A framework for orchestrating secure and dynamic access of IoT services in multi-cloud environments

IoT devices have complex requirements but their limitations in terms of storage, network, computing, data analytics, scalability and big data management require it to be used it with a technology like cloud computing. IoT backend with cloud computing can present new ways to offer services that are massively scalable, can be dynamically configured, and delivered on demand with largescale infrastructure resources. However, a single cloud infrastructure might be unable to deal with the increasing demand of cloud services in which hundreds of users might be accessing cloud resources, leading to a big data problem and the need for efficient frameworks to handle a large number of user requests for IoT services. These challenges require new functional elements and provisioning schemes. To this end, we propose the usage of multi-clouds with IoT which can optimize the user requirements by allowing them to choose best IoT services from many services hosted in various cloud platforms and provide them with more infrastructure and platform resources to meet their requirements. This paper presents a novel framework for dynamic and secure IoT services access across multi-clouds using cloud on-demand model. To facilitate multi-cloud collaboration, novel protocols are designed and implemented on cloud platforms. The various stages involved in the framework for allowing users access to IoT services in multi-clouds are service matchmaking (i.e. to choose the best service matching user requirements), authentication (i.e. a lightweight mechanism to authenticate users at runtime before granting them service access), and SLA management (including SLA negotiation, enforcement and monitoring). SLA management offers benefits like negotiating required service parameters, enforcing mechanisms to ensure that service execution in the external cloud is according to the agreed SLAs and monitoring to verify that the cloud provider complies with those SLAs. The detailed system design to establish secure multi-cloud collaboration has been presented. Moreover, the designed protocols are empirically implemented on two different clouds including OpenStack and Amazon AWS. Experiments indicate that proposed system is scalable, authentication protocols result only in a limited overhead compared to standard authentication protocols, and any SLA violation by a cloud provider could be recorded and reported back to the user.N/

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Coop-DAAB : cooperative attribute based data aggregation for Internet of Things applications

The deployment of IoT devices is gaining an expanding interest in our daily life. Indeed, IoT networks consist in interconnecting several smart and resource constrained devices to enable advanced services. Security management in IoT is a big challenge as personal data are shared by a huge number of distributed services and devices. In this paper, we propose a Cooperative Data Aggregation solution based on a novel use of Attribute Based signcryption scheme (Coop - DAAB). Coop - DAAB consists in distributing data signcryption operation between different participating entities (i.e., IoT devices). Indeed, each IoT device encrypts and signs in only one step the collected data with respect to a selected sub-predicate of a general access predicate before forwarding to an aggregating entity. This latter is able to aggregate and decrypt collected data if a sufficient number of IoT devices cooperates without learning any personal information about each participating device. Thanks to the use of an attribute based signcryption scheme, authenticity of data collected by IoT devices is proved while protecting them from any unauthorized access

Incentive Mechanisms for Participatory Sensing: Survey and Research Challenges

Participatory sensing is a powerful paradigm which takes advantage of smartphones to collect and analyze data beyond the scale of what was previously possible. Given that participatory sensing systems rely completely on the users' willingness to submit up-to-date and accurate information, it is paramount to effectively incentivize users' active and reliable participation. In this paper, we survey existing literature on incentive mechanisms for participatory sensing systems. In particular, we present a taxonomy of existing incentive mechanisms for participatory sensing systems, which are subsequently discussed in depth by comparing and contrasting different approaches. Finally, we discuss an agenda of open research challenges in incentivizing users in participatory sensing.Comment: Updated version, 4/25/201

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201