Access Management in Lightweight IoT: A Comprehensive review of ACE-OAuth framework

With the expansion of Internet of Things (IoT), the need for secure and scalable authentication and authorization mechanism for resource-constrained devices is becoming increasingly important. This thesis reviews the authentication and authorization mechanisms in resource-constrained Internet of Things (IoT) environments. The thesis focuses on the ACE-OAuth framework, which is a lightweight and scalable solution for access management in IoT. Traditional access management protocols are not well-suited for the resource-constrained environment of IoT devices. This makes the lightweight devices vulnerable to cyber-attacks and unauthorized access. This thesis explores the security mechanisms and standards, the protocol flow and comparison of ACE-OAuth profiles. It underlines their potential risks involved with the implementation. The thesis delves into the existing and emerging trends technologies of resource-constrained IoT and identifies limitations and potential threats in existing authentication and authorization methods. Furthermore, comparative analysis of ACE profiles demonstrated that the DTLS profile enables constrained servers to effectively handle client authentication and authorization. The OSCORE provides enhanced security and non-repudiation due to the Proof-of-Possession (PoP) mechanism, requiring client to prove the possession of cryptographic key to generate the access token. The key findings in this thesis, including security implications, strengths, and weaknesses for ACE OAuth profiles are covered in-depth. It shows that the ACE-OAuth framework’s strengths lie in its customization capabilities and scalability. This thesis demonstrates the practical applications and benefits of ACE-OAuth framework in diverse IoT deployments through implementation in smart home and factory use cases. Through these discussions, the research advances the application of authentication and authorization mechanisms and provides practical insights into overcoming the challenges in constrained IoT settings

A survey of recommender systems for energy efficiency in buildings: Principles, challenges and prospects

Recommender systems have significantly developed in recent years in parallel with the witnessed advancements in both internet of things (IoT) and artificial intelligence (AI) technologies. Accordingly, as a consequence of IoT and AI, multiple forms of data are incorporated in these systems, e.g. social, implicit, local and personal information, which can help in improving recommender systems' performance and widen their applicability to traverse different disciplines. On the other side, energy efficiency in the building sector is becoming a hot research topic, in which recommender systems play a major role by promoting energy saving behavior and reducing carbon emissions. However, the deployment of the recommendation frameworks in buildings still needs more investigations to identify the current challenges and issues, where their solutions are the keys to enable the pervasiveness of research findings, and therefore, ensure a large-scale adoption of this technology. Accordingly, this paper presents, to the best of the authors' knowledge, the first timely and comprehensive reference for energy-efficiency recommendation systems through (i) surveying existing recommender systems for energy saving in buildings; (ii) discussing their evolution; (iii) providing an original taxonomy of these systems based on specified criteria, including the nature of the recommender engine, its objective, computing platforms, evaluation metrics and incentive measures; and (iv) conducting an in-depth, critical analysis to identify their limitations and unsolved issues. The derived challenges and areas of future implementation could effectively guide the energy research community to improve the energy-efficiency in buildings and reduce the cost of developed recommender systems-based solutions.Comment: 35 pages, 11 figures, 1 tabl

Benchmarking Applicability of Cryptographic Wireless Communication over Arduino Platforms

The spaces around us are becoming equipped with devices and appliances that collect data from their surroundings and react accordingly to provide smarter networks where they are interconnected and able to communicate with one another. These smart networks of devices and appliances along with the applications that utilize them build smart spaces known as Internet of Things (IoT). With the on growing popularity of such smart devices (e.g., smart cars, watches, home-security systems) and IoT, the need for securing these environments increases. The smart devices around us can collect private and personal information, and the challenge lies in maintaining the confidentiality of the collected data and preventing unsecured actions—from tapping into surveillance cameras to tracking someone’s daily schedule. For example, digital health, devices that record personal data from blood pressure, heart rate, weight and daily activities sensors are storing the personal data of users for processing and monitoring and may give future recommendations. If such personal information reaches unwanted third parties who distribute or use the data without user consent or knowledge, they are attacking the user’s confidentiality. Therefore, selecting the appropriate security protocols and procedures is critical. The limited processing, storage and power capabilities. In this thesis, the focus is to provide an experimental benchmark study that shows the cost (e.g., processing time of encryption and decryption algorithms) of applying different security protocols on restricted devices equipped with lightweight Bluetooth or Wi-Fi communication modules over the Arduino Uno sensor platform

FLBP: A Federated Learning-enabled and Blockchain-supported Privacy-Preserving of Electronic Patient Records for the Internet of Medical Things

The evolution of the computing paradigms and the Internet of Medical Things (IoMT) have transfigured the healthcare sector with an alarming rise of privacy issues in healthcare records. The rapid growth of medical data leads to privacy and security concerns to protect the confidentiality and integrity of the data in the feature-loaded infrastructure and applications. Moreover, the sharing of medical records of a patient among hospitals rises security and interoperability issues. This article, therefore, proposes a Federated Learning-and-Blockchain-enabled framework to protect electronic medical records from unauthorized access using a deep learning technique called Artificial Neural Network (ANN) for a collaborative IoMT-Fog-Cloud environment. ANN is used to identify insiders and intruders. An Elliptical Curve Digital Signature (ECDS) algorithm is adopted to devise a secured Blockchain-based validation method. To process the anti-malicious propagation method, a Blockchain-based Health Record Sharing (BHRS) is implemented. In addition, an FL approach is integrated into Blockchain for scalable applications to form a global model without the need of sharing and storing the raw data in the Cloud. The proposed model is evident from the simulations that it improves the operational cost and communication (latency) overhead with a percentage of 85.2% and 62.76%, respectively. The results showcase the utility and efficacy of the proposed model

Revisiting the Feasibility of Public Key Cryptography in Light of IIoT Communications

Digital certificates are regarded as the most secure and scalable way of implementing authentication services in the Internet today. They are used by most popular security protocols, including Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). The lifecycle management of digital certificates relies on centralized Certification Authority (CA)-based Public Key Infrastructures (PKIs). However, the implementation of PKIs and certificate lifecycle management procedures in Industrial Internet of Things (IIoT) environments presents some challenges, mainly due to the high resource consumption that they imply and the lack of trust in the centralized CAs. This paper identifies and describes the main challenges to implement certificate-based public key cryptography in IIoT environments and it surveys the alternative approaches proposed so far in the literature to address these challenges. Most proposals rely on the introduction of a Trusted Third Party to aid the IIoT devices in tasks that exceed their capacity. The proposed alternatives are complementary and their application depends on the specific challenge to solve, the application scenario, and the capacities of the involved IIoT devices. This paper revisits all these alternatives in light of industrial communication models, identifying their strengths and weaknesses, and providing an in-depth comparative analysis.This work was financially supported by the European commission through ECSEL-JU 2018 program under the COMP4DRONES project (grant agreement N∘ 826610), with national financing from France, Spain, Italy, Netherlands, Austria, Czech, Belgium and Latvia. It was also partially supported by the Ayudas Cervera para Centros Tecnológicos grant of the Spanish Centre for the Development of Industrial Technology (CDTI) under the project EGIDA (CER-20191012), and in part by the Department of Economic Development and Competitiveness of the Basque Government through the project TRUSTIND—Creating Trust in the Industrial Digital Transformation (KK-2020/00054)

A Taxonomy and Review of Lightweight Blockchain Solutions for Internet of Things Networks

Internet of things networks have spread to most digital applications in the past years. Examples of these networks include smart home networks, wireless sensor networks, Internet of Flying Things, and many others. One of the main difficulties that confront these networks is the security of their information and communications. A large number of solutions have been proposed to safeguard these networks from various types of cyberattacks. Among these solutions is the blockchain, which gained popularity in the last few years due to its strong security characteristics, such as immutability, cryptography, and distributed consensus. However, implementing the blockchain framework within the devices of these networks is very challenging, due to the limited resources of these devices and the resource-demanding requirements of the blockchain. For this reason, a large number of researchers proposed various types of lightweight blockchain solutions for resource-constrained networks. The "lightweight" aspect can be related to the blockchain architecture, device authentication, cryptography model, consensus algorithm, or storage method. In this paper, we present a taxonomy of the lightweight blockchain solutions that have been proposed in the literature and discuss the different methods that have been applied so far in each "lightweight" category. Our review highlights the missing points in existing systems and paves the way to building a complete lightweight blockchain solution for resource-constrained networks.Comment: 64 pages, 11 figures

New Waves of IoT Technologies Research – Transcending Intelligence and Senses at the Edge to Create Multi Experience Environments

The next wave of Internet of Things (IoT) and Industrial Internet of Things (IIoT) brings new technological developments that incorporate radical advances in Artificial Intelligence (AI), edge computing processing, new sensing capabilities, more security protection and autonomous functions accelerating progress towards the ability for IoT systems to self-develop, self-maintain and self-optimise. The emergence of hyper autonomous IoT applications with enhanced sensing, distributed intelligence, edge processing and connectivity, combined with human augmentation, has the potential to power the transformation and optimisation of industrial sectors and to change the innovation landscape. This chapter is reviewing the most recent advances in the next wave of the IoT by looking not only at the technology enabling the IoT but also at the platforms and smart data aspects that will bring intelligence, sustainability, dependability, autonomy, and will support human-centric solutions.acceptedVersio

A survey of secure middleware for the Internet of Things

The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area