Secure store and forward proxy for dynamic IoT applications over M2M networks

Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality

Enabling actor model for crowd sensing and IoT

The cloud is playing a very important role in wireless sensor network, crowd sensing and IoT data collection and processing. However, current cloud solutions lack of some features that hamper the innovation a number of other new services. We propose a cloud solution that provides these missing features as multi-cloud and device multi-tenancy relying in a whole different fully distributed paradigm, the actor model

TLS/PKI Challenges and certificate pinning techniques for IoT and M2M secure communications

Transport Layer Security is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on Public Key Infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, the article provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current Certificate Pinning solutions in order to illustrate the potential problems that should be addressed

Pervasive authentication and authorization infrastructures for mobile users

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.Peer Reviewe

Pervasive authentication and authorization infrastructures for mobile users

Network and device heterogeneity, nomadic mobility, intermittent connectivity and, more generally, extremely dynamic operating conditions, are major challenges in the design of security infrastructures for pervasive computing. Yet, in a ubiquitous computing environment, limitations of traditional solutions for authentication and authorization can be overcome with a pervasive public key infrastructure (pervasive-PKI). This choice allows the validation of credentials of users roaming between heterogeneous networks, even when global connectivity is lost and some services are temporarily unreachable. Proof-of-concept implementations and testbed validation results demonstrate that strong security can be achieved for users and applications through the combination of traditional PKI services with a number of enhancements like: (i) dynamic and collaborative trust model, (ii) use of attribute certificates for privilege management, and (iii) modular architecture enabling nomadic mobility and enhanced with reconfiguration capabilities.Peer Reviewe