Open authorization (OAuth) is an open protocol, which allows secure authorization in a simple and standardized way from third-party applications accessing online services, based on the representational state transfer (REST) web architecture. OAuth has been designed to provide an authorization layer, typically on top of a secure transport layer such as HTTPS. The Internet of Things (IoTs) refers to the interconnection of billions of resource-constrained devices, denoted as smart objects, in an Internet-like structure. Smart objects have limited processing/memory capabilities and operate in challenging environments, such as low-power and lossy networks. IP has been foreseen as the standard communication protocol for smart object interoperability. The Internet engineering task force constrainedRESTful environments working group has defined the constrained application protocol (CoAP) as a generic web protocol for RESTful-constrained environments, targeting machine-tomachine applications, which maps to HTTP for integration with the existing web. In this paper, we propose an architecture targeting HTTP/CoAP services to provide an authorization framework, which can be integrated by invoking an external oauth-based authorization service (OAS). The overall architecture is denoted as IoT-OAS. We also present an overview of significant IoT application scenarios. The IoT-OAS architecture is meant to be flexible, highly configurable, and easy to integrate with existing services. Among the advantages achieved by delegating the authorization functionality, IoT scenarios benefit by: 1) lower processing load with respect to solutions, where access control is implemented on the smart object; 2) fine-grained (remote) customization of access policies; and 3) scalability, without the need to operate directly on the device.
In this paper, we propose IoTChain, a combination of the OSCAR architecture [1] and the ACE authorization framework [2] to provide an E2E solution for the secure authorized access to IoT resources. IoTChain consists of two components, an authorization blockchain based on the ACE framework and the OSCAR object security model, extended with a group key scheme. The blockchain provides a flexible and trustless way to handle authorization while OSCAR uses the public ledger to set up multicast groups for authorized clients. To evaluate the feasibility of our architecture, we have implemented the authorization blockchain on top of a private Ethereum network. We report on several experiments that assess the performance of different architecture components.
Traffic Engineering (TE) in IP carrier networks is one of the functions that can benefit from the Software Defined Networking paradigm. By logically centralizing the control of the network, it is possible to "program" per-flow routing based on TE goals. Traditional per-flow routing requires a direct interaction between the SDN controller and each node that is involved in the traffic paths. Depending on the granularity and on the temporal properties of the flows, this can lead to scalability issues for the amount of routing state that needs to be maintained in core network nodes and for the required configuration traffic. On the other hand, Segment Routing (SR) is an emerging approach to routing that may simplify the route enforcement delegating all the configuration and per-flow state at the border of the network. In this work we propose an architecture that integrates the SDN paradigm with SR-based TE, for which we have provided an open source reference implementation. We have designed and implemented a simple TE/SR heuristic for flow allocation and we show and discuss experimental results.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.