An ICMetrics Based Lightweight Security Architecture Using Lattice Signcryption

The advent of embedded systems has completely transformed the information landscape. With the explosive growth in the use of interactive real-time technologies, this internet landscape aims to support an even broader range of application domains. The large amount of data that is exchanged by these applications has made them an attractive target for attacks. Thus it is important to employ security mechanisms to protect these systems from attackers. A major challenge facing researchers is the resource constrained nature of these systems, which renders most of the traditional security mechanisms almost useless. In this paper we propose a lightweight ICmetrics based security architecture using lattices. The features of the proposed architecture fulfill both the requirements of security as well as energy efficiency. The proposed architecture provides authentication, confidentiality, non-repudiation and integrity of data. Using the identity information derived from ICmetrics of the device, we further construct a sign cryption scheme based on lattices that makes use of certificate less PKC to achieve the security requirements of the design. This scheme is targeted on resource constrained environments, and can be used widely in applications that require sufficient levels of security with limited resources

Secure data exchange in Industrial Internet of Things

The use of the Industrial Internet of Things (IoT) is widespread, working as an enabler to implement large, scalable, reliable, and secure industrial environments. Although existing deployments do not meet security standards and have limited resources for each component which leads to several security breaches, such as trust between components, partner factories, or remote-control. These security failures can lead to critical outcomes, from theft of production information to forced production stoppages, accidents, including physical and others. The combination of blockchain-based solutions with IIoT environments is gaining momentum due to their resilience and security properties. However, chain-structured classic blockchain solutions are very resource-intensive and are not suitable for power-constrained IoT devices. To mitigate the mentioned security concerns, a secure architecture is proposed using a structured asynchronous blockchain DAG (Directed Acyclic Graph) that simultaneously provides security and transaction efficiency for the solution. The solution was modelled with special details in the use cases and sequence diagrams. Security concerns were integrated from the start, and a threat model was created using the STRIDE approach to test the security of the proposed solution. As a result, a flexible solution was been developed that significantly reduces the attack vectors in IIoT environments. The proposed architecture is versatile and flexible, is supported by an extensive security assessment, which allows it to be deployed in a variety of customizable industrial environments and scenarios, as well as to include future hardware and software extensions.This work has been supported by FCT – Fundação para a Ciência e Tecnologia within the Project Scope: UIDB/05757/2020.info:eu-repo/semantics/publishedVersio

Towards a secure data exchange in IIoT

Industrial Internet of Things (IIoT) plays a central role in the Fourth Industrial Revolution, with many specialists working towards implementing large scalable, reliable and secure industrial environments. However, existing environments are lacking security standards and have limited resources per component which results in various security breaches, e.g., trust in between the components, partner factories or remote control units with the system. Due to the resilience and its security properties, combining blockchain-based solutions with IIoT environments is gaining popularity. Despite that, chain-structured classic blockchain solutions are extremely resource-intensive and are not suitable for power-constrained IoT devices. To mitigate the referred security challenges, a secure architecture is proposed by using a DAG-structured asynchronous blockchain that can provide system security and transactions efficiency at the same time. Use-cases and sequence diagrams were created to model the solution. The achieved results are robust, supported by an extensive security evaluation, which foster future developments over the proposed architecture. Therefore, as the proposed architecture is generic and flexible, its deployment in diverse customized industrial environments and scenarios, as well as the incorporation of future hardware and software, is possible.info:eu-repo/semantics/publishedVersio

An Architecture Model for a Distributed Virtualization System

Virtualization technologies are massively adopted to cover those requirements in which Operating Systems (OS) have shown weakness, such as fault and security isolation. They also add features like resource partitioning, server consolidation, legacy application support, management tools, among others, which are attractive to Cloud service providers. Hardware virtualization, paravirtualization, and OS-level virtualization are the most widely used technologies to carry out these tasks, although each of them presents different levels of server consolidation, performance, scalability, high-availability, and isolation. The term “Virtual Machine” (VM) is used in issues related to hardware virtualization and paravirtualization technologies to describe an isolated execution environment for an OS and its applications. Containers, Jails, Zones are the names used in OS-level virtualization to describe the environments for applications confinement. Regardless of the definition of the virtualization abstraction, its computing power and resource usage are limited to the physical machine where it runs. The proposed virtualization architecture model breaks this issue, distributing processes, services, and resources to provide distributed virtual environments based on OS factoring and OS containers. The outcome is a Distributed Virtualization System (DVS) which allows running several distributed Virtual Operating System (VOS) on the same cluster. A DVS also fits the requirements for delivering high-performance cloud services with provider-class features as high-availability, replication, elasticity, load balancing, resource management, and process migration. Furthermore, a DVS is able to run several instances of different guest VOS concurrently, allocating a subset of nodes for each instance (resource aggregation), and to share nodes between them (resource partitioning). Each VOS runs isolated within a Distributed Container (DC), which could span multiple nodes of the DVS cluster. The proposed architecture model keeps the appreciated features of current virtualization technologies, such as confinement, consolidation and security, and the benefits of DOS, such as transparency, greater performance, high-availability, elasticity, and scalability.Este documento es la reseña de una tesis publicada en Sedici (ver documento relacionado).Facultad de Informátic

An Architecture Model for a Distributed Virtualization System

Virtualization technologies are massively adopted to cover those requirements in which Operating Systems (OS) have shown weakness, such as fault and security isolation. They also add features like resource partitioning, server consolidation, legacy application support, management tools, among others, which are attractive to Cloud service providers. Hardware virtualization, paravirtualization, and OS-level virtualization are the most widely used technologies to carry out these tasks, although each of them presents different levels of server consolidation, performance, scalability, high-availability, and isolation. The term “Virtual Machine” (VM) is used in issues related to hardware virtualization and paravirtualization technologies to describe an isolated execution environment for an OS and its applications. Containers, Jails, Zones are the names used in OS-level virtualization to describe the environments for applications confinement. Regardless of the definition of the virtualization abstraction, its computing power and resource usage are limited to the physical machine where it runs. The proposed virtualization architecture model breaks this issue, distributing processes, services, and resources to provide distributed virtual environments based on OS factoring and OS containers. The outcome is a Distributed Virtualization System (DVS) which allows running several distributed Virtual Operating System (VOS) on the same cluster. A DVS also fits the requirements for delivering high-performance cloud services with provider-class features as high-availability, replication, elasticity, load balancing, resource management, and process migration. Furthermore, a DVS is able to run several instances of different guest VOS concurrently, allocating a subset of nodes for each instance (resource aggregation), and to share nodes between them (resource partitioning). Each VOS runs isolated within a Distributed Container (DC), which could span multiple nodes of the DVS cluster. The proposed architecture model keeps the appreciated features of current virtualization technologies, such as confinement, consolidation and security, and the benefits of DOS, such as transparency, greater performance, high-availability, elasticity, and scalability.Este documento es la reseña de una tesis publicada en Sedici (ver documento relacionado).Facultad de Informátic

Next Generation Cloud Computing: New Trends and Research Directions

The landscape of cloud computing has significantly changed over the last decade. Not only have more providers and service offerings crowded the space, but also cloud infrastructure that was traditionally limited to single provider data centers is now evolving. In this paper, we firstly discuss the changing cloud infrastructure and consider the use of infrastructure from multiple providers and the benefit of decentralising computing away from data centers. These trends have resulted in the need for a variety of new computing architectures that will be offered by future cloud infrastructure. These architectures are anticipated to impact areas, such as connecting people and devices, data-intensive computing, the service space and self-learning systems. Finally, we lay out a roadmap of challenges that will need to be addressed for realising the potential of next generation cloud systems.Comment: Accepted to Future Generation Computer Systems, 07 September 201