Security Framework for the Web of IoT Platforms

Connected devices of IoT platforms are known to produce, process and exchange vast amounts of data, most of it sensitive or personal, that need to be protected. However, achieving minimal data protection requirements such as confidentiality, integrity, availability and non-repudiation in IoT platforms is a non-trivial issue. For one reason, the trillions of interacting devices provide larger attack surfaces. Secondly, high levels of personal and private data sharing in this ubiquitous and heterogeneous environment require more stringent protection. Additionally, whilst interoperability fuels innovation through cross-platform data flow, data ownership is a concern. This calls for categorizing data and providing different levels of access control to users known as global and local scopes. These issues present new and unique security considerations in IoT products and services that need to be addressed to enable wide adoption of the IoT paradigm. This thesis presents a security and privacy framework for the Web of IoT platforms that addresses end-to-end security and privacy needs of the platforms. It categorizes platforms’ resources into different levels of security requirements and provides appropriate access control mechanisms

A JSON Token-Based Authentication and Access Management Schema for Cloud SaaS Applications

Cloud computing is significantly reshaping the computing industry built around core concepts such as virtualization, processing power, connectivity and elasticity to store and share IT resources via a broad network. It has emerged as the key technology that unleashes the potency of Big Data, Internet of Things, Mobile and Web Applications, and other related technologies, but it also comes with its challenges - such as governance, security, and privacy. This paper is focused on the security and privacy challenges of cloud computing with specific reference to user authentication and access management for cloud SaaS applications. The suggested model uses a framework that harnesses the stateless and secure nature of JWT for client authentication and session management. Furthermore, authorized access to protected cloud SaaS resources have been efficiently managed. Accordingly, a Policy Match Gate (PMG) component and a Policy Activity Monitor (PAM) component have been introduced. In addition, other subcomponents such as a Policy Validation Unit (PVU) and a Policy Proxy DB (PPDB) have also been established for optimized service delivery. A theoretical analysis of the proposed model portrays a system that is secure, lightweight and highly scalable for improved cloud resource security and management.Comment: 6 Page

The OCARIoT Data Acquisition App

We introduce the OCARIoT Data Acquisition App, a mHealth open source solution that synchronizes and manages data in Health IoT pilots. It was developed during the H2020 project entitled OCARIoT (Smart childhood Obesity CARing solution using IoT potential) and is innovative in the sense that it allows efficient IoT data collection, integration of different commercial devices, improves the user's privacy, data's security and the management of data controllers respecting legal and ethics policies. The application acts as a token manager for accessing external services. Besides the main features of the application, we report the integration of Fitbit services, and the deployment in four Health IoT pilots in Brazil, Greece and Spain. A survey was conducted with users in these three pilots and collected information about their user experience. The results presented excellent feedbacks from the users, with initial needs of synchronizing different children's accounts and privacy, which justified the development of the tool. Finally, we got feedback of improvements in ethics, technological and reuse in Health IoT pilots.The research has been performed under the OCARIoT project, funded from the European Union`s HORIZON 2020 Programme (2014-2020), ID 777082, and from the Brazilian Ministry of Science, Technology and Innovation through Rede Nacional de Ensino e Pesquisa (RNP), ID 003008. We are also thankful to developers who also contributed to the realization of the OCARIoT Data Acquisition App, namely: Jefferson Medeiros, Lucas Rocha, Aislan Monteiro, Alex Figueiredo, Thomas Fisher and Kostas Soutos

Cloud services, interoperability and analytics within a ROLE-enabled personal learning environment

The ROLE project (Responsive Open Learning Environments, EU 7th Framework Programme, grant agreement no.: 231396, 2009-2013) was focused on the next generation of Personal Learning Environments (PLEs). A ROLE PLE is a bundle of interoperating widgets - often realised as cloud services - used for teaching and learning. In this paper, we first describe the creation of new ROLE widgets and widget bundles at Galileo University, Guatemala, within a cloud-based infrastructure. We introduce an initial architecture for cloud interoperability services including the means for collecting interaction data as needed for learning analytics. Furthermore, we describe the newly implemented widgets, namely a social networking tool, a mind-mapping tool and an online document editor, as well as the modification of existing widgets. The newly created and modified widgets have been combined in two different bundles that have been evaluated in two web-based courses at Galileo University, with participants from three different Latin-American countries. We measured emotional aspects, motivation, usability and attitudes towards the environment. The results demonstrated the readiness of cloud-based education solutions, and how ROLE can bring together such an environment from a PLE perspective

Exploring Data Security and Privacy Issues in Internet of Things Based on Five-Layer Architecture

Data Security and privacy is one of the serious issues in internet-based computing like cloud computing, mobile computing and Internet of Things (IoT). This security and privacy become manifolded in IoT because of diversified technologies and the interaction of Cyber Physical Systems (CPS) used in IoT. IoTs are being adapted in academics and in many organizations without fully protecting their assets and also without realizing that the traditional security solutions cannot be applied to IoT environment. This paper explores a comprehensive survey of IoT architectures, communication technologies and the security and privacy issues of them for a new researcher in IoT. This paper also suggests methods to thwart the security and privacy issues in the different layers of IoT architecture

Building standardized and secure mobile health services based on social media

Mobile devices and social media have been used to create empowering healthcare services. However, privacy and security concerns remain. Furthermore, the integration of interoperability biomedical standards is a strategic feature. Thus, the objective of this paper is to build enhanced healthcare services by merging all these components. Methodologically, the current mobile health telemonitoring architectures and their limitations are described, leading to the identification of new potentialities for a novel architecture. As a result, a standardized, secure/private, social-media-based mobile health architecture has been proposed and discussed. Additionally, a technical proof-of-concept (two Android applications) has been developed by selecting a social media (Twitter), a security envelope (open Pretty Good Privacy (openPGP)), a standard (Health Level 7 (HL7)) and an information-embedding algorithm (modifying the transparency channel, with two versions). The tests performed included a small-scale and a boundary scenario. For the former, two sizes of images were tested; for the latter, the two versions of the embedding algorithm were tested. The results show that the system is fast enough (less than 1 s) for most mHealth telemonitoring services. The architecture provides users with friendly (images shared via social media), straightforward (fast and inexpensive), secure/private and interoperable mHealth services

The Applications of the Internet of things in the Medical Field

The Internet of Things (IoT) paradigm promises to make “things” include a more generic set of entities such as smart devices, sensors, human beings, and any other IoT objects to be accessible at anytime and anywhere. IoT varies widely in its applications, and one of its most beneficial uses is in the medical field. However, the large attack surface and vulnerabilities of IoT systems needs to be secured and protected. Security is a requirement for IoT systems in the medical field where the Health Insurance Portability and Accountability Act (HIPAA) applies. This work investigates various applications of IoT in healthcare and focuses on the security aspects of the two internet of medical things (IoMT) devices: the LifeWatch Mobile Cardiac Telemetry 3 Lead (MCT3L), and the remote patient monitoring system of the telehealth provider Vivify Health, as well as their implementations

GLUE!: an architecture for the integration of external tools in virtual learning environments

La integración de herramientas externas en VLE (Virtual Learning Environments - Entornos deAprendizaje Virtual) tiene como objetivo enriquecer las actividades de aprendizaje que los profesionales de la educación pueden diseñar y poner en marcha. Tradicionalmente, las herramientas externas han sido integradas mediante desarrollos ad hoc, siendo esta solución muy poco eficiente a medida que aumentaba el número de VLE y herramientas utilizados por estos profesionales. Además, aquellas aproximaciones genéricas que abordan la integración de múltiples herramientas en múltiples VLE no han conseguido obtener una amplia adopción, principalmente debido al alto esfuerzo de desarrollo necesario para integrar nuevas herramientas y VLE, y a las restricciones impuestas sobre los proveedores. Algunos trabajos recientes han intentado superar estas dos limitaciones proponiendo una integración ligera de herramientas. Sin embargo, estos trabajos no facilitan la instanciación y puesta en marcha de situaciones de aprendizaje colaborativo, lo que impide de forma significativa que se puedan emplear las propiedades colaborativas específicas que proporcionan los VLE para la gestión de usuarios y grupos. Esta tesis propone una arquitectura middleware de integración denominada GLUE! (Group Learning Uniform Environment - Entorno Uniforme de Aprendizaje en Grupo) que permite la integración ligera de múltiples herramientas externas existentes en múltiples VLE existentes, superando estas limitaciones. GLUE! fomenta esta integración imponiendo pocas restricciones sobre los proveedores de VLE y herramientas, así como demandando un esfuerzo asumible por parte de los desarrolladores. Además, GLUE! facilita la instanciación y puesta en marcha de situaciones de aprendizaje colaborativo desde los VLE, aprovechando las propiedades específicas de éstos para la gestión de usuarios y grupos. Por medio de GLUE!, los profesionales de la educación pueden utilizar herramientas externas como si fueran herramientas nativas de los VLE, y además sin tener que renunciar a los VLE a los que están acostumbrados. GLUE! ha sido evaluado con la ayuda de tres situaciones de aprendizaje colaborativo auténticas, las cuales fueron diseñadas para cubrir las necesidades pedagógicas de tres cursos de educación superior. Estas tres situaciones se utilizaron en cuatro experimentos diferentes con educadores y estudiantes reales. Los resultados de esta evaluación mostraron que GLUE! permite la instanciación y puesta en marcha de situaciones de aprendizaje colaborativo que requieran la integración de herramientas externas, reduce la carga asociada a la instanciación de actividades colaborativas complejas, y facilita a los estudiantes la realización de estas actividades en colaboración. Curiosamente, el esfuerzo de desarrollo necesario por el software de integración fue similar al de otras aproximaciones de integración genéricas que ofrecen un menor grado de funcionalidad.Departamento de Teoría de la Señal y Comunicaciones e Ingeniería Telemática2012-11-2

Informal learning recognition through a cloud ecosystem

Learning and teaching processes, like all human activities, can be mediated through the use of tools. Information and communication technologies are now widespread within education. Their use in the daily life of teachers and learners affords engagement with educational activities at any place and time and not necessarily linked to an institution or a certificate. In the absence of formal certification, learning under these circumstances is known as informal learning. Despite the lack of certification, learning with technology in this way presents opportunities to gather information about and present new ways of exploiting an individual’s learning. Cloud technologies provide ways to achieve this through new architectures, methodologies, and workflows that facilitate semantic tagging, recognition, and acknowledgment of informal learning activities. The transparency and accessibility of cloud services mean that institutions and learners can exploit existing knowledge to their mutual benefit. The TRAILER project facilitates this aim by providing a technological framework using cloud services, a workflow, and a methodology. The services facilitate the exchange of information and knowledge associated with informal learning activities ranging from the use of social software through widgets, computer gaming, and remote laboratory experiments. Data from these activities are shared among institutions, learners, and workers. The project demonstrates the possibility of gathering information related to informal learning activities independently of the context or tools used to carry them out