research-article

Open access

Security Architecture in the SILVANUS project

Authors:

Natan Orzechowski,

Przemysław Szary,

Krzysztof Cabaj,

Wojciech Mazurczyk,

Helen C. Leligou,

Marcin Przybyszewski,

Michał ChoraśAuthors Info & Claims

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

Article No.: 49, Pages 1 - 9

https://doi.org/10.1145/3600160.3605082

Published: 29 August 2023 Publication History

All formats PDF

Abstract

SILVANUS is a new EU-funded project whose main objectives are to address the causes of wildfires in Europe. To achieve this aim, a dedicated platform for environmentally sustainable and climate-resilient forest management has been developed with the help of many state-of-the-art, modern technologies. One of the major challenges to solve when building such a heterogeneous, multi-component, multipurpose platform is to provide the necessary security architecture. It should ensure that only trusted users and devices (e.g., sensors, drones, UGVs, etc.) would be allowed to use it, and attackers or other third parties would not jeopardize its communication and assets. In this paper, we outline the main design principles, solutions, and mechanisms we have considered when building the security architecture for the SILVANUS platform. Moreover, we present the current state of development of this platform and the main challenges we have been facing.

References

[1]

Despina Anastasopoulos, Nelly Leligou, Fanis Orphanoudakis, and Sofia Tsekeridou. 2023. D8.1 - Report on SILVANUS reference architecture. 1–111.

[2]

Kenneth Li Minn Ang, Jasmine Kah Phooi Seng, and Ericmoore Ngharamike. 2022. Towards Crowdsourcing Internet of Things (Crowd-IoT): Architectures, Security and Applications. Future Internet 14, 2 (2022). https://doi.org/10.3390/fi14020049

[3]

Apache. 2023. Apache Airavata documentation. https://docs.airavata.org/en/master/. [Online; accessed 18-May-2023].

[4]

Auth0. 2023. Auth0. https://auth0.com. [Online; accessed 29-May-2023].

[5]

AWS. 2022. AWS Security Documentation. https://docs.aws.amazon.com/security/. [Online; accessed 24-May-2023].

[6]

AWS. 2023. AWS IAM. https://aws.amazon.com/iam/. [Online; accessed 31-May-2023].

[7]

AWS. 2023. AWS IoT Core Documentation. https://docs.aws.amazon.com/iot/index.html. [Online; accessed 29-May-2023].

[8]

AWS. 2023. What is MFA. https://aws.amazon.com/what-is/mfa/. [Online; accessed 29-May-2023].

[9]

Azure. 2023. Azure AD. https://azure.microsoft.com/pl-pl/products/active-directory. [Online; accessed 31-May-2023].

[10]

Bitnami. 2023. Bitnami keycloak chart documentation. https://github.com/bitnami/charts/tree/main/bitnami/keycloak/. [Online; accessed 18-May-2023].

[11]

Bitnami. 2023. Keycloak packaged by Bitnami. https://bitnami.com/stack/keycloak/helm. [Online; accessed 13-May-2023].

[12]

Anders Bruun, Kenneth Jensen, and Dianna Kristensen. 2014. Usability of Single- and Multi-factor Authentication Methods on Tabletops: A Comparative Study. In Human-Centered Software Engineering, Stefan Sauer, Cristian Bogdan, Peter Forbrig, Regina Bernhaupt, and Marco Winckler (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 299–306.

[13]

Christopher M Buechler and Jim Pingle. 2009. pfsense: The definitive guide. Reed Media Services (2009).

[14]

Ayan Chatterjee and Andreas Prinz. 2022. Applying Spring Security Framework with KeyCloak-Based OAuth2 to Protect Microservice Architecture APIs: A Case Study. Sensors 22, 5 (2022). https://doi.org/10.3390/s22051703

[15]

Marcus A Christie, Anuj Bhandar, Supun Nakandala, Suresh Marru, Eroma Abeysinghe, Sudhakar Pamidighantam, and Marlon E Pierce. 2017. Using keycloak for gateway authentication and authorization. (2017).

[16]

Eric F Crist and Jan Just Keijser. 2015. Mastering OpenVPN. Packt Publishing Ltd.

[17]

Docker. 2023. Docker Documentation. https://docs.docker.com. [Online; accessed 29-May-2023].

[18]

Kubernetes Documentation. 2023. Auditing. https://kubernetes.io/docs/tasks/debug/debug-cluster/audit/. [Online; accessed 29-May-2023].

[19]

Kubernetes Documentation. 2023. Network Policies. https://kubernetes.io/docs/concepts/services-networking/network-policies/. [Online; accessed 29-May-2023].

[20]

Kubernetes Documentation. 2023. Persistent Volumes. https://kubernetes.io/docs/concepts/storage/persistent-volumes/. [Online; accessed 29-May-2023].

[21]

Kubernetes Documentation. 2023. RBAC (Role-Based Access Control). https://kubernetes.io/docs/reference/access-authn-authz/rbac/. [Online; accessed 29-May-2023].

[22]

Kubernetes Documentation. 2023. Secrets. https://kubernetes.io/docs/concepts/configuration/secret/. [Online; accessed 29-May-2023].

[23]

Kubernetes Documentation. 2023. Security Context. https://kubernetes.io/docs/tasks/configure-pod-container/security-context/. [Online; accessed 29-May-2023].

[24]

Kubernetes Documentation. 2023. The Kubernetes API. https://kubernetes.io/docs/concepts/overview/kubernetes-api/. [Online; accessed 29-May-2023].

[25]

FluxCD. 2023. FluxCD Documentation. https://fluxcd.io/flux/. [Online; accessed 29-May-2023].

[26]

OpenID Connect Foundation. 2023. OIDC Documentation. https://openid.net/connect/. [Online; accessed 29-May-2023].

[27]

GitHub. 2023. GitHub Actions Documentation. https://docs.github.com/en/actions. [Online; accessed 22-May-2023].

[28]

Google. 2019. Google Authenticator Documentation. https://github.com/google/google-authenticator/wiki. [Online; accessed 24-May-2023].

[29]

Red Hat. 2023. Keycloak. https://www.keycloak.org. [Online; accessed 31-May-2023].

[30]

Red Hat. 2023. Keycloak documentation: configuring database. https://www.keycloak.org/server/db. [Online; accessed 18-May-2023].

[31]

Hetzner. 2023. Hetzner Container Storage Interface driver. https://github.com/hetznercloud/csi-driver. [Online; accessed 29-May-2023].

[32]

Hetzner. 2023. Hetzner DDoS Protection. https://www.hetzner.com/unternehmen/ddos-schutz. [Online; accessed 29-May-2023].

[33]

Hetzner. 2023. Hetzner Load Balancer. https://docs.hetzner.com/cloud/load-balancers/overview. [Online; accessed 29-May-2023].

[34]

IBM. 2023. HTTP Basic Authentication. https://www.ibm.com/docs/en/cics-ts/5.4?topic=concepts-http-basic-authentication. [Online; accessed 29-May-2023].

[35]

Ping Identity. 2023. Ping Identity. https://www.pingidentity.com/en.html. [Online; accessed 31-May-2023].

[36]

jwt.io. 2023. JWT Introduction. https://jwt.io/introduction. [Online; accessed 29-May-2023].

[37]

Keycloak. 2023. Keycloak Authorization Services. https://www.keycloak.org/docs/latest/authorization_services/index.html. [Online; accessed 29-May-2023].

[38]

Thomas Kothmayr, Corinna Schmitt, Wen Hu, Michael Brünig, and Georg Carle. 2013. DTLS based security and two-way authentication for the Internet of Things. Ad Hoc Networks 11, 8 (2013), 2710–2723. https://doi.org/10.1016/j.adhoc.2013.05.003

Digital Library

[39]

Supun Nakandala, Hasini Gunasinghe, Suresh Marru, and Marlon Pierce. 2016. Apache Airavata security manager: Authentication and authorization implementations for a multi-tenant escience framework. In 2016 IEEE 12th International Conference on e-Science (e-Science). 287–292. https://doi.org/10.1109/eScience.2016.7870911

[40]

Massachusetts Institute of Technology. 2022. Kerberos documentation. https://web.mit.edu/kerberos/krb5-latest/doc/. [Online; accessed 24-May-2023].

[41]

Okta. [n.d.]. What is token based authentication. https://www.okta.com/identity-101/what-is-token-based-authentication/, year = 2023, note = "[Online; accessed 29-May-2023]".

[42]

Okta. 2023. Okta. https://www.okta.com. [Online; accessed 31-May-2023].

[43]

Aleksandr Ometov, Sergey Bezzateev, Niko Mäkitalo, Sergey Andreev, Tommi Mikkonen, and Yevgeni Koucheryavy. 2018. Multi-Factor Authentication: A Survey. Cryptography 2, 1 (2018). https://doi.org/10.3390/cryptography2010001

[44]

Rolf Oppliger. 2016. SSL and TLS: Theory and Practice. Artech House.

[45]

OWASP. 2023. OWASP Top 10 Web Application Security Risks. https://owasp.org/Top10/A01_2021-Broken_Access_Control/. [Online; accessed 31-May-2023].

[46]

Ilung Pranata, Rukshan Athauda, and Geoff Skinner. 2012. Securing and Governing Access in Ad-Hoc Networks of Internet of Things. (12 2012). https://doi.org/10.2316/P.2012.785-070

[47]

Karol Rzepka, Przemysław Szary, Krzysztof Cabaj, and Wojciech Mazurczyk. 2022. Performance Evaluation of DTLS Implementations on RIOT OS for Internet of Things Applications. In Proceedings of the 17th International Conference on Availability, Reliability and Security (Vienna, Austria) (ARES ’22). Association for Computing Machinery, New York, NY, USA, Article 64, 9 pages. https://doi.org/10.1145/3538969.3544470

Digital Library

[48]

Stian Thorgersen and Pedro Igor Silva. 2021. Keycloak - Identity and Access Management for Modern Applications: Harness the Power of Keycloak, OpenID Connect, and OAuth 2.0 Protocols to Secure Applications. Packt, Birmingham.

[49]

Yubico. 2023. What is certificate based authentication. https://www.yubico.com/resources/glossary/what-is-certificate-based-authentication/. [Online; accessed 29-May-2023].

Cited By

Rajba POrzechowski NRzepka KSzary PNastaj DCabaj K(2024)Identity and Access Management Architecture in the SILVANUS ProjectProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670935(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670935

Index Terms

Security Architecture in the SILVANUS project
1. Security and privacy
  1. Network security
    1. Web protocol security
  2. Software and application security
    1. Web application security

Recommendations

Identity and Access Management Architecture in the SILVANUS Project
ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security

SILVANUS is a scientific collaboration EU-funded project with the goal to mitigate the growing impact of wildfires caused by global climate change by implementing a comprehensive global fire prevention strategy. Due to the significant complexity and ...
Security Architecture of Computer Communication System Based on Internet of Things
ICASIT 2020: Proceedings of the 2020 International Conference on Aviation Safety and Information Technology

In large-scale service collaboration environment, security and privacy protection are the main factors affecting the development of IoT service applications. The security and privacy requirements of IoT services mainly focus on three aspects: secure ...
Understanding security architecture
SpringSim '08: Proceedings of the 2008 Spring simulation multiconference

This paper is an attempt to explain and understand what security architecture means and represents. A starting point was to include all elements of security architecture such as: network, host-based, applications, information, software, hardware, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security

August 2023

1440 pages

ISBN:9798400707728

DOI:10.1145/3600160

Copyright © 2023 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 August 2023

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES 2023

ARES 2023: The 18th International Conference on Availability, Reliability and Security

August 29 - September 1, 2023

Benevento, Italy

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
213
Total Downloads

Downloads (Last 12 months)210
Downloads (Last 6 weeks)23

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Rajba POrzechowski NRzepka KSzary PNastaj DCabaj K(2024)Identity and Access Management Architecture in the SILVANUS ProjectProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3670935(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3670935

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents