An active, ontology-driven network service for Internet collaboration

Web portals have emerged as an important means of collaboration on the WWW, and the integration of ontologies promises to make them more accurate in how they serve users’ collaboration and information location requirements. However, web portals are essentially a centralised architecture resulting in difficulties supporting seamless roaming between portals and collaboration between groups supported on different portals. This paper proposes an alternative approach to collaboration over the web using ontologies that is de-centralised and exploits content-based networking. We argue that this approach promises a user-centric, timely, secure and location-independent mechanism, which is potentially more scaleable and universal than existing centralised portals

Context-aware Authorization in Highly Dynamic Environments

Highly dynamic computing environments, like ubiquitous and pervasive computing environments, require frequent adaptation of applications. Context is a key to adapt suiting user needs. On the other hand, standard access control trusts users once they have authenticated, despite the fact that they may reach unauthorized contexts. We analyse how taking into account dynamic information like context in the authorization subsystem can improve security, and how this new access control applies to interaction patterns, like messaging or eventing. We experiment and validate our approach using context as an authorization factor for eventing in Web service for device (like UPnP or DPWS), in smart home security

CUPS : Secure Opportunistic Cloud of Things Framework based on Attribute Based Encryption Scheme Supporting Access Policy Update

The ever‐growing number of internet connected devices, coupled with the new computing trends, namely within emerging opportunistic networks, engenders several security concerns. Most of the exchanged data between the internet of things (IoT) devices are not adequately secured due to resource constraints on IoT devices. Attribute‐based encryption is a promising cryptographic mechanism suitable for distributed environments, providing flexible access control to encrypted data contents. However, it imposes high decryption costs, and does not support access policy update, for highly dynamic environments. This paper presents CUPS, an ABE‐based framework for opportunistic cloud of things applications, that securely outsources data decryption process to edge nodes in order to reduce the computation overhead on the user side. CUPS allows end‐users to offload most of the decryption overhead to an edge node and verify the correctness of the received partially decrypted data from the edge node. Moreover, CUPS provides the access policy update feature with neither involving a proxy‐server, nor re‐encrypting the enciphered data contents and re‐distributing the users' secret keys. The access policy update feature in CUPS does not affect the size of the message received by the end‐user, which reduces the bandwidth and the storage usage. Our comprehensive theoretical analysis proves that CUPS outperforms existing schemes in terms of functionality, communication and computation overheads

Lightweight attribute-based encryption supporting access policy update for cloud assisted IoT

Cloud-assisted IoT applications are gaining an expanding interest, such that IoT devices are deployed in different distributed environments to collect and outsource sensed data to remote servers for further processing and sharing among users. On the one hand, in several applications, collected data are extremely sensitive and need to be protected before outsourcing. Generally, encryption techniques are applied at the data producer side to protect data from adversaries as well as curious cloud provider. On the other hand, sharing data among users requires fine grained access control mechanisms. To ensure both requirements, Attribute Based Encryption (ABE) has been widely applied to ensure encrypted access control to outsourced data. Although, ABE ensures fine grained access control and data confidentiality, updates of used access policies after encryption and outsourcing of data remains an open challenge. In this paper, we design PU-ABE, a new variant of key policy attribute based encr yption supporting efficient access policy update that captures attributes addition and revocation to access policies. PU-ABE contributions are multifold. First, access policies involved in the encryption can be updated without requiring sharing secret keys between the cloud server and the data owners neither re-encrypting data. Second, PU-ABE ensures privacy preserving and fine grained access control to outsourced data. Third, ciphertexts received by the end-user are constant sized and independent from the number of attributes used in the access policy which affords low communication and storage costs

Attribute-Based Encryption and Sticky Policies for Data Access Control in a Smart Home Scenario: a Comparison on Networked Smart Object Middleware

Regulating the access to the Internet of Things (IoT) network's resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on Attribute-Based Encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterwards. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named NetwOrked Smart object (NOS). Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application's requirements