RADIS: Remote Attestation of Distributed IoT Services

Remote attestation is a security technique through which a remote trusted party (i.e., Verifier) checks the trustworthiness of a potentially untrusted device (i.e., Prover). In the Internet of Things (IoT) systems, the existing remote attestation protocols propose various approaches to detect the modified software and physical tampering attacks. However, in an interoperable IoT system, in which IoT devices interact autonomously among themselves, an additional problem arises: a compromised IoT service can influence the genuine operation of other invoked service, without changing the software of the latter. In this paper, we propose a protocol for Remote Attestation of Distributed IoT Services (RADIS), which verifies the trustworthiness of distributed IoT services. Instead of attesting the complete memory content of the entire interoperable IoT devices, RADIS attests only the services involved in performing a certain functionality. RADIS relies on a control-flow attestation technique to detect IoT services that perform an unexpected operation due to their interactions with a malicious remote service. Our experiments show the effectiveness of our protocol in validating the integrity status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table

RESTful Service Development for Resource-constrained Environments

International audienceThe use of resource-constrained devices, such as smartphones, PDAs, Tablet PCs, and Wireless Sensor Networks (WSNs) is spreading rapidly in the business community and our daily life. Accessing services from such devices is very common in ubiquitous environments, but mechanisms to describe, implement and distribute these services remain a major challenge. Web services have been characterized as an efficient and widely-adopted approach to overcome heterogeneity, while this technology is still heavyweight for resource-constrained devices. The emergence of REST architectural style as a lightweight and simple interaction model has encouraged researchers to study the feasibility of exploiting REST principles to design and integrate services hosted on devices with limited capabilities. In this chapter, we discuss the state-of-the-art in applying REST concepts to develop Web services for WSNs and smartphones as two representative resource-constrained platforms, and then we provide a comprehensive survey of existing solutions in this area. In this context, we report on the DIGIHOME platform, a home monitoring middleware solution, which enables efficient service integration in ubiquitous environments using REST architectural style. In particular, we target our reference platforms for homemonitoring systems, namelyWSNs and smartphones, and report our experiments in applying the concept of Component-Based Software Engineering (CBSE) in order to provide resource-efficient RESTful distribution of Web services for those platforms

PD agent : a platform for developing and deploying mobile agent-enabled applications for wireless devices

2004-2005 > Academic research: refereed > Refereed conference paperVersion of RecordPublishe

A Component-based Approach for Service Distribution in Sensor Networks

International audienceThe increasing number of distributed applications over Wireless Sensor Networks (WSNs) in ubiquitous environments raises the need for high-level mechanisms to distribute sensor services and integrate them in modern IT systems. Existing work in this area mostly focuses on low-level networking issues, and fails to provide high-level and off-the-shelf programming abstractions for this purpose. In this paper, we therefore consider WSN programming models and service distribution as two interrelated factors and we present a new component-based abstraction for integrating WSNs within existing IT systems. Our approach emphasizes on reifying distribution strategies at the software architecture level, thus allowing remote invocation of component services, and facilitating interoperability of sensor services with the Internet through Web service-enabled components. The latter is efficiently provided by incorporating the REST architectural style—emphasizing on abstraction of high-level services as resources—to our component-based framework. The preliminary evaluation results show that the proposed framework has an acceptable memory overhead on a TelosB sensor platform

CAMMD: Context Aware Mobile Medical Devices

Telemedicine applications on a medical practitioners mobile device should be context-aware. This can vastly improve the effectiveness of mobile applications and is a step towards realising the vision of a ubiquitous telemedicine environment. The nomadic nature of a medical practitioner emphasises location, activity and time as key context-aware elements. An intelligent middleware is needed to effectively interpret and exploit these contextual elements. This paper proposes an agent-based architectural solution called Context-Aware Mobile Medical Devices (CAMMD). This framework can proactively communicate patient records to a portable device based upon the active context of its medical practitioner. An expert system is utilised to cross-reference the context-aware data of location and time against a practitioners work schedule. This proactive distribution of medical data enhances the usability and portability of mobile medical devices. The proposed methodology alleviates constraints on memory storage and enhances user interaction with the handheld device. The framework also improves utilisation of network bandwidth resources. An experimental prototype is presented highlighting the potential of this approach

Leveraging Kubernetes in Edge-Native Cable Access Convergence

Public clouds provide infrastructure services and deployment frameworks for modern cloud-native applications. As the cloud-native paradigm has matured, containerization, orchestration and Kubernetes have become its fundamental building blocks. For the next step of cloud-native, an interest to extend it to the edge computing is emerging. Primary reasons for this are low-latency use cases and the desire to have uniformity in cloud-edge continuum. Cable access networks as specialized type of edge networks are not exception here. As the cable industry transitions to distributed architectures and plans the next steps to virtualize its on-premise network functions, there are opportunities to achieve synergy advantages from convergence of access technologies and services. Distributed cable networks deploy resource-constrained devices like RPDs and RMDs deep in the edge networks. These devices can be redesigned to support more than one access technology and to provide computing services for other edge tenants with MEC-like architectures. Both of these cases benefit from virtualization. It is here where cable access convergence and cloud-native transition to edge-native intersect. However, adapting cloud-native in the edge presents a challenge, since cloud-native container runtimes and native Kubernetes are not optimal solutions in diverse edge environments. Therefore, this thesis takes as its goal to describe current landscape of lightweight cloud-native runtimes and tools targeting the edge. While edge-native as a concept is taking its first steps, tools like KubeEdge, K3s and Virtual Kubelet can be seen as the most mature reference projects for edge-compatible solution types. Furthermore, as the container runtimes are not yet fully edge-ready, WebAssembly seems like a promising alternative runtime for lightweight, portable and secure Kubernetes compatible workloads

Extending BPEL for Interoperable Pervasive Computing

The widespread deployment of mobile devices like PDAs and mobile phones has created a vast computation and communication platform for pervasive computing applications. However, these devices feature an array of incompatible hardware and software architectures, discouraging ad-hoc interactions among devices. The Business Process Execution Language (BPEL) allows users in wired computing settings to model applications of significant complexity, leveraging Web standards to guarantee interoperability. However, BPEL\u27s inflexible communication model effectively prohibits its deployment on the kinds of dynamic wireless networks used by most pervasive computing devices. This paper presents extensions to BPEL that address these restrictions, transforming BPEL into a versatile platform for interoperable pervasive computing applications. We discuss our implementation of these extensions in Sliver, a lightweight BPEL execution engine that we have developed for mobile devices. We also evaluate a pervasive computing application prototype implemented in BPEL, running on Sliver