ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability

Virtualization of Internet of Things(IoT) is a concept of dynamically building customized high-level IoT services which rely on the real time data streams from low-level physical IoT sensors. Security in IoT virtualization is challenging, because with the growing number of available (building block) services, the number of personalizable virtual services grows exponentially. This paper proposes Service Object Capability(SOC) ticket system, a decentralized access control mechanism between servers and clients to effi- ciently authenticate and authorize each other without using public key cryptography. SOC supports decentralized partial delegation of capabilities specified in each server/- client ticket. Unlike PKI certificates, SOC’s authentication time and handshake packet overhead stays constant regardless of each capability’s delegation hop distance from the root delegator. The paper compares SOC’s security bene- fits with Kerberos and the experimental results show SOC’s authentication incurs significantly less time packet overhead compared against those from other mechanisms based on RSA-PKI and ECC-PKI algorithms. SOC is as secure as, and more efficient and suitable for IoT environments, than existing PKIs and Kerberos

FRED:a hosted data flow platform for the IoT

IoT developers need to integrate a variety of protocols, backend components and services; they often need to pre and post-process data as well as react to changes in the real world. Data flow programming tools have been introduced in a number of related domains to provide a flexible, but easy to use visual programming environment for rapid development. The open source Node-RED system provides such a tool for IoT applications, but is limited to executing a single flow file in a single thread. In this paper we describe the design of our system called the Front-End for Node-RED (FRED) that manages multiple instances of Node-RED for logged in users, allowing Node-RED to be used as a cloud-hosted data flow mashup tool for the IoT. We present some examples of how some of our 1800+ users are using FRED for IoT mashups, and some of the challenged we faced in implementing the FRED system