Paul Fremantle scite author profile

We examine the use of Federated Identity and Access Management (FIAM) approaches for the Internet of Things (IoT). We look at specific challenges that devices, sensors and actuators have, and look for approaches to address them. OAuth is a widely deployed protocol -built on top of HTTP -for applying FIAM to Web systems. We explore the use of OAuth for IoT systems that instead use the lightweight MQTT 3.1 protocol. In order to evaluate this area, we built a prototype that uses OAuth 2.0 to enable access control to information distributed via MQTT. We evaluate the results of this prototyping activity, and assess the strengths and weaknesses of this approach, and the benefits of using the FIAM approaches with IoT and Machine to Machine (M2M) scenarios. Finally we outline areas for further research.

show abstract

A Detailed Analysis of IoT Platform Architectures: Concepts, Similarities, and Differences

Guth

Breitenbücher

Falkenthal

et al. 2017

113

View full text Add to dashboard Cite

Multi-tenant SOA Middleware for Cloud Computing

Azeez¹,

Perera²,

Gamage³

et al. 2010

View full text Add to dashboard Cite

Enterprise services

Fremantle¹,

2002

View full text Add to dashboard Cite

show abstract

OAuthing: Privacy-enhancing federation for the Internet of Things

Fremantle

Aziz

2016

View full text Add to dashboard Cite

The Internet of Things (IoT) has significant security and privacy risks. Currently, most devices connect to a cloud service that is provided by the manufacturer of the device.We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third-parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user's data is handled by a personal cloud instance providing improved security and isolation.We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, capacity and cost metrics from the prototype. We compare this work with other related work, and outline areas for discussion and future work.

show abstract

Web API Management Meets the Internet of Things

Fremantle

Kopecký

Aziz

2015

View full text Add to dashboard Cite

In this paper we outline the challenges of Web API management in Internet of Things (IoT) projects. Web API management is a key aspect of service-oriented systems that includes the following elements: metadata publishing, access control and key management, monitoring and monetization of interactions, as well as usage control and throttling. We look at how Web API management principles, including some of the above elements, translate into a world of connected devices (IoT). In particular, we present and evaluate a prototype that addresses the issue of managing authentication with millions of insecure low-power devices communicating with non-HTTP protocols. With this first step, we are only beginning to investigate IoT API management, therefore we also discuss necessary future work.

show abstract

A security survey of middleware for the Internet of Things

Fremantle¹,

Scott²

2016

View full text Add to dashboard Cite

Cloud-based federated identity for the Internet of Things

Fremantle

Aziz

2018

Ann. Telecommun.

View full text Add to dashboard Cite

The Internet of Things (IoT) has significant security and privacy risks. Recent attacks have shown that not only are many IoT devices at risk of exploit, but those devices can be successfully used to attack wider systems and cause economic damage. Currently, most devices connect to a cloud service that is provided by the manufacturer of the device, offering no choice to move to more secure systems. We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user's data is handled by a personal cloud instance providing improved security and isolation, as well as providing a trusted intermediary for both devices and cloud services. We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, energy usage, capacity and cost metrics from the prototype. We compare this work with other related work and outline areas for discussion and future work.

show abstract

12 3 4

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Paul Fremantle

Federated Identity and Access Management for the Internet of Things

A Detailed Analysis of IoT Platform Architectures: Concepts, Similarities, and Differences

Multi-tenant SOA Middleware for Cloud Computing

Enterprise services

OAuthing: Privacy-enhancing federation for the Internet of Things

Web API Management Meets the Internet of Things

A security survey of middleware for the Internet of Things

Cloud-based federated identity for the Internet of Things

Contact Info

Product

Resources

About