15,148 research outputs found
Security for the Industrial IoT: The Case for Information-Centric Networking
Industrial production plants traditionally include sensors for monitoring or
documenting processes, and actuators for enabling corrective actions in cases
of misconfigurations, failures, or dangerous events. With the advent of the
IoT, embedded controllers link these `things' to local networks that often are
of low power wireless kind, and are interconnected via gateways to some cloud
from the global Internet. Inter-networked sensors and actuators in the
industrial IoT form a critical subsystem while frequently operating under harsh
conditions. It is currently under debate how to approach inter-networking of
critical industrial components in a safe and secure manner.
In this paper, we analyze the potentials of ICN for providing a secure and
robust networking solution for constrained controllers in industrial safety
systems. We showcase hazardous gas sensing in widespread industrial
environments, such as refineries, and compare with IP-based approaches such as
CoAP and MQTT. Our findings indicate that the content-centric security model,
as well as enhanced DoS resistance are important arguments for deploying
Information Centric Networking in a safety-critical industrial IoT. Evaluation
of the crypto efforts on the RIOT operating system for content security reveal
its feasibility for common deployment scenarios.Comment: To be published at IEEE WF-IoT 201
Confidentiality-Preserving Publish/Subscribe: A Survey
Publish/subscribe (pub/sub) is an attractive communication paradigm for
large-scale distributed applications running across multiple administrative
domains. Pub/sub allows event-based information dissemination based on
constraints on the nature of the data rather than on pre-established
communication channels. It is a natural fit for deployment in untrusted
environments such as public clouds linking applications across multiple sites.
However, pub/sub in untrusted environments lead to major confidentiality
concerns stemming from the content-centric nature of the communications. This
survey classifies and analyzes different approaches to confidentiality
preservation for pub/sub, from applications of trust and access control models
to novel encryption techniques. It provides an overview of the current
challenges posed by confidentiality concerns and points to future research
directions in this promising field
A Holistic Approach for Trustworthy Distributed Systems with WebAssembly and TEEs
Publish/subscribe systems play a key role in enabling communication between
numerous devices in distributed and large-scale architectures. While widely
adopted, securing such systems often trades portability for additional
integrity and attestation guarantees. Trusted Execution Environments (TEEs)
offer a potential solution with enclaves to enhance security and trust.
However, application development for TEEs is complex, and many existing
solutions are tied to specific TEE architectures, limiting adaptability.
Current communication protocols also inadequately manage attestation proofs or
expose essential attestation information. This paper introduces a novel
approach using WebAssembly to address these issues, a key enabling technology
nowadays capturing academia and industry attention. We present the design of a
portable and fully attested publish/subscribe middleware system as a holistic
approach for trustworthy and distributed communication between various systems.
Based on this proposal, we have implemented and evaluated in-depth a
fully-fledged publish/subscribe broker running within Intel SGX, compiled in
WebAssembly, and built on top of industry-battled frameworks and standards,
i.e., MQTT and TLS protocols. Our extended TLS protocol preserves the privacy
of attestation information, among other benefits. Our experimental results
showcase most overheads, revealing a 1.55x decrease in message throughput when
using a trusted broker. We open-source the contributions of this work to the
research community to facilitate experimental reproducibility.Comment: This publication incorporates results from the VEDLIoT project, which
received funding from the European Union's Horizon 2020 research and
innovation programme under grant agreement No 95719
Security in Internet of Things: networked smart objects.
Internet of Things (IoT) is an innovative paradigm approaching both industries and humans every-day life. It refers to the networked interconnection of every-day objects, which are equipped with ubiquitous intelligence. It not only aims at increasing the ubiquity of the Internet, but also at leading towards a highly distributed network of devices communicating with human beings as well as with other devices. Thanks to rapid advances in underlying technologies, IoT is opening valuable opportunities for a large number of novel applications, that promise to improve the quality of humans lives, facilitating the exchange of services.
In this scenario, security represents a crucial aspect to be addressed, due to the high level of heterogeneity of the involved devices and to the sensibility of the managed information. Moreover, a system architecture should be established, before the IoT is fully operable in an efficient, scalable and interoperable manner.
The main goal of this PhD thesis concerns the design and the implementation of a secure and distributed middleware platform tailored to IoT application domains. The effectiveness of the proposed solution is evaluated by means of a prototype and real case studies
The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
In recent years, the current Internet has experienced an unexpected paradigm
shift in the usage model, which has pushed researchers towards the design of
the Information-Centric Networking (ICN) paradigm as a possible replacement of
the existing architecture. Even though both Academia and Industry have
investigated the feasibility and effectiveness of ICN, achieving the complete
replacement of the Internet Protocol (IP) is a challenging task.
Some research groups have already addressed the coexistence by designing
their own architectures, but none of those is the final solution to move
towards the future Internet considering the unaltered state of the networking.
To design such architecture, the research community needs now a comprehensive
overview of the existing solutions that have so far addressed the coexistence.
The purpose of this paper is to reach this goal by providing the first
comprehensive survey and classification of the coexistence architectures
according to their features (i.e., deployment approach, deployment scenarios,
addressed coexistence requirements and architecture or technology used) and
evaluation parameters (i.e., challenges emerging during the deployment and the
runtime behaviour of an architecture). We believe that this paper will finally
fill the gap required for moving towards the design of the final coexistence
architecture.Comment: 23 pages, 16 figures, 3 table
Secure Publisher Subscriber System Using IBE
In Today's life providing Security such as Authentication and Confidentiality are most demanding security issues. Improvement of basic security mechanisms like authentication, reliability and confidentiality is extremely difficult during a content based publish/subscribe system. This Paper presents a new way to provide confidentiality and authentications in a broker-less content-based publish subscribe system. The authentication of users is done using pairing based cryptography. Confidentiality of message is also ensured, by adapting the pairing-based cryptography mechanisms. In Identity Based Encryption, any unique and valid string which is distinctively identifies a user can be public key of the user. A key server maintains public and private master keys. Public key of each user is known to all users of system. The master public key can be used by the publisher to encrypt and send messages to a subscriber with any identity, for example an email address. To decrypt the message subscriber request a private key from server. Using master private key subscriber decrypt message successfully. On the whole approach provides fine-grained key management. Published events are routed to their subsequent subscribers. The assessment of this System provides security respect to authentication and confidentiality of event distribution.
DOI: 10.17762/ijritcc2321-8169.15074
- …