research-article

Public Access

An Architectural Mechanism for Resilient IoT Services

Authors:

Edward A. LeeAuthors Info & Claims

SafeThings'17: Proceedings of the 1st ACM Workshop on the Internet of Safe Things

Pages 8 - 13

https://doi.org/10.1145/3137003.3137010

Published: 05 November 2017 Publication History

Abstract

Availability of authentication and authorization services is critical for the safety of the Internet of Things (IoT). By leveraging an emerging network architecture based on edge computers, IoT's availability can be protected even under situations such as network failures or denial-of-service (DoS) attacks. However, little has been explored for the issue of sustaining availability even when edge computers fail. In this paper, we propose an architectural mechanism for enhancing the availability of the authorization infrastructure for the IoT. The proposed approach leverages a technique called secure migration, which allows IoT devices to migrate to other local authorization entities served in trusted edge computers when their authorization entity becomes unavailable. Specifically, we point out necessary considerations for planning secure migration and present automated migration policy construction and protocols for preparing and executing the migration. The effectiveness of our approach is illustrated using a concrete application of smart buildings and network simulation, where our proposed solution achieves significantly higher availability in case of failures in some of the authorization entities.

References

[1]

[n. d.]. How the AWS IoT Platform Works - Amazon Web Services. http://aws.amazon.com/iot-platform/how-it-works/

[2]

[n. d.]. Linux Containers - LXC - Introduction. https://linuxcontainers.org/lxc/

[3]

Jorge Bernal Bernabe, Jose Luis Hernandez Ramos, and Antonio F. Skarmeta Gomez. 2016. TACIoT: multidimensional trust-aware access control system for the Internet of Things. Soft Computing 20, 5 (May 2016), 1763--1779.

Digital Library

[4]

Alan Burns and Rob Davis. 2015. Mixed criticality systems: A review. Dept. of Computer Science, University of York, Tech. Rep, Sixth Edition (Jan. 2015).

[5]

Simone Cirani, Marco Picone, Pietro Gonizzi, Luca Veltri, and Gianluigi Ferrari. 2015. IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal 15, 2 (Feb. 2015), 1224--1234.

[6]

Pedro Garcia Lopez et al. 2015. Edge-centric Computing: Vision and Challenges. SIGCOMM Comput. Commun. Rev. 45, 5 (Sept. 2015), 37--42.

Digital Library

[7]

Inc. Gurobi Optimization. 2016. Gurobi Optimizer Reference Manual. (2016). http://www.gurobi.com

[8]

Hokeun Kim, Eunsuk Kang, Edward A. Lee, and David Broman. 2017. A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things. In The 2nd ACM/IEEE International Conference on Internet-of-Things Design and Implementation. ACM/IEEE, Pittsburgh, PA, 147--158.

Digital Library

[9]

Hokeun Kim and Edward A. Lee. 2017. Authentication and Authorization for the Internet of Things. IT Professional 19, 5 (September 2017). to appear.

[10]

Hokeun Kim, Armin Wasicek, Benjamin Mehne, and Edward A. Lee. 2016. A Secure Network Architecture for the Internet of Things Based on Local Authorization Entities. In The 4th IEEE International Conference on Future Internet of Things and Cloud. Vienna, Austria, 114--122.

[11]

Tom H. Luan, Longxiang Gao, Zhi Li, Yang Xiang, Guiyi Wei, and Limin Sun. 2015. Fog Computing: Focusing on Mobile Users at the Edge. arXiv:1502.01815 [cs] (Feb. 2015). http://arxiv.org/abs/1502.01815 arXiv: 1502.01815.

[12]

Parikshit N. Mahalle, Bayu Anggorojati, Neeli R. Prasad, and Ramjee Prasad. 2013. Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things. J. of Cyber Security and Mobility 1, 4 (2013), 309--348.

[13]

Sanaz R. Moosavi et al. 2015. SEA: A Secure and Efficient Authentication and Authorization Architecture for IoT-Based Healthcare Using Smart Gateways. Procedia Computer Science 52 (Jan. 2015), 452--459.

Digital Library

[14]

Ian Morris. 2017. Google's Latest Failure Shows How Immature Its Hardware Is. Forbes (Feb. 2017). http://www.forbes.com/sites/ianmorris/2017/02/24/googles-latest-failure-shows-how-immature-its-hardware-is/

[15]

Antonio L. Maia Neto et al. 2016. AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle. In Proc. of the 14th ACM Conf. on Embedded Network Sensor Syst. CD-ROM (SenSys '16). ACM, New York, NY, USA, 1--15.

[16]

Luís M. L. Oliveira, Joel J. P. C. Rodrigues, Amaro F. de Sousa, and Jaime Lloret. 2013. Denial of service mitigation approach for IPv6-enabled smart object networks. Concurrency & Coput: Practice & Experience 25, 1 (Jan. 2013), 129--142.

Digital Library

[17]

Edewede Oriwoh and Paul Sant. 2013. The Forensics Edge Management System: A Concept and Design. In IEEE 10th Int. Conf. on Ubiquitous Intelligence and Comput. and IEEE 10th Int. Conf. on Autonomic and Trusted Comput. 544--550.

Digital Library

[18]

Yin M. P. Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow. 2016. IoTPOT: A Novel Honeypot for Revealing Current IoT Threats. J. of Inform. Process. 24, 3 (May 2016), 522--533.

[19]

George F. Riley and Thomas R. Henderson. 2010. The ns-3 Network Simulator. In Modeling and Tools for Network Simulation, Klaus Wehrle, Mesut GÃijneÅ§, and James Gross (Eds.). Springer Berlin Heidelberg, 15--34.

[20]

Na Ruan and Yoshiaki Hori. 2012. DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of Things. In 2012 International Conference on Selected Topics in Mobile and Wireless Networking. 60--65.

[21]

Weisong Shi and Schahram Dustdar. 2016. The Promise of Edge Computing. Computer 49, 5 (May 2016), 78--81.

Digital Library

[22]

John Soldatos et al. 2015. OpenIoT: Open Source Internet-of-Things in the Cloud. In Interoperability and Open-Source Solutions for the IoT. Springer, 13--25.

[23]

Krushang Sonar and Hardik Upadhyay. 2016. An Approach to Secure Internet of Things Against DDoS. In Proceedings of International Conference on ICT for Sustainable Development. Springer, Singapore, 367--376.

[24]

Mališa Vučinić, Bernard Tourancheau, Franck Rousseau, Andrzej Duda, Laurent Damon, and Roberto Guizzetti. 2015. OSCAR: Object security architecture for the Internet of Things. Ad Hoc Networks 32 (Sept. 2015), 3--16.

Digital Library

[25]

Kun Wang, Miao Du, Yanfei Sun, Alexey Vinel, and Yan Zhang. 2016. Attack Detection and Distributed Forensics in Machine-to-Machine Networks. IEEE Network 30, 6 (Nov. 2016), 49--55.

Digital Library

[26]

Saman Taghavi Zargar, James Joshi, and David Tipper. 2013. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys Tutorials 15, 4 (2013), 2046--2069.

[27]

Congyingzi Zhang and Robert Green. 2015. Communication Security in Internet of Thing: Preventive Measure and Avoid DDoS Attack over IoT Network. In Proceedings of the 18th Symposium on Communications & Networking (CNS '15). Society for Computer Simulation International, San Diego, CA, USA, 8--15.

Digital Library

Cited By

Kim DKim HEskicioglu RHuang PPatwari N(2023)Poster Abstract: Securing Edge-Based Real-Time IoT SystemsProceedings of the 21st ACM Conference on Embedded Networked Sensor Systems10.1145/3625687.3628408(544-545)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3625687.3628408
Oussane SBenkaouha HDjouama A(2023)Fault Tolerance in The IoT: A Taxonomy Based on Techniques2023 Third International Conference on Theoretical and Applicative Aspects of Computer Science (ICTAACS)10.1109/ICTAACS60400.2023.10449571(1-8)Online publication date: 5-Dec-2023
https://doi.org/10.1109/ICTAACS60400.2023.10449571
Abadeh MMirzaie M(2022)Resiliency-aware analysis of complex IoT process chainsComputer Communications10.1016/j.comcom.2022.06.007192:C(245-255)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.comcom.2022.06.007
Show More Cited By

Index Terms

An Architectural Mechanism for Resilient IoT Services
1. Computer systems organization
  1. Dependable and fault-tolerant systems and networks
    1. Availability
    2. Fault-tolerant network topologies
2. Security and privacy
  1. Network security
    1. Denial-of-service attacks
  2. Security services
    1. Authentication
    2. Authorization

Recommendations

A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things
IoTDI '17: Proceedings of the Second International Conference on Internet-of-Things Design and Implementation

The challenges posed by the Internet of Things (IoT) render existing security measures ineffective against emerging networks and devices. These challenges include heterogeneity, operation in open environments, and scalability. In this paper, we propose ...
Enhancing Secure Access and Authorization in Healthcare IoT through an Innovative Framework: Integrating OAuth, DIDs, and VCs
ICISS '23: Proceedings of the 2023 6th International Conference on Information Science and Systems

Protecting patient information's confidentiality is paramount considering the widespread use of Internet of Things (IoT) gadgets in medical settings. This study's subjects are decentralized identifiers (DIDs) and verifiable credentials (VCs) in ...
A Survey on Security in Data Transmission in IoT: Layered Architecture
Internet of Things – ICIOT 2023
Abstract
The Internet of Things (IoT) is the communications technology where, physical objects, which are basically not designed for connection, will be able to connect, create, receive and exchange collected data permanently and transparently. Many IoT ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SafeThings'17: Proceedings of the 1st ACM Workshop on the Internet of Safe Things

November 2017

75 pages

ISBN:9781450355452

DOI:10.1145/3137003

Editor:
Rasit Eskicioglu
University of Manitoba, Canada

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 November 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Conference

SenSys '17

Sponsor:

SenSys '17: The 15th ACM Conference on Embedded Network Sensor Systems

November 5, 2017

Delft, Netherlands

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
593
Total Downloads

Downloads (Last 12 months)95
Downloads (Last 6 weeks)9

Reflects downloads up to 23 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kim DKim HEskicioglu RHuang PPatwari N(2023)Poster Abstract: Securing Edge-Based Real-Time IoT SystemsProceedings of the 21st ACM Conference on Embedded Networked Sensor Systems10.1145/3625687.3628408(544-545)Online publication date: 12-Nov-2023
https://dl.acm.org/doi/10.1145/3625687.3628408
Oussane SBenkaouha HDjouama A(2023)Fault Tolerance in The IoT: A Taxonomy Based on Techniques2023 Third International Conference on Theoretical and Applicative Aspects of Computer Science (ICTAACS)10.1109/ICTAACS60400.2023.10449571(1-8)Online publication date: 5-Dec-2023
https://doi.org/10.1109/ICTAACS60400.2023.10449571
Abadeh MMirzaie M(2022)Resiliency-aware analysis of complex IoT process chainsComputer Communications10.1016/j.comcom.2022.06.007192:C(245-255)Online publication date: 1-Aug-2022
https://dl.acm.org/doi/10.1016/j.comcom.2022.06.007
Berger CEichhammer PReiser HDomaschka JHauck FHabiger G(2021)A Survey on Resilience in the IoTACM Computing Surveys10.1145/346251354:7(1-39)Online publication date: 17-Sep-2021
https://dl.acm.org/doi/10.1145/3462513
Badhib AAlshehri SCherif A(2021)A Robust Device-to-Device Continuous Authentication Protocol for the Internet of ThingsIEEE Access10.1109/ACCESS.2021.31107079(124768-124792)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3110707
Maati BSaidouni D(2020)CIoTAS protocol: CloudIoT available services protocol through autonomic computing against distributed denial of services attacksJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02556-014:11(15175-15204)Online publication date: 4-Oct-2020
https://doi.org/10.1007/s12652-020-02556-0
Tedeschi SEmmanouilidis CMehnen JRoy R(2019)A Design Approach to IoT Endpoint Security for Production Machinery MonitoringSensors10.3390/s1910235519:10(2355)Online publication date: 22-May-2019
https://doi.org/10.3390/s19102355
Kim HLee EDustdar S(2019)Creating a Resilient IoT With Edge ComputingComputer10.1109/MC.2018.288876852:8(43-53)Online publication date: Aug-2019
https://doi.org/10.1109/MC.2018.2888768
Lohstroh MKim HEidson JJerad COsyk BLee E(2019)On Enabling Technologies for the Internet of Important ThingsIEEE Access10.1109/ACCESS.2019.2901509(1-1)Online publication date: 2019
https://doi.org/10.1109/ACCESS.2019.2901509

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents