The term “Internet-of-Things” is used as an umbrella keyword for covering various aspects related to the extension of the Internet and the Web into the physical realm, by means of the widespread ...deployment of spatially distributed devices with embedded identification, sensing and/or actuation capabilities. Internet-of-Things envisions a future in which digital and physical entities can be linked, by means of appropriate information and communication technologies, to enable a whole new class of applications and services. In this article, we present a survey of technologies, applications and research challenges for Internet-of-Things.
Regulating the access to the Internet of Things (IoT) network’s resources is a complex-prone task, which requires to pay a great attention on how policies are defined, shared, and enforced. The ...present paper considers the specific context of a smart home, which represents one of the main IoT application domains, and it focuses on two solutions proposed in the literature to cope with the aforementioned issues. On the one side, approaches based on attribute-based encryption (ABE) allow one to encrypt data for multiple recipients, in such a way that only those recipients whose attributes satisfy a given access policy can decrypt afterward. ABE guarantees a high level of customization due to the variety of attributes which can be defined, and it is also flexible enough to be adapted to different kinds of scenarios. On the other side, approaches based on sticky policies allow to attach an access policy directly to the data itself, and to employ a trusted authority to evaluate and enforce the policy itself. Sticky policies also guarantee a highly distributed and customizable enforcement of access control rules. In this paper, we compare the advantages and the drawbacks in terms of performance and robustness of such two techniques by means of their integration within the prototype of an IoT middleware, named networked smart object. Hence, the effectiveness of the presented solutions is validated by means of a real test-bed in the smart home scenario, in terms of storage occupancy, CPU load, and data retrieval delay. The final goal is to reveal the best approach to be used depending on the application’s requirements.
Now reaching 2020, the world is witnessing the initial diffusion of 5G networks, which promise to revolutionize the mobile wireless communications, providing faster services, very low delays, and a ...very pervasive connectivity via mobile devices. It is worth to remark that the main paradigm which will take advantage from 5G is really the Internet of Things (IoT). However, the spreading of 5G technology also generates important concerns in terms of security and privacy, due to the continuous and wireless connection to the network, which hinders the reliability of the involved devices. This paper deeply analyzed the current state of the art about the existing security and privacy solutions tailored to 5G. More in detail, the following requirements are discussed: data integrity, confidentiality, authentication, access control, non-repudiation, trust, privacy, identity management, key management, policy enforcement, and intrusion detection. Furthermore, the paper aims to shed the light on future research directions towards the realization of secure and privacy aware 5G systems. To this end, the role of emerging paradigms, such as IoT, fog computing, and blockchain is investigated.
The incremental diffusion of the Internet of Things (IoT) technologies and applications represents the outcome of a world ever more connected by means of heterogeneous and mobile devices. IoT ...scenarios imply the presence of multiple data producers (e.g., sensors, actuators, RFID, NFC) and consumers (e.g., end-user devices, such as smartphones, tablets, and PCs). A variety of standards and protocols must cooperate to efficiently gather, process, and share the information. The fog computing paradigm, due to its distributed nature, represents a viable solution to cope with interoperability, scalability, security, and privacy issues, which naturally emerge, since it operates as an intermediate layer between data consumers/producers and traditional cloud systems. This paper analyzes the evolution in the modeling of new methodologies, related to fog computing and IoT, showing how moving security and privacy tasks toward the edge of the network provide both advantages and new challenges to be faced in this research field. The proposed discussion provides an overview of requirements for the realization of secure and privacy-aware IoT-based fog computing infrastructures.
The Internet of Things (IoT) paradigm is characterized by the adoption of different protocols and standards to enable communications among heterogeneous and, often, resource-constrained devices. The ...risk of violation is high due to the wireless nature of the communication protocols usually involved in the IoT environments (e.g., e-health, smart agriculture, industry 4.0, military scenarios). For such a reason, proper security countermeasures must be undertaken, in order to prevent and react to malicious attacks, which could hinder the data reliability. In particular, the following requirements should be addressed: authentication, confidentiality, integrity, and authorization. This paper aims at investigating such security features, which are often combined with native functionalities, in the most known IoT-related protocols: MQTT, CoAP, LoRaWAN, AMQP, RFID, ZigBee, and Sigfox. The advantages and weaknesses of each one will be revealed, in order to point out open issues and best practices in the design of efficient and robust IoT network infrastructure.
Organizing the storing of information and data retrieval from databases is a crucial issue, which has become more critical with the spreading of cloud and Internet of Things (IoT) based applications. ...In fact, not only the network’s traffic has increased, but also the amount of memory and the mechanisms needed to manage the so-called Big Data efficiently. Relational databases, based on SQL, are giving way to the NoSQL ones due to their efficiency in managing the heterogeneous information gathered from IoT environments. Such data can be stored, in a distributed manner, within the IoT network’s devices or in the cloud. Hence, security and privacy concerns naturally emerge regarding access control, authentication, and authorization requirements. This paper analyzes the current state of the art of security and privacy solutions tailored to NoSQL databases, particularly Redis, Cassandra, MongoDB, and Neo4j stores. The paper also aims to shed light on current challenges and future research directions in the field databases’ security in the IoT scenario.
Denial of Service (DoS) attack represents until now a relevant problem in Internet-based contexts. In fact, it is both difficult to recognize and to counteract. Along with the adoption and diffusion ...of Internet of Things (IoT) applications, such an issue has become more urgent to solve, due to the presence of heterogeneous data sources and to the wireless nature of most communications. A DoS attack is even more serious if not only the data sources are under attack, but also the IoT platform itself, which is in charge of acquiring data from multiple data sources and, after data processing, provide useful services to the interested users. In this paper, we present a solution, named REATO, for actively and dynamically detecting and facing DoS attacks within a running IoT middleware. A real prototype has been realized in order to validate the proposed method, by assessing different relevant parameters.
Sticky Policies: A Survey Miorandi, Daniele; Rizzardi, Alessandra; Sicari, Sabrina ...
IEEE transactions on knowledge and data engineering,
2020-Dec.-1, 2020-12-1, Volume:
32, Issue:
12
Journal Article
Peer reviewed
In the digital age, where the Internet connects things across the globe and individuals are constantly online, data security and privacy are becoming key drivers (and barriers) of change for adoption ...of innovative solutions. Traditional approaches, whereby communication links are secured by means of encryption, and access control is run in a static way by a centralized authority, are showing their limits when applied to massive-scale, interconnected and distributed systems. Regulations, while still fragmented, are moving to adapt to changes in technology and society, with the aim to protect confidential information by governments, businesses, and individual citizens. In this landscape, proper mechanisms should be defined to allow a strict control over the data life-cycle and to guarantee the privacy and the application of specific regulations on personal information's disclosure, usage and access. Sticky policies represent one approach to improve owners' control over their data. In such an approach, machine-readable policies are attached to data. They are called 'sticky' in that they travel together with data, as data travels across multiple administrative domains. In this article we survey the state-of-the-art in sticky policies, discussing limitations, open issues, applications and research challenges, with a specific focus on their applicability to Internet of Things, cloud computing, and Content Centric Networking.
The arising of the Internet of Things (IoT) is enabling new service provisioning paradigms, able to leverage heterogeneous devices and communication technologies. Efficient and secure communication ...mechanisms represent a key enabler for the wider adoption and diffusion of IoT systems. One of the most widely employed protocols in IoT and machine-to-machine communications is the Message Queue Telemetry Transport (MQTT), a lightweight publish/subscribe messaging protocol designed for working with constrained devices. In MQTT messages are assigned to a specific topic to which users can subscribe. MQTT presents limited security support. In this paper we present a secure publish/subscribe system extending MQTT by means of a key management framework and a policy enforcement one. In this way the flow of information in MQTT-powered IoT systems can be flexibly controlled by means of flexible policies. The solution presented is released as open source under Apache v.2 license.
•A new secure MQTT mechanism named AUPS(AUthenticated Publish&Subscribe) is defined.•AUPS is integrated in a flexible and cross-domain IoT architecture.•AUPS is further integrated with a policy enforcement mechanism.•AUPS is openly released under Apachev.2 license.•A key management system is defined in order to guarantee a good level of security.