A Lightweight Policy System for Body Sensor Networks

Body sensor networks (BSNs) for healthcare have more stringent security and context adaptation requirements than required in large-scale sensor networks for environment monitoring. Policy-based management enables flexible adaptive behavior by supporting dynamic loading, enabling and disabling of policies without shutting down nodes. This overcomes many of the limitations of sensor operating systems, such as TinyOS, which do not support dynamic modification of code. Alternative schemes for adaptation, such as network programming, have a high communication cost and suffer from operational interruption. In addition, a policy-driven approach enables finegrained access control through specifying authorization policies. This paper presents the design, implementation and evaluation of an efficient policy system called Finger which enables policy interpretation and enforcement on distributed sensors to support sensor level adaptation and fine-grained access control. It features support for dynamic management of policies, minimization of resources usage, high responsiveness and node autonomy. The policy system is integrated as a TinyOS component, exposing simple, well-defined interfaces which can easily be used by application developers. The system performance in terms of processing latency and resource usage is evaluated. © 2009 IEEE.Published versio

Policy-based management for body-sensor networks

Accepted versio

Towards supporting interactions between self-managed cells

Accepted versio

Secure Spontaneous Emergency Access to Personal Health Record

ABSTRACT We propose a system which enables access to the user's Personal Health Record (PHR) in the event of emergency. The access typically occurs in an ad-hoc and spontaneous manner and the user is usually unconscious, hence rendering the unavailability of the user's password to access the PHR. The proposed system includes a smart card carried by the user at all time and it is personalized with a pseudo secret, an URL to the PHR Server, a secret key shared with the PHR Server and a number of redemption tokens generated using a hash chain. In each emergency session, a one-time use redemption token is issued by the smart card, allowing the emergency doctor to retrieve the user's PHR upon successful authentication of his credentials and validation of the redemption token. The server returns the PHR encrypted with a one-time session key which can only be decrypted by the emergency doctor. The devised interaction protocol to facilitate emergency access to the user's PHR is secure and efficient

Non-verbal auditory aspects of human-service robot interaction

As service robots become ever more pervasive, the number, degree and depth of interaction with humans, particularly fellow workers, is increasing rapidly. Humans are generally shaped alike, respond in predominantly similar ways and are often inherently predictable to other humans. Robots, by contrast, have an exceptional diversity of size, shape, mobility, function, and their intentions or actions are often less predictable. Humans working in close proximity have learnt to provide cues to their behaviour, both verbal and non-verbal, and we argue that this is an important aspect of maintaining both safety and comfort in a mixed work or social environment. At present, robots do not provide any such cues to their fellow workers, which can be cause of human discomfort, and indeed contribute to safety issues when working in close proximity to humans. This paper considers the non-verbal auditory aspects of interaction in a work environment, with particular emphasis on safe and comfortable integration of service robots into such locations. In particular, we propose a classification of interaction levels to inform the construction, programming and operation of robots in the workplace

Fault-tolerant and Scalable Key Management Protocol for IoT-based Collaborative Groups

International audienceSecuring collaborative applications relies heavily on the underlying group key management protocols. Designing these protocols ischallenging, especially in the context of the Internet of Things (IoT). Indeed, the presence of heterogeneous and dynamic members within the collaborative groups usually involves resource constrained entities, which require energy-aware protocols to manage frequent arrivals and departures of members. Moreover, both fault tolerance and scalability are sought for sensitive and large collaborative groups. To address these challenges, we propose to enhance our previously proposed protocol (i.e. DBGK) with polynomial computations. In fact, our contribution in this paper, allows additional controllers to be included with no impact on storage cost regarding constrained members. To assess our protocol called DsBGK, we conducted extensive simulations. Results confirmed that DsBGK achieves a better scalability and fault tolerance compared to DBGK. In addition, energy consumption induced by group key rekeying has been reduced

Securing the Internet of Things: a standardization perspective

The Internet-of-Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together. Through IP connectivity, devices can now be connected to the Internet, thus allowing them to be read, controlled and managed at any time and any place. Security is an important aspect for IoT deployments. However, proprietary security solutions do not help in formulating a coherent security vision to enable IoT devices to securely communicate with each other in an interoperable manner. This paper gives an overview of the efforts in the Internet Engineering Task Force (IETF) to standardize security solutions for the IoT ecosystem. We first provide an in-depth review of the communication security solutions for IoT, specifically the standard security protocols to be used in conjunction with the Constrained Application Protocol (CoAP), an application protocol specifically tailored to the needs of adapting to the constraints of IoT devices. Since Datagram Transport Layer Security (DTLS) has been chosen as the channel security underneath CoAP, this paper also discusses the latest standardization efforts to adapt and enhance the DTLS for IoT applications. This includes the use of (i) raw public key in DTLS, (ii) extending DTLS Record Layer to protect group (multicast) communication, and (iii) profiling of DTLS for reducing the size and complexity of implementations on embedded devices. We also provide an extensive review of compression schemes that are being proposed in IETF to mitigate message fragmentation issues in DTLS

Securing the IP-based internet of things with HIP and DTLS

<p>The IP-based Internet of Things (IoT) refers to the pervasive interaction of smart devices and people enabling new applications by means of new IP protocols such as 6LoWPAN and CoAP. Security is a must, and for that we need a secure architecture in which all device interactions are protected, from joining an IoT network to the secure management of keying materials. However, this is challenging because existing IP security protocols do not offer all required functionalities and typical Internet solutions do not lead to the best performance.</p> <p>We propose and compare two security architectures providing secure network access, key management and secure communication. The first solution relies on a new variant of the Host Identity Protocol (HIP) based on pre-shared keys (PSK), while the second solution is based on the standard Datagram Transport Layer Security (DTLS). Our evaluation shows that although the HIP solution performs better, the currently limited usage of HIP poses severe limitations. The DTLS architecture allows for easier interaction and interoperability with the Internet, but optimizations are needed due to its performance issues.</p&gt

Self-managed cell: a middleware for managing body-sensor networks

Body sensor networks consisting of low-power on- body wireless sensors attached to mobile users will be used in the future to monitor the health and well being of patients in hospitals or at home. Such systems need to adapt autonomously to changes in context, user activity, device failure, and the availability or loss of services. To this end, we propose a policy- based architecture that uses the concept of a Self-Managed Cell (SMC) to integrate services, managed resources and a policy interpreter by means of an event bus. Policies permit the declarative specification of adaptation strategy for self- configuration and self-management. We present the design and implementation of the SMC and describe its potential use in a scenario for management of heart monitoring. Preliminary performance measurements are also presented and discussed