A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things

Kim, Hokeun; Kang, Eunsuk; Lee, Edward A.; Broman, David

doi:10.1145/3054977.3054980

Cited by 30 publications

(20 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, the attacker seeks to disrupt the availability of IoT devices connected to a gateway (e.g., an Auth) by carrying out various DoS attacks on it, such as flooding or distributed denial-of-service (DDoS) attacks. In our model, we primarily focus on DoS attacks and failures, instead of confidentiality or integrity attacks (addressed by our prior work on SST [Kim et al 2017b]).…”

Section: Threat Modelmentioning

confidence: 99%

“…In SST, each Auth has database tables to store authorization information of entities and trust relationships among Auths. As introduced in the SST paper [Kim et al 2017b], the four main database tables maintained by each Auth are Registered Entity Table, Communication Policy Table, Trusted Auth Table, and Cached Session Key Table. • Registered Entity Table stores Table, then the necessary communication policies should be backed up as well.…”

Section: Auth Databasementioning

confidence: 99%

“…These four components are sent as an AUTH_BACKUP_REQUEST message. In the example, A 1 sends AUTH_BACKUP_REQUEST to A 3 with a migration cert, entity public Kim et al [2017b]. Each lock icon means that the message is encrypted and authenticated by a distribution key.…”

Section: Auth Backup Protocolmentioning

confidence: 99%

“…Previously, we proposed an authentication and authorization infrastructure of the IoT called the Secure Swarm Toolkit (SST) [Kim et al 2017b]. The key distinguishing feature of SST is a locally centralized, globally distributed architecture [Kim and Lee 2017]: It consists of a set of local authorization entities called Auths [Kim et al 2016], each of which is deployed on edge computers.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing

Kim

Kang

Broman

et al. 2020

ACM Trans. Internet Things

Self Cite

View full text Add to dashboard Cite

An emerging type of network architecture called edge computing has the potential to improve the availability and resilience of IoT services under anomalous situations such as network failures or denial-of-service (DoS) attacks. However, relatively little has been explored on the problem of ensuring availability even when edge computers that provide key security services (e.g., authentication and authorization) become unavailable themselves. This article proposes a resilient authentication and authorization framework to enhance the availability of IoT services under DoS attacks or failures. The proposed approach leverages a technique called secure migration, which allows an IoT device to migrate to another trusted edge computer when its own local authorization service becomes unavailable. Specifically, we describe the design of a secure migration framework and its supporting mechanisms, including (1) automated migration policy construction and (2) protocols for preparing and executing the secure migration. We formalize secure migration policy construction as an integer linear programming (ILP) problem and show its effectiveness using a case study on smart buildings, where the proposed solution achieves significantly higher availability under simulated attacks on authorization services.

show abstract

Section: Threat Modelmentioning

confidence: 99%

Section: Auth Databasementioning

confidence: 99%

Section: Auth Backup Protocolmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing

Kim

Kang

Broman

et al. 2020

ACM Trans. Internet Things

Self Cite

View full text Add to dashboard Cite

show abstract

“…Previously, we proposed an authorization infrastructure of the IoT called Secure Swarm Toolkit (SST) [8]. SST leverages a network architecture with special edge computers called Auths, which provide authorization services to local IoT devices.…”

Section: Introductionmentioning

confidence: 99%

An Architectural Mechanism for Resilient IoT Services

Kim

Kang

Broman

et al. 2017

Proceedings of the 1st ACM Workshop on the Internet of Safe Things

Self Cite

View full text Add to dashboard Cite

Availability of authentication and authorization services is critical for the safety of the Internet of Things (IoT). By leveraging an emerging network architecture based on edge computers, IoT's availability can be protected even under situations such as network failures or denial-of-service (DoS) attacks. However, little has been explored for the issue of sustaining availability even when edge computers fail. In this paper, we propose an architectural mechanism for enhancing the availability of the authorization infrastructure for the IoT. The proposed approach leverages a technique called secure migration, which allows IoT devices to migrate to other local authorization entities served in trusted edge computers when their authorization entity becomes unavailable. Specifically, we point out necessary considerations for planning secure migration and present automated migration policy construction and protocols for preparing and executing the migration. The effectiveness of our approach is illustrated using a concrete application of smart buildings and network simulation, where our proposed solution achieves significantly higher availability in case of failures in some of the authorization entities. CCS CONCEPTS • Computer systems organization → Availability; Fault-tolerant network topologies; • Security and privacy → Authentication; Authorization; Denial-of-service attacks;

show abstract

Quality of service in IoT protocol as designs and its verification in PVS

Nawaz

Sun

Shahzad

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

Reliable data transmission during communication in Internet of things (IoT)–based systems has gained much interest in last few years due to the current growth and huge investment in such systems. Message Queue Telemetry Transport (MQTT) is an open publish/subscribe–based messaging protocol that is widely used for device communication in IoT. For data transmission between devices, different levels of quality of service (QoS) are used in MQTT. In this paper, we provide a formal model for MQTT protocol under the Unifying Theories of Programming (UTP) semantic framework, where QoS levels in MQTT are modeled as designs in UTP. Refinement and equivalence relations between QoS levels can be established naturally via implication between predicates. Moreover, Prototype Verification System (PVS) is used to encode the UTP design models and some important properties as well as the refinement relation between QoS levels is proved with the PVS proof assistant.

show abstract

A Toolkit for Construction of Authorization Service Infrastructure for the Internet of Things

Cited by 30 publications

References 29 publications

Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing

Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing

An Architectural Mechanism for Resilient IoT Services

Quality of service in IoT protocol as designs and its verification in PVS

Contact Info

Product

Resources

About