IoT deployments through implementation in smart home and factory use cases. Through these discussions, the research advances the application of authentication and authorization mechanisms and provides practical insights into overcoming the challenges in constrained IoT settings

Desenvolvimento de uma aplicação IoT utilizando CoAP e DTLS para telemetria veicular

TCC (graduação) - Universidade Federal de Santa Catarina. Centro Tecnológico. Ciências da Computação.A utilização da tecnologia de IoT nos mais diversos ambientes tem crescido muito nos últimos anos. A grande quantidade de dispositivos em rede tem trazido problemas devido a escalabilidade de sistemas e tráfego de dados gerado. No entanto, outro problema que requer atenção é a implantação de mecanismos de segurança para garantir a privacidade dos usuários destes sistemas. Devido ao seus recursos restritivos, os dispositivos IoT necessitam de mecanismos especiais para a proteção dos dados. Este trabalho teve como objetivo realizar um estudo sobre os dois principais protocolos propostos para tratar o problema de comunicação em ambientes IoT, CoAP e MQTT. Para a validação do modelo, foi implementada uma aplicação IoT no contexto de telemetria veicular, fazendo uso do protocolo CoAP com DTLS para fazer a comunicação entre os dispositivos e garantir a segurança na troca de mensagens. Esta aplicação simulou a coleta de dados de sensores de um veículo, transmitindo estes dados para um outro dispositivo IoT para processamento via rede sem fio, compreendendo uma abordagem M2M. Os dados são coletados e processados em tempo real, então é importante que os protocolos trabalhem de maneira rápida e eficiente, para garantir maior precisão da análise. Por fim, experimentos foram realizados utilizando a aplicação desenvolvida, mensurando os tempos de processamento e o consumo de energia dos protocolos CoAP e DTLS. O presente trabalho apresentou resultados satisfatórios em relação à mensuração dos tempos de processamento e consumo energético, apresentando comparações quantitativas entre as principais cipher suites utilizadas no protocolo DTLS e o seu impacto na comunicação.The use of IoT technology in the most diverse environments has grown a lot in recent years. The large number of networked devices has brought problems due to the scalability of systems and the data traffic generated. However, another problem that requires attention is the implementation of security mechanisms to guarantee the privacy of the users of these systems. Due to their constrained characteristics, IoT devices require special mechanisms for data protection. This work aimed to carry out a study on the two main protocols proposed to address the communication problem in IoT environments, CoAP and MQTT. For the validation of the model, an IoT application was implemented in the context of vehicular telemetry, using the CoAP protocol with DTLS to communicate between devices and ensure security in the exchange of messages. This application simulated the collection of sensor data from a vehicle, transmitting this data to another IoT device for processing via wireless network, comprising an M2M approach. The data is collected and processed in real time, so it is important that the protocols work quickly and efficiently, to ensure greater accuracy of the analysis. Finally, experiments were performed using the developed application, measuring the processing times and energy consumption of the CoAP and DTLS protocols. The present work presented satisfactory results in relation to the measurement of processing times and energy consumption, presenting quantitative comparisons between the main cipher suites used in the DTLS protocol and their impact on communication

NDN, CoAP, and MQTT: A Comparative Measurement Study in the IoT

This paper takes a comprehensive view on the protocol stacks that are under debate for a future Internet of Things (IoT). It addresses the holistic question of which solution is beneficial for common IoT use cases. We deploy NDN and the two popular IP-based application protocols, CoAP and MQTT, in its different variants on a large-scale IoT testbed in single- and multi-hop scenarios. We analyze the use cases of scheduled periodic and unscheduled traffic under varying loads. Our findings indicate that (a) NDN admits the most resource-friendly deployment on nodes, and (b) shows superior robustness and resilience in multi-hop scenarios, while (c) the IP protocols operate at less overhead and higher speed in single-hop deployments. Most strikingly we find that NDN-based protocols are in significantly better flow balance than the UDP-based IP protocols and require less corrective actions

A software-defined network solution for managing fog computing resources in sensor networks

The fast growth of Internet-connected embedded devices raises new challenges for the traditional network design, such as scalability, diversity, and complexity. To endorse these challenges, this thesis suggests the aggregation of several emerging technologies: software-defined networking (SDN), fog computing, containerization and sensor virtualization. This thesis proposes, designs, implements and evaluates a new solution based on the emergent paradigm of SDN to efficiently manage virtualized resources located at the network edge in scenarios involving embedded sensor devices. The sensor virtualization through the containers provides agility, flexibility and abstraction for the data processing, being possible to summarize the huge amount of data produced by sensor devices. The proposed architecture uses a software-defined system, managed by a Ryu SDN controller, and a websocket broker written from scratch that analyses the messages sent to the controller and activates containers when required. Performance and functional tests were performed to assess the time required from activating the sensor containers to being able to communicate with them. The results were obtained by sending four ICMP packets. The best time response results were obtained by the proactive controller behavior mode, when compared to the hybrid and reactive modes. This thesis contributed to fill the gaps in the area of IoT or sensor networks, concerning the design and implementation of an architecture that performed on-demand activation of offline IoT fog computing resources by using an SDN controller and sensor virtualization through containers.O rápido crescimento de dispositivos embebidos conectados à Internet gera novos desafios para a arquitetura de rede tradicional, tais como escalabilidade, diversidade e complexidade. Para resolver estes desafios, esta tese sugere a agregação de diversas tecnologias emergentes: rede definida por software (SDN), contentores, computação na periferia e virtualização de sensores. Esta tese propõe, projeta, implementa e avalia uma nova solução baseada no paradigma emergente do SDN para gerir, de forma eficiente, recursos virtualizados que se localizam na periferia da rede, em cenários com sensores embebidos. A virtualização de sensores, através do uso de contentores, fornece agilidade, flexibilidade e abstração para processamento de dados, sendo possível a sumarização do grande volume de dados produzido pelos sensores. A arquitetura proposta usa um sistema definido por software, gerido por um controlador SDN Ryu, e um websocket broker escrito desde o zero, que analisa as mensagens enviadas ao controlador e ativa contentores quando necessário. Foram realizados testes funcionais e de desempenho de forma a ser possível avaliar o tempo necessário desde a ativação de um contentor de sensores até ser possível a comunicação com este. Os resultados foram obtidos através do envio de quatro pacotes ICMP. O melhor resultado foi obtido pelo modo de comportamento proativo do controlador, quando comparado aos modos híbrido e reativo. Esta tese contribuiu para preencher as lacunas na área de IoT ou redes de sensores, no que diz respeito ao desenho e implementação de uma arquitetura que executa a ativação sob pedido de recursos computacionais e periféricos de IoT quando estes se encontram desligados, através do uso de um controlador SDN e virtualização de sensores através de contentores

TLS/PKI Challenges and certificate pinning techniques for IoT and M2M secure communications

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed

A Practical Evaluation of a High-Security Energy-Efficient Gateway for IoT Fog Computing Applications

[Abstract] Fog computing extends cloud computing to the edge of a network enabling new Internet of Things (IoT) applications and services, which may involve critical data that require privacy and security. In an IoT fog computing system, three elements can be distinguished: IoT nodes that collect data, the cloud, and interconnected IoT gateways that exchange messages with the IoT nodes and with the cloud. This article focuses on securing IoT gateways, which are assumed to be constrained in terms of computational resources, but that are able to offload some processing from the cloud and to reduce the latency in the responses to the IoT nodes. However, it is usually taken for granted that IoT gateways have direct access to the electrical grid, which is not always the case: in mission-critical applications like natural disaster relief or environmental monitoring, it is common to deploy IoT nodes and gateways in large areas where electricity comes from solar or wind energy that charge the batteries that power every device. In this article, how to secure IoT gateway communications while minimizing power consumption is analyzed. The throughput and power consumption of Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC) are considered, since they are really popular, but have not been thoroughly analyzed when applied to IoT scenarios. Moreover, the most widespread Transport Layer Security (TLS) cipher suites use RSA as the main public key-exchange algorithm, but the key sizes needed are not practical for most IoT devices and cannot be scaled to high security levels. In contrast, ECC represents a much lighter and scalable alternative. Thus, RSA and ECC are compared for equivalent security levels, and power consumption and data throughput are measured using a testbed of IoT gateways. The measurements obtained indicate that, in the specific fog computing scenario proposed, ECC is clearly a much better alternative than RSA, obtaining energy consumption reductions of up to 50% and a data throughput that doubles RSA in most scenarios. These conclusions are then corroborated by a frame temporal analysis of Ethernet packets. In addition, current data compression algorithms are evaluated, concluding that, when dealing with the small payloads related to IoT applications, they do not pay off in terms of real data throughput and power consumption.Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431C 2016-045Agencia Estatal de Investigación (España); TEC2013-47141-C4-1-RAgencia Estatal de Investigación (España); TEC2015-69648-REDCAgencia Estatal de Investigación (España); TEC2016-75067-C4-1-RGalicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED341D2016/012Galicia. Consellería de Cultura, Educación e Ordenación Universitaria; ED431G/0

IoT Networks: Using Machine Learning Algorithm for Service Denial Detection in Constrained Application Protocol

The paper discusses the potential threat of Denial of Service (DoS) attacks in the Internet of Things (IoT) networks on constrained application protocols (CoAP). As billions of IoT devices are expected to be connected to the internet in the coming years, the security of these devices is vulnerable to attacks, disrupting their functioning. This research aims to tackle this issue by applying mixed methods of qualitative and quantitative for feature selection, extraction, and cluster algorithms to detect DoS attacks in the Constrained Application Protocol (CoAP) using the Machine Learning Algorithm (MLA). The main objective of the research is to enhance the security scheme for CoAP in the IoT environment by analyzing the nature of DoS attacks and identifying a new set of features for detecting them in the IoT network environment. The aim is to demonstrate the effectiveness of the MLA in detecting DoS attacks and compare it with conventional intrusion detection systems for securing the CoAP in the IoT environment. Findings The research identifies the appropriate node to detect DoS attacks in the IoT network environment and demonstrates how to detect the attacks through the MLA. The accuracy detection in both classification and network simulation environments shows that the k-means algorithm scored the highest percentage in the training and testing of the evaluation. The network simulation platform also achieved the highest percentage of 99.93% in overall accuracy. This work reviews conventional intrusion detection systems for securing the CoAP in the IoT environment. The DoS security issues associated with the CoAP are discussed

IoTA: Internet of Things Assistant

The Internet of Things is the networking of electronic devices, or “Things”, that enables them to collect and share data, as well as interact with their physical surround- ings. Analyzing this collected data allows us to make smarter economic decisions. These interconnected networks are usually driven by low-powered micro-controllers or cheap CPUs that are designed to function optimally with very little hardware. As scale and computational requirements increase, these micro-controllers are unable to grow without being physically replaced. This thesis proposes a system, IoTA, that assists the Internet of Things by pro- viding a shared computational resource for endpoint devices. This solution extends the functionality of endpoint devices without the need of physical replacement. The IoTA system is designed to be easily integrable to any existing IoT network. This system presents a model that allows for seamless processing of jobs submitted by endpoint devices while keeping scalability and flexibility in mind. Additionally, IoTA is built on top of existing IoT protocols. Evaluation shows there is a significant performance benefit in processing computationally heavy algorithms on the IoTA system as compared to processing them locally on the endpoint devices themselves