Deepak Puthal
Schahram Dustdar
Abstract
The Internet of Things (IoT) is becoming a backbone of sensing infrastructure to several mission-critical applications such as smart health, disaster management, and smart cities. Due to resource-constrained sensing devices, IoT infrastructures use Edge datacenters (EDCs) for real-time data processing. EDCs can be either static or mobile in nature, and this article considers both of these scenarios. Generally, EDCs communicate with IoT devices in emergency scenarios to evaluate data in real-time. Protecting data communications from malicious activity becomes a key factor, as all the communication flows through insecure channels. In such infrastructures, it is a challenging task for EDCs to ensure the trustworthiness of the data for emergency evaluations. The current communication security pattern of “communication before authentication” leaves a “black hole” for intruders to become part of communication processes without authentication. To overcome this issue and to develop security infrastructures for IoT and distributed Edge datacenters, this article proposes a user-centric security solution. The proposed security solution shifts from a network-centric approach to a user-centric security approach by authenticating users and devices before communication is established. A trusted controller is initialized to authenticate and establishes the secure channel between the devices before they start communication between themselves. The centralized controller draws a perimeter for secure communications within the boundary. Theoretical analysis and experimental evaluation of the proposed security model show that it not only secures the communication infrastructure but also improves the overall network performance.
- V. Lesser, C. L. Ortiz Jr, and M. Tambe (Eds.). 2012. Distributed Sensor Networks: A Multiagent Perspective 9. Springer Science 8 Business Media 2012.Google Scholar
- L. Atzori, A. Iera, and G. Morabito. 2010. The internet of things: A survey. Comput. Netw. 54, 15 (2010), 2787--2805.Google ScholarDigital Library
- J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami. 2013. Internet of things (IoT): A vision, architectural elements, and future directions. Fut. Gen. Comput. Syst. 29, 7 (2013), 1645--1660.Google ScholarDigital Library
- D. Puthal, S. Nepal, R. Ranjan, and J. Chen. 2017. DLSeF: A dynamic key-length-based efficient real-time security verification model for big data stream. ACM Trans. Embed. Comput. Syst. 16, 2 (2017), 51:1–51:24.Google ScholarDigital Library
- A. Dorri, S. Kanhere, R. Jurdak, and P. Gauravaram. 2017. Blockchain for IoT security and privacy: The case study of a smart home. In Proceedings of the IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops’17). 618--623.Google Scholar
- R. Roman, P. Najera, and J. Lopez. 2011. Securing the internet of things. IEEE Comput. 44, 9 (2011), 51--58.Google ScholarDigital Library
- D. Puthal, S. P. Mohanty, P. Nanda, and U. Choppali. 2017. Building security perimeters to protect network systems against cyber threats. IEEE Consum. Electron. Mag. 6, 4 (2017), 24--27.Google ScholarCross Ref
- M. Steiner, G. Tsudik, and M. Waidner. 1996. Diffie-Hellman key distribution extended to group communication. In Proceedings of the 3rd ACM Conference on Computer and Communications Security. 31--37.Google Scholar
- Cloud Security Alliance (CSA). Retrieved from https://cloudsecurityalliance.org/ group/software-defined-perimeter.Google Scholar
- S. Nepal, J. Zic, D. Liu, and J. Jang. 2011. A mobile and portable trusted computing platform. EURASIP J. Wirel. Commun. Netw. 1, (2011), 1--19.Google Scholar
- D. Puthal, S. Nepal, R. Ranjan, and J. Chen. 2016. Threats to networking cloud and edge datacenters in the internet of things. IEEE Cloud Comput. 3, 3 (2016), 64--71.Google ScholarCross Ref
- D. Minoli, K. Sohraby, and J. Kouns. 2017. IoT security (IoTSec) considerations, requirements, and architectures. In Proceedings of the 14th IEEE Consumer Communications 8 Networking Conference (CCNC’17). 1006--1007.Google Scholar
- B. Mukherjee, R. Neupane, and P. Calyam. 2017. End-to-end IoT security middleware for cloud-fog communication. In Proceedings of the 4th International Conference on Cyber Security and Cloud Computing (CSCloud’17). 151--156.Google Scholar
- Y. Hatri, A. Otmani, and K. Guenda. 2018. Cryptanalysis of an identity based authenticated key exchange protocol. Int. J. Commun. Syst. 31, 3 (2018), 1--8.Google Scholar
- E. Bertino and N. Islam. 2017. Botnets and internet of things security. IEEE Comput. 50, 2 (2017), 76--79.Google ScholarDigital Library
- M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. Sadeghi, and S. Tarkoma. 2017. IoT sentinel: Automated device-type identification for security enforcement in IoT. In Proceedings of the 37th International Conference on Distributed Computing Systems (ICDCS’17). 2177--2184.Google Scholar
- M. Miettinen, S. Marchal, I. Hafeez, T. Frassetto, N. Asokan, A. Sadeghi, and Sasu Tarkoma. 2017. IoT sentinel demo: Automated device-type identification for security enforcement in IoT. In Proceedings of the 37th International Conference on Distributed Computing Systems (ICDCS’17), 2511--2514.Google ScholarCross Ref
- M. Al-Ayyoub, Y. Jararweh, E. Benkhelifa, M. Vouk, and A. Rindos. Sdsecurity: A software defined security experimental framework. In Proceedings of the International Conference on Communications Workshop. 1871--1876.Google Scholar
- A. Darabseh, M. Al-Ayyoub, Y. Jararweh, E. Benkhelifa, M. Vouk, and A. Rindos. 2015. SDDC: A software defined datacenter experimental framework. In Proceedings of the 3rd International Conference on Future Internet of Things and Cloud (FiCloud’15). 189--194.Google Scholar
- D. Puthal, X. Wu, S. Nepal, R. Ranjan, and J. Chen. 2017. SEEN: A selective encryption method to ensure confidentiality for big sensing data streams. IEEE Trans. Big Data 5, 3 (2017). DOI:10.1109/TBDATA.2017.2702172Google Scholar
- D. Huang, S. Misra, M. Verma, and G. Xue. 2011. PACP: An efficient pseudonymous authentication-based conditional privacy protocol for VANETs. IEEE Trans. Intell. Transport. Syst. 12, 3 (2011), 736--746.Google ScholarDigital Library
- A. Ghosh and S. Sarkar. 2018. Pricing for profit in internet of things. IEEE Trans. Netw. Sci. Eng. 6, 2 (2018). DOI:10.1109/TNSE.2018.2796592Google Scholar
- Scyther. http://www.cs.ox.ac.uk/people/cas.cremers/scyther/. Accessed in February 2018.Google Scholar
- Contiki operating system. http://www.contiki-os.org. Accessed in February 2018.Google Scholar
- F. Osterlind, A. Dunkels, J. Eriksson, N. Finne, and T. Voigt. 2006. Cross-level sensor network simulation with COOJA. In Proceedings of the 31st IEEE Conference on Local Computer Networks. 641--648.Google Scholar
- W. Heinzelman, A. Chandrakasan, and H. Balakrishnan. 2000. Energy-efficient communication protocol for wireless microsensor networks. In Proceedings of the 33rd Hawaii International Conference on System Sciences.Google ScholarDigital Library
- H. Liu, H. Ning, Y. Zhang, and L. T. Yang. 2012. Aggregated-proofs based privacy-preserving authentication for V2G networks in the smart grid. IEEE Trans. Smart Grid 3, 4 (2012), 1722--1733.Google ScholarCross Ref
- H. Liu et al. 2014. Role-dependent privacy preservation for secure V2G networks in the smart grid. IEEE Trans. Inf. Forens. Sec. 9, 2 (2014), 208--220.Google ScholarDigital Library
- F. Kausar, S. Hussain, L. T. Yang, and A. Masood. 2008. Scalable and efficient key management for heterogeneous sensor networks. J. Supercomput. 45, 1 (2008), 44--65.Google Scholar
- A. Castiglione et al. 2017. Secure group communication schemes for dynamic heterogeneous distributed computing. Fut. Gen. Comput. Syst. 74, (2017), 313--324.Google ScholarDigital Library
- A. Castiglione et al. 2017. Supporting dynamic updates in storage clouds with the Akl–Taylor scheme. Inf. Sci. 387, (2017), 56--74.Google ScholarDigital Library
Index Terms
- A User-centric Security Solution for Internet of Things and Edge Convergence
Recommendations
Cyberentity Security in the Internet of Things
A proposed Internet of Things system architecture offers a solution to the broad array of challenges researchers face in terms of general system security, network security, and application security.
Security of the Internet of Things: An Overview
ICCIS '16: Proceedings of the 2016 International Conference on Communication and Information SystemsOver the last several decades, the pace of progress of Internet technology has undergone rapid developments, especially in the Internet of Things (IoT). The recent advancements that have changed the way people live are called Smart devices, which are ...
Context-aware security in the internet of things: a survey
Internet of things (IoT) applications encompass home-automation, health, transportation, etc. The main objective of these applications is to improve user's lives. However, security and privacy threats and the lack of adapted security mechanisms could ...
Comments