The Internet of Things has emerged as one of the most promising trends today. The speed of its adoption, however, has caused certain gaps. Amongst the most critical there is the one related with the security of the systems involved. This... more
The Internet of Things has emerged as one of the most promising trends today. The speed of its adoption, however, has caused certain gaps. Amongst the most critical there is the one related with the security of the systems involved. This project addressed the security problem in a broad way but focusing on smart-home environments, where the use of devices with widely heterogeneous technologies and multiple services, generates problems with authentication and with the confidentiality of the data, if the network is compromised. To tackle these problems, state-of-theart technologies such as OAuth2 and TLS, among others, were put together, along with an architectural methodology of lightly coupled microservices. As a result, a secure and broad range IoT architecture was built, backed up and validated by a reference implementation. The division into functional layers enables both fixed and mobile devices and sensors, to get connected into the system transparently and fluently. The securi...
In this note we will explore ways to secure APIs after explosion of internet and the large amount of sensitive data and applications exist in the web today, we focus on OAuth 2.0, that is a modern standard protocol based on delegated... more
In this note we will explore ways to secure APIs after explosion of internet and the large amount of sensitive data and applications exist in the web today, we focus on OAuth 2.0, that is a modern standard protocol based on delegated authorizations, highlighting its mechanism, features, the different methods of authorizations and when and how to use them. We built an API server with OAuth integrated in, and a client application that demonstrate the most common authorization grant type, in order to simulate the data consuming case and how it affects by OAuth.
El Internet de las cosas es una de las tendencias más prometedoras en la actualidad. La rapidez de su adopción, sin embargo, ha provocado ciertas brechas críticas en la seguridad de los sistemas involucrados. Este proyecto analizó el... more
El Internet de las cosas es una de las tendencias más prometedoras en la actualidad. La rapidez de su adopción, sin embargo, ha provocado ciertas brechas críticas en la seguridad de los sistemas involucrados. Este proyecto analizó el problema de seguridad de una manera amplia, pero enfocándose en entornos de tipo hogar inteligente, donde el uso de dispositivos con tecnologías ampliamente heterogéneas genera problemas en la autenticación con múltiples servicios, y en la confidencialidad de los datos, si la red llegara a verse comprometida. Para atacar estos problemas, se juntaron tecnologías de última generación como OAuth2 y TLS, entre otras, junto a una metodología arquitectural de microservicios de acoplamiento ligero, para generar una arquitectura IoT segura y de amplio alcance, respaldada y validada por una implementación de referencia. La división en capas funcionales permite que tanto los dispositivos y sensores fijos como aquellos móviles, puedan acoplarse al sistema de manera transparente y fluida. El esquema de seguridad estructurado en tres niveles incrementales permite que cada equipo pueda integrarse al que mejor se adapte tanto a sus recursos computacionales como al tipo de información que debe entregar o consumir. Los resultados muestran la flexibilidad de la solución y la solidez del esquema de seguridad presentado.
The Internet of Things has emerged as one of the most promising trends today. The speed of its adoption, however, has caused certain gaps. Amongst the most critical there is the one related with the security of the systems involved. This... more
The Internet of Things has emerged as one of the most promising trends today. The speed of its adoption, however, has caused certain gaps. Amongst the most critical there is the one related with the security of the systems involved. This project addressed the security problem in a broad way but focusing on smart-home environments, where the use of devices with widely heterogeneous technologies and multiple services, generates problems with authentication and with the confidentiality of the data, if the network is compromised. To tackle these problems, state-of-theart technologies such as OAuth2 and TLS, among others, were put together, along with an architectural methodology of lightly coupled microservices. As a result, a secure and broad range IoT architecture was built, backed up and validated by a reference implementation. The division into functional layers enables both fixed and mobile devices and sensors, to get connected into the system transparently and fluently. The security scheme structured in three incremental levels enables a better device integration, at the level that best adapts to its computing resources and the type of information it shares. The results show the flexibility of the solution and the robustness and novelty of the security scheme presented.
The emergence of social networks and the creation of OAuth technologies have led to the creation of centralized sign-on platforms such as Facebook, Twitter or Tumblr. They allow individuals to login to a broader range of websites on the... more
The emergence of social networks and the creation of OAuth technologies have led to the creation of centralized sign-on platforms such as Facebook, Twitter or Tumblr. They allow individuals to login to a broader range of websites on the Internet using authentication methods set by these platforms.
The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu... more
The Internet of Things will scale to billions of devices in the next coming years. A secure communication framework is needed to interconnect all these objects, by taking into account their intrinsic constrained in terms of energy, cpu and memory; Several proposals relying on adapting existing well-known and standardized security solutions exist, but we believe there is still a gap for most-constrained nodes to provide fine-grained authorization and secure establishment of fresh cryptographic keys. We propose a mechanism that runs on top of the OAuth Authorization architecture and provides the bootstrapping of fresh authenticated symmetric cryptographic material between previously unknown parties using a noncebased protocol. We set up an energy measurement platform to evaluate our proposal and compare it with existing work.
