Visible to the public End to End Security and the Internet of Things 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

End to End Security and the Internet of Things



End to end security focuses on the concept of uninterrupted protection of data traveling between two communicating partners. Generally, encryption is the method of choice. For the Internet of Things (IOT), “baked in” security is a major challenge. The research cited here was presented during 2015.

S. R. Moosavi et al., “Session Resumption-Based End-to-End Security for Healthcare Internet-of-Things,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015, pp. 581-588. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.83
Abstract: In this paper, a session resumption-based end-to-end security scheme for healthcare Internet of things (IoT) is pro-posed. The proposed scheme is realized by employing certificate-based DTLS handshake between end-users and smart gateways as well as utilizing DTLS session resumption technique. Smart gateways enable the sensors to no longer need to authenticate and authorize remote end-users by handing over the necessary security context. Session resumption technique enables end-users and medical sensors to directly communicate without the need for establishing the communication from the initial handshake. Session resumption technique has an abbreviated form of DTLS handshake and neither requires certificate-related nor public-key funtionalities. This alleviates some burden of medical sensors tono longer need to perform expensive operations. The energy-performance evaluations of the proposed scheme are evaluated by developing a remote patient monitoring prototype based on healthcare IoT. The energy-performance evaluation results show that our scheme is about 97% and 10% faster than certificate-based and symmetric key-based DTLS, respectively. Also, the certificate-based DTLS consumes about 2.2X more RAM and 2.9X more ROM resources required by our scheme. While, our scheme and symmetric key-based DTLS have almost similar RAM and ROM requirements. The security analysis reveals that the proposed scheme fulfills the requirements of end-to-end security and provides higher security level than related approaches found in the literature. Thus, the presented scheme is a well-suited solution to provide end-to-end security for healthcare IoT.
Keywords: Internet of Things; health care; public key cryptography; DTLS session resumption technique; IoT; end-to-end security; energy performance evaluations; healthcare Internet-of-Things; medical sensors; public key functionalities; remote end-users; remote patient monitoring prototype; security context; session resumption technique; smart gateways; Computers; Conferences; Information technology; Ubiquitous computing (ID#: 16-11225)


S. S. Basu, S. Tripathy and A. R. Chowdhury, “Design Challenges and Security Issues in the Internet of Things,” Region 10 Symposium (TENSYMP), 2015 IEEE, Ahmedabad, 2015, pp. 90-93. doi: 10.1109/TENSYMP.2015.25
Abstract: The world is rapidly getting connected. Commonplace everyday things are providing and consuming software services exposed by other things and service providers. A mash up of such services extends the reach of the current Internet to potentially resource constrained “Things”, constituting what is being referred to as the Internet of Things (IoT). IoT is finding applications in various fields like Smart Cities, Smart Grids, Smart Transportation, e-health and e-governance. The complexity of developing IoT solutions arise from the diversity right from device capability all the way to the business requirements. In this paper we focus primarily on the security issues related to design challenges in IoT applications and present an end-to-end security framework.
Keywords: Internet; Internet of Things; security of data; Internet of Things; IoT; e-governance; e-health; end-to-end security framework; service providers; smart cities; smart grids; smart transportation; software services; Computer crime; Encryption; Internet of things; Peer-to-peer computing; Protocols; End-to-end (E2E) security; Internet of Things (IoT); Resource constrained devices; Security
(ID#: 16-11226)


D. Bonino et al., “ALMANAC: Internet of Things for Smart Cities,” Future Internet of Things and Cloud (FiCloud), 2015 3rd International Conference on, Rome, 2015, pp. 309-316. doi: 10.1109/FiCloud.2015.32
Abstract: Smart cities advocate future environments where sensor pervasiveness, data delivery and exchange, and information mash-up enable better support of every aspect of (social) life in human settlements. As this vision matures, evolves and is shaped against several application scenarios, and adoption perspectives, a common need for scalable, pervasive, flexible and replicable infrastructures emerges. Such a need is currently fostering new design efforts to grant performance, reuse and interoperability while avoiding knowledge silos typical of early efforts on similar top is, e.g. Automation in buildings and homes. This paper introduces a federated smart city platform (SCP) developed in the context of the ALMANAC FP7 EU project and discusses lessons learned during the first experimental application of the platform to a smart waste management scenario in a medium-sized, European city. The ALMANAC SCP aims to integrate Internet of Things (IoT), capillary networks and metro access networks to offer smart services to the citizens, and thus enable Smart City processes. The key element of the SCP is a middleware supporting semantic interoperability of heterogeneous resources, devices, services and data management. The platform is built upon a dynamic federation of private and public networks, while supporting end-to-end security and privacy. Furthermore, it also enables the integration of services that, although being natively external to the platform itself, allow enriching the set of data and information used by the Smart City applications supported.
Keywords: Internet of Things; data privacy; middleware; open systems; smart cities; waste management; ALMANAC FP7 EU project; European city; capillary networks; data management; end-to-end privacy; end-to-end security; heterogeneous devices; heterogeneous resources; heterogeneous services; metro access networks; middleware; private networks; public networks; semantic interoperability; sensor pervasiveness; smart city platform; smart waste management scenario; Cities and towns; Context; Data integration; Metadata; Semantics; Smart cities; federation; internet of things; platform; smart city (ID#: 16-11227)


J. M. Bohli, A. Skarmeta, M. Victoria Moreno, D. García and P. Langendörfer, “SMARTIE Project: Secure IoT Data Management for Smart Cities,” Recent Advances in Internet of Things (RIoT), 2015 International Conference on, Singapore, 2015, pp. 1-6. doi: 10.1109/RIOT.2015.7104906
Abstract: The vision of SMARTIE (Secure and sMARter ciTIEs data management) is to create a distributed framework for IoT-based applications storing, sharing and processing large volumes of heterogeneous information. This framework is envisioned to enable end-to-end security and trust in information delivery for decision-making purposes following the data owner's privacy requirements. SMARTIE follows a data-centric paradigm, which will offer highly scalable and secure information for smart city applications. The heart of this paradigm will be the “information management and services” plane as a unifying umbrella, which will operate above heterogeneous network devices and data sources, and will provide advanced secure information services enabling powerful higher-layer applications.
Keywords: Internet of Things; data privacy; database management systems; decision making; distributed processing; information services; smart cities; town and country planning; trusted computing; IoT-based applications; SMARTIE project; data owner privacy requirements; data sources; data-centric paradigm; decision-making purposes; distributed framework; end-to-end security; heterogeneous information processing; heterogeneous information sharing; heterogeneous information storing; heterogeneous network devices; information delivery; information management; secure IoT data management; secure and smarter cities data management; secure information services; smart city applications; trust; Authorization; Cities and towns; Cryptography; Heating; Monitoring; IoT; Security; Smart Cities (ID#: 16-11228)


F. Van den Abeele, T. Vandewinckele, J. Hoebeke, I. Moerman and P. Demeester, “Secure Communication in IP-Based Wireless Sensor Networks via a Trusted Gateway,” Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2015 IEEE Tenth International Conference on, Singapore, 2015, pp. 1-6. doi: 10.1109/ISSNIP.2015.7106963
Abstract: As the IP-integration of wireless sensor networks enables end-to-end interactions, solutions to appropriately secure these interactions with hosts on the Internet are necessary. At the same time, burdening wireless sensors with heavy security protocols should be avoided. While Datagram TLS (DTLS) strikes a good balance between these requirements, it entails a high cost for setting up communication sessions. Furthermore, not all types of communication have the same security requirements: e.g. some interactions might only require authorization and do not need confidentiality. In this paper we propose and evaluate an approach that relies on a trusted gateway to mitigate the high cost of the DTLS handshake in the WSN and to provide the flexibility necessary to support a variety of security requirements. The evaluation shows that our approach leads to considerable energy savings and latency reduction when compared to a standard DTLS use case, while requiring no changes to the end hosts themselves.
Keywords: IP networks; Internet; authorisation; computer network security; energy conservation; internetworking; protocols; telecommunication power management; trusted computing; wireless sensor networks; DTLS handshake; WSN authorization; communication security; datagram TLS; end-to-end interactions; energy savings; heavy security protocol; latency reduction; trusted gateway; wireless sensor network IP integration; Bismuth; Cryptography; Logic gates; Random access memory; Read only memory; Servers; Wireless sensor networks; 6LoWPAN; CoAP; DTLS; Gateway; IP; IoT (ID#: 16-11229)


V. L. Shivraj, M. A. Rajan, M. Singh and P. Balamuralidhar, “One Time Password Authentication Scheme Based on Elliptic Curves for Internet of Things (IoT),” Information Technology: Towards New Smart World (NSITNSW), 2015 5th National Symposium on, Riyadh, 2015, pp. 1-6. doi: 10.1109/NSITNSW.2015.7176384
Abstract: Establishing end-to-end authentication between devices and applications in Internet of Things (IoT) is a challenging task. Due to heterogeneity in terms of devices, topology, communication and different security protocols used in IoT, existing authentication mechanisms are vulnerable to security threats and can disrupt the progress of IoT in realizing Smart City, Smart Home and Smart Infrastructure, etc. To achieve end-to-end authentication between IoT devices/applications, the existing authentication schemes and security protocols require a two-factor authentication mechanism. Therefore, as part of this paper we review the suitability of an authentication scheme based on One Time Password (OTP) for IoT and proposed a scalable, efficient and robust OTP scheme. Our proposed scheme uses the principles of lightweight Identity Based Elliptic Curve Cryptography scheme and Lamport's OTP algorithm. We evaluate analytically and experimentally the performance of our scheme and observe that our scheme with a smaller key size and lesser infrastructure performs on par with the existing OTP schemes without compromising the security level. Our proposed scheme can be implemented in real-time IoT networks and is the right candidate for two-factor authentication among devices, applications and their communications in IoT.
Keywords: Internet of Things; message authentication; public key cryptography; IoT; OTP; end-to-end authentication; identity based elliptic curve cryptography; one time password; password authentication; Algorithm design and analysis; Authentication; Elliptic curves; Logic gates; Protocols; Servers (ID#: 16-11230)


N. Zhang, K. Yuan, M. Naveed, X. Zhou and X. Wang, “Leave Me Alone: App-Level Protection Against Runtime Information Gathering on Android,” 2015 IEEE Symposium on Security and Privacy, San Jose, CA, 2015, pp. 915-930. doi: 10.1109/SP.2015.61
Abstract: Stealing of sensitive information from apps is always considered to be one of the most critical threats to Android security. Recent studies show that this can happen even to the apps without explicit implementation flaws, through exploiting some design weaknesses of the operating system, e.g., Shared communication channels such as Bluetooth, and side channels such as memory and network-data usages. In all these attacks, a malicious app needs to run side-by-side with the target app (the victim) to collect its runtime information. Examples include recording phone conversations from the phone app, gathering WebMD's data usages to infer the disease condition the user looks at, etc. This runtime-information-gathering (RIG) threat is realistic and serious, as demonstrated by prior research and our new findings, which reveal that the malware monitoring popular Android-based home security systems can figure out when the house is empty and the user is not looking at surveillance cameras, and even turn off the alarm delivered to her phone. To defend against this new category of attacks, we propose a novel technique that changes neither the operating system nor the target apps, and provides immediate protection as soon as an ordinary app (with only normal and dangerous permissions) is installed. This new approach, called App Guardian, thwarts a malicious app's runtime monitoring attempt by pausing all suspicious background processes when the target app (called principal) is running in the foreground, and resuming them after the app stops and its runtime environment is cleaned up. Our technique leverages a unique feature of Android, on which third-party apps running in the background are often considered to be disposable and can be stopped anytime with only a minor performance and utility implication. We further limit such an impact by only focusing on a small set of suspicious background apps, which are identified by their behaviors inferred from their side channels (e.g., Thread names, CPU scheduling and kernel time). App Guardian is also carefully designed to choose the right moments to start and end the protection procedure, and effectively protect itself against malicious apps. Our experimental studies show that this new technique defeated all known RIG attacks, with small impacts on the utility of legitimate apps and the performance of the OS. Most importantly, the idea underlying our approach, including app-level protection, side-channel based defense and lightweight response, not only significantly raises the bar for the RIG attacks and the research on this subject but can also inspire the follow-up effort on new detection systems practically deployable in the fragmented Android ecosystem.
Keywords: Internet of Things; cryptography; invasive software; mobile computing; smart phones; Android security; App Guardian; IoT; RIG threat; app-level protection; malware monitoring; runtime information gathering; side-channel based defense; Androids; Bluetooth; Humanoid robots; Monitoring; Runtime; Security; Smart phones (ID#: 16-11231)


M. Rao, T. Newe, I. Grout, E. Lewis and A. Mathur, “FPGA Based Reconfigurable IPSec AH Core Suitable for IoT Applications,” Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, Liverpool, 2015,
pp. 2212-2216. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.327
Abstract: Real-world deployments of Internet of Things (IoTs) applications require secure communication. The IPSec (Internet Protocol Security) is an important and widely used security protocol (in the IP layer) to provide end to end secure communication. Implementation of the IPSec is a computing intensive work, which significantly limits the performance of the high speed networks. To overcome this issue, hardware implementation of IPSec is a best solution. IPSec includes two main protocols namely, Authentication Header (AH) and Encapsulating Security Payload (ESP) with two modes of operations, transport mode and tunnel mode. In this work we presented an FPGA implementation of IPSec AH protocol. This implementation supports both, tunnel and transport mode of operation. Cryptographic hash function called Secure Hash Algorithm – 3 (SHA-3) is used to calculate hash value for AH protocol. The proposed IPSec AH core can be used to provide data authentication security service to IoT applications.
Keywords: IP networks; Internet of Things; cryptographic protocols; field programmable gate arrays; AH; ESP; FPGA based reconfigurable IPSec AH core; IP layer; Internet protocol security; IoT applications; SHA; authentication header; cryptographic hash function; data authentication security service; encapsulating security payload; end to end secure communication; secure hash algorithm; transport mode; tunnel mode; Authentication; Cryptography; Field programmable gate arrays; Internet; Protocols; FPGA; IPSec; SHA-3 (ID#: 16-11232)


A. Ahrary and D. Ludena, “Research Studies on the Agricultural and Commercial Field,” Advanced Applied Informatics (IIAI-AAI), 2015 IIAI 4th International Congress on, Okayama, 2015, pp. 669-673. doi: 10.1109/IIAI-AAI.2015.291
Abstract: The new Internet of Things (IoT) paradigm is giving to the scientific community the possibility to create integrated environments where information could be exchanged among heterogeneous characteristic networks in an automated way, in order to provide a richer experience to the user and to give specific relevant information regarding the particular environment in which the user is interacting with. Those characteristic are highly valuable for the novel nutrition-based vegetable production and distribution system, in which the multiple benefits of Big Data where used in order to generate a healthy food recommendation to the end user and to feed to the system different analytics to improve the system efficiency. Moreover, the different IoT capabilities, specifically automation and heterogeneous network communication are valuable to improve the information matrix of our project. This paper discusses the different IoT available technologies, their security capabilities and assessment, and how could be useful for our project.
Keywords: Big Data; Internet of Things; agriculture; IoT capabilities; agricultural field; commercial field; distribution system; healthy food recommendation; integrated environments; network communication; research studies; scientific community; vegetable production; Agriculture; Big data; Business; Internet of things; Production; Security; Big Data infrastructure; Data Analysis; IoT; IoT Security (ID#: 16-11233)


W. K. Bodin, D. Jaramillo, S. K. Marimekala and M. Ganis, “Security Challenges and Data Implications by Using Smartwatch Devices in the Enterprise,” Emerging Technologies for a Smarter World (CEWIT), 2015 12th International Conference & Expo on, Melville, NY, 2015, pp. 1-5. doi: 10.1109/CEWIT.2015.7338164
Abstract: In the age of the Internet of Things, use of Smartwatch devices in the enterprise is evolving rapidly and many companies are exploring, adopting and researching the use of these devices in the Enterprise IT (Information Technology). The biggest challenge presented to an organization is understanding how to integrate these devices with the back end systems, building the data correlation and analytics while ensuring the security of the overall systems. The core objective of this paper is to provide a brief overview of such security challenges and data exposures to be considered. The research effort focuses on three key questions: 1. Data: how will we integrate these data streams into of physical world instrumentation with all of our existing data? 2. Security: how can pervasive sensing and analytics systems preserve and protect user security? 3. Usability: what hardware and software systems will make developing new intelligent and secure Smartwatch applications as easy as a modern web application? This area of research is in the early stages and through this paper we attempt to bring different views on how data, security and usability is important for Enterprise IT to adopt this type of Internet of Things (IoT) device in the Enterprise.
Keywords: Internet of Things; electronic commerce; mobile computing; security of data; watches; IoT device; analytics systems; data implications; enterprise IT; information technology; pervasive sensing system; security challenges; smartwatch devices; Biomedical monitoring; Internet; Media; Mobile communication; Monitoring; Security; Smart phones; Enterprise IT; Security; Smartwatch; analytics; data correlation (ID#: 16-11234)


K. Lee, D. Kim, D. Ha, U. Rajput and H. Oh, “On Security and Privacy Issues of Fog Computing Supported Internet of Things Environment,” Network of the Future (NOF), 2015 6th International Conference on the, Montreal, QC, 2015, pp. 1-3. doi: 10.1109/NOF.2015.7333287
Abstract: Recently, the concept of Internet of Things (IoT) is attracting much attention due to the huge potential. IoT uses the Internet as a key infrastructure to interconnect numerous geographically diversified IoT nodes which usually have scare resources, and therefore cloud is used as a key back-end supporting infrastructure. In the literature, the collection of the IoT nodes and the cloud is collectively called as an IoT cloud. Unfortunately, the IoT cloud suffers from various drawbacks such as huge network latency as the volume of data which is being processed within the system increases. To alleviate this issue, the concept of fog computing is introduced, in which foglike intermediate computing buffers are located between the IoT nodes and the cloud infrastructure to locally process a significant amount of regional data. Compared to the original IoT cloud, the communication latency as well as the overhead at the backend cloud infrastructure could be significantly reduced in the fog computing supported IoT cloud, which we will refer as IoT fog. Consequently, several valuable services, which were difficult to be delivered by the traditional IoT cloud, can be effectively offered by the IoT fog. In this paper, however, we argue that the adoption of IoT fog introduces several unique security threats. We first discuss the concept of the IoT fog as well as the existing security measures, which might be useful to secure IoT fog. Then, we explore potential threats to IoT fog.
Keywords: Internet of Things; cloud computing; data privacy; security of data; Internet of Things environment; IoT cloud; IoT fog; IoT nodes; back-end cloud infrastructure; back-end supporting infrastructure; cloud infrastructure; communication latency; fog computing; network latency; privacy issues; security issues; security threats; Cloud computing; Distributed databases; Internet of things; Privacy; Real-time systems; Security; Sensors (ID#: 16-11235)


R. M. Savola, P. Savolainen, A. Evesti, H. Abie and M. Sihvonen, “Risk-Driven Security Metrics Development for an E-Health IoT Application,” Information Security for South Africa (ISSA), 2015, Johannesburg, 2015, pp. 1-6. doi: 10.1109/ISSA.2015.7335061
Abstract: Security and privacy for e-health Internet-of-Things applications is a challenge arising due to the novelty and openness of the solutions. We analyze the security risks of an envisioned e-health application for elderly persons' day-to-day support and chronic disease self-care, from the perspectives of the service provider and end-user. In addition, we propose initial heuristics for security objective decomposition aimed at security metrics definition. Systematically defined and managed security metrics enable higher effectiveness of security controls, enabling informed risk-driven security decision-making.
Keywords: Internet of Things; data privacy; decision making; diseases; geriatrics; health care; risk management; security of data; chronic disease self-care; e-health Internet-of-Things applications; e-health IoT application; elderly person day-to-day support; privacy; risk-driven security decision-making; risk-driven security metrics development; security controls; security objective decomposition; Artificial intelligence; Android; risk analysis; security effectiveness; security metrics (ID#: 16-11236)


E. Vasilomanolakis, J. Daubert, M. Luthra, V. Gazis, A. Wiesmaier and P. Kikiras, “On the Security and Privacy of Internet of Things Architectures and Systems,” 2015 International Workshop on Secure Internet of Things (SIoT), Vienna, 2015, pp. 49-57. doi: 10.1109/SIOT.2015.9
Abstract: The Internet of Things (IoT) brings together a multitude of technologies, with a vision of creating an interconnected world. This will benefit both corporations as well as the end-users. However, a plethora of security and privacy challenges need to be addressed for the IoT to be fully realized. In this paper, we identify and discuss the properties that constitute the uniqueness of the IoT in terms of the upcoming security and privacy challenges. Furthermore, we construct requirements induced by the aforementioned properties. We survey the four most dominant IoT architectures and analyze their security and privacy components with respect to the requirements. Our analysis shows a mediocre coverage of security and privacy requirements. Finally, through our survey we identify a number of research gaps that constitute the steps ahead for future research.
Keywords: Internet of Things; data privacy; IoT architecture; privacy; security; Communication networks; Computer architecture; Internet of things; Privacy; Resilience; Security; Sensors (ID#: 16-11237)


G. Kim, J. Kim and S. Lee, “An SDN Based Fully Distributed NAT Traversal Scheme for IoT Global Connectivity,” Information and Communication Technology Convergence (ICTC), 2015 International Conference on, Jeju, 2015, pp. 807-809. doi: 10.1109/ICTC.2015.7354671
Abstract: Existing NAT solves to IP address exhaustion problem binding private IP address and public IP address, and NAT traversal such as hole punching scheme enables to communicate End-to-End devices located in different private networks. However, such technologies are centralized the workload at NAT gateway and increase transmission delay caused by packet modification per packet. In this paper, we propose an SDN based fully distributed NAT traversal scheme, which can distribute the workload of NAT processing to devices and reduce transmission delay by packet switching instead of packet modification. Furthermore, we describe SDN based IoT connectivity management architecture for supporting IoT global connectivity and enhanced real-time and security.
Keywords: IP networks; Internet of Things; computer network management; packet switching; software defined networking; telecommunication security; IP address; IoT connectivity management architecture; IoT global connectivity; NAT traversal scheme; SDN; end-to-end devices; hole punching scheme; packet modification; packet switching; transmission delay; Computer architecture; Delays; Internet; Performance evaluation; Ports (Computers); Punching; Connectivity; Network Address Translation; Software Defined Networking (ID#: 16-11238)


P. Porambage, A. Braeken, P. Kumar, A. Gurtov and M. Ylianttila, “Efficient Key Establishment for Constrained IoT Devices with Collaborative HIP-Based Approach,” 2015 IEEE Global Communications Conference (GLOBECOM), San Diego, CA, 2015, pp. 1-6. doi: 10.1109/GLOCOM.2015.7417094
Abstract: The Internet of Things (IoT) technologies interconnect wide ranges of network devices irrespective of their resource capabilities and local networks. The device constraints and the dynamic link creations make it challenging to use pre-shared keys for every secure end-to-end (E2E) communication scenario in IoT. Variants of Host Identity Protocol (HIP) are adopted for constructing dynamic and secure E2E connections among the heterogenous network devices with imbalanced resource profiles and less or no previous knowledge about each other. We propose a collaborative HIP solution with an efficient key establishment component for the high constrained devices in IoT, which delegates the expensive cryptographic operations to the resource rich devices in the local networks. Finally, we demonstrate the applicability of the key establishment in collaborative HIP solution for the constrained IoT devices rather than the existing HIP variants, by providing performance and security analysis.
Keywords: Internet of Things; computer network security; protocols; E2E; HIP; Internet of Things technologies; collaborative HIP based approach; constrained IoT devices; device constraints; dynamic link creations; efficient key establishment; host identity protocol; local networks; network devices; preshared keys; resource capabilities; secure end-to-end communication; security analysis; Collaboration; Cryptography; DH-HEMTs; Protocols; Visualization (ID#: 16-11239)


H. Derhamy, J. Eliasson, J. Delsing, P. P. Pereira and P. Varga, “Translation Error Handling for Multi-Protocol SOA Systems,” 2015 IEEE 20th Conference on Emerging Technologies & Factory Automation (ETFA), Luxembourg, 2015, pp. 1-8. doi: 10.1109/ETFA.2015.7301473
Abstract: The IoT research area has evolved to incorporate a plethora of messaging protocol standards, both existing and new, emerging as preferred communications means. The variety of protocols and technologies enable IoT to be used in many application scenarios. However, the use of incompatible communication protocols also creates vertical silos and reduces interoperability between vendors and technology platform providers. In many applications, it is important that maximum interoperability is enabled. This can be for reasons such as efficiency, security, end-to-end communication requirements etc. In terms of error handling each protocol has its own methods, but there is a gap for bridging the errors across protocols. Centralized software bus and integrated protocol agents are used for integrating different communications protocols. However, the aforementioned approaches do not fit well in all Industrial IoT application scenarios. This paper therefore investigates error handling challenges for a multi-protocol SOA-based translator. A proof of concept implementation is presented based on MQTT and CoAP. Experimental results show that multi-protocol error handling is possible and furthermore a number of areas that need more investigation have been identified.
Keywords: open systems; protocols; service-oriented architecture; CoAP; MQTT; centralized software bus; communication protocols; industrial IoT; integrated protocol agents; maximum interoperability; messaging protocol standards; multiprotocol SOA systems; multiprotocol SOA-based translator; translation error handling; Computer architecture; Delays; Monitoring; Protocols; Quality of service; Servers; Service-oriented architecture; Arrowhead; Cyber-physical systems; Error handling; Internet of Things; Protocol translation; SOA; Translation (ID#: 16-11240)


P. Porambage, A. Braeken, P. Kumar, A. Gurtov and M. Ylianttila, “Proxy-Based End-to-End Key Establishment Protocol for the Internet of Things,” 2015 IEEE International Conference on Communication Workshop (ICCW), London, 2015, pp. 2677-2682. doi: 10.1109/ICCW.2015.7247583
Abstract: The Internet of Things (IoT) drives the world towards an always connected paradigm by interconnecting wide ranges of network devices irrespective of their resource capabilities and local networks. This would inevitably enhance the requirements of constructing dynamic and secure end-to-end (E2E) connections among the heterogenous network devices with imbalanced resource profiles and less or no previous knowledge about each other. The device constraints and the dynamic link creations make it challenging to use pre-shared keys for every secure E2E communication scenario in IoT. We propose a proxy-based key establishment protocol for the IoT, which enables any two unknown high resource constrained devices to initiate secure E2E communication. The high constrained devices should be legitimate and maintain secured connections with the neighbouring less constrained devices in the local networks, in which they are deployed. The less constrained devices are performing as the proxies and collaboratively advocate the expensive cryptographic operations during the session key computation. Finally, we demonstrate the applicability of our solution in constrained IoT devices by providing performance and security analysis.
Keywords: Internet of Things; cryptographic protocols; next generation networks; E2E connections; IoT drives; cryptographic operations; end-to-end connections; heterogenous network devices; preshared keys; proxy-based end-to-end key establishment protocol; secure E2E communication; Conferences; Cryptography; DH-HEMTs; Internet of things; Polynomials; Protocols
(ID#: 16-11241)


L. Kypus, L. Vojtech and L. Kvarda, “Qualitative and Security Parameters Inside Middleware Centric Heterogeneous RFID/IoT Networks, On-Tag Approach,” Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, Prague, 2015, pp. 21-25. doi: 10.1109/TSP.2015.7296217
Abstract: Work presented in the paper started as preliminary research, and analysis, ended as testing of radio frequency identification (RFID) middlewares. The intention was to get better insight into the architecture and functionalities with respect to its impact to overall quality of service (QoS). Main part of paper focuses on lack of QoS awareness due to missing classification of data originated from tags and from the very beginning of the delivery process. Method we used to evaluate did follow up on existing researches in area of QoS for RFID, combining them with new proposal from standard ISO 25010 regarding - Quality Requirements and Evaluation, system and software quality models. The idea is to enhance application identification area in user memory bank with encoded QoS flags and security attributes. The proof of concept of on-tag specified classes and attributes is able to manage and intentionally influence applications and data processing behavior.
Keywords: middleware; quality of service; radiofrequency identification; software quality; telecommunication computing; IoT networks; QoS awareness; middleware centric heterogeneous RFID network; on-tag approach; quality requirements; radio frequency identification middlewares; software quality models; standard ISO 25010; Ecosystems; Middleware; Protocols; Quality of service; Radiofrequency identification; Security; Standards; Application identification; IoT; QoS flags; RFID; Security attributes (ID#: 16-11242)


S. C. Arseni, S. Halunga, O. Fratu, A. Vulpe and G. Suciu, “Analysis of the Security Solutions Implemented in Current Internet of Things Platforms,” Grid, Cloud & High Performance Computing in Science (ROLCG), 2015 Conference, Cluj-Napoca, 2015, pp. 1-4. doi: 10.1109/ROLCG.2015.7367416
Abstract: Our society finds itself in a point where it becomes more and more bounded by the use of technology in each activity, no matter how simple it could be. Following this social trend, the IT paradigm called Internet of Things (IoT) aims to group each technological end-point that has the ability to communicate, under the same “umbrella”. In recent years many private or public organizations have discussed on this topic and tried to provide IoT Platforms that will allow the grouping of devices scattered worldwide. Yet, while information flows and a certain level of scalability and connectivity have been assured, one key component, security, remains a vulnerable point of IoT Platforms. In this paper we describe the main features of some of these “umbrellas”, either open source or with payment, while analyzing and comparing the security solutions integrated in each one of these IoT Platforms. Moreover, through this paper we try to raise users and organizations awareness of the possible vulnerabilities that could appear in any moment, when using one of the presented IoT Platforms.
Keywords: Internet of Things; data analysis; security of data; IoT platform; security solution analysis; Authentication; Internet of things; Organizations; Protocols; Sensors; Internet of Things architectures; Internet of Things platforms; platforms security (ID#: 16-11243)


U. Celentano and J. Röning, “Framework for Dependable and Pervasive eHealth Services,” Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, Milan, 2015, pp. 634-639. doi: 10.1109/WF-IoT.2015.7389128
Abstract: Provision of health care and well-being services at end-user residence, together with its benefits, brings important concerns to be dealt with. This article discusses selected issues in dependable pervasive eHealth services support. Dependable services need to be implemented in a resource-efficient and safe way due to constrained and concurrent, pre-existing conditions and radio environment. Security is a must when dealing with personal information, even more critical when regarding health. Once these fundamental requirements are satisfied, and services designed in an effective manner, social significance can be achieved in various scenarios. After having discussed the above viewpoints, the article concludes with the future directions in eHealth IoT including scaling the system down to the nanoscale, to interact more intimately with biological organisms.
Keywords: Internet of Things; health care; software reliability; IoT; dependable service; eHealth service; pervasive service; Data analysis; Data privacy; Distributed databases; Medical services; Privacy; Safety; Security; Dependability; diagnostics; inclusive health care; nanoscale; preventative health care; privacy; remote patient monitoring; resource use efficiency; robustness; safety; security; treatment (ID#: 16-11244)


S. Rao, D. Chendanda, C. Deshpande and V. Lakkundi, “Implementing LWM2M in Constrained IoT Devices,” Wireless Sensors (ICWiSe), 2015 IEEE Conference on, Melaka, 2015, pp. 52-57. doi: 10.1109/ICWISE.2015.7380353
Abstract: LWM2M is an emerging Open Mobile Alliance standard that defines a fast deployable client-server specification to provide various machine to machine services. It provides both efficient device management as well as security workflow for Internet of Things applications, making it especially suitable for use in constrained networks. However, most of the ongoing research activities on this topic focus on the server domain of LWM2M. Enabling relevant LWM2M functionalities on the client side is not only critical and important but challenging as well since these end-nodes are invariably resource constrained. In this paper, we address those issues by proposing the client-side architecture for LWM2M and its complete implementation framework carried out over Contiki-based IoT nodes. We also present a lightweight IoT protocol stack that incorporates the proposed LWM2M client engine architecture and its interfaces. Our implementation is based on the recently released OMA LWM2M v1.0 specification, and supports OMA, IPSO as well as third party objects. We employ a real world application scenario to validate its usability and effectiveness. The results obtained indicate that the memory footprint overheads incurred due to the introduction of LWM2M into the client side IoT protocol stack are around 6-9%, thus making this implementation framework very appealing to even Class 1 constrained device types.
Keywords: Internet of Things; client-server systems; computer network security; mobile computing; Constrained Contiki-based IoT node; IPSO; Internet of Things application; LWM2M client engine architecture; OMA; client-server specification; device management; lightweight IoT protocol stack; machine to machine service; open mobile alliance standard; security workflow; Computer architecture; Engines; Logic gates; Microprogramming; Protocols; Servers; Standards; Constrained Nodes; Device Management; IPSO Objects; IoT Gateway; L WM2M; OMA Objects (ID#: 16-11245)


C. Doukas and F. Antonelli, “Developing and Deploying End-To-End Interoperable & Discoverable IoT Applications,” 2015 IEEE International Conference on Communications (ICC), London, 2015, pp. 673-678. doi: 10.1109/ICC.2015.7248399
Abstract: This paper presents COMPOSE: a collection of open source tools that enable the development and deployment of end-to-end Internet of Things applications and services. COMPOSE targets developers and entrepreneurs providing a full PaaS and the essential IoT tools for applications and services. Device interoperability, service discovery and composition, security and scalability integrated and demonstrated in use cases around smart cities and smart retail context.
Keywords: Internet of Things; cloud computing; open systems; public domain software; smart cities; COMPOSE; IoT tool; PaaS; device interoperability; end-to-end Internet of Things application; open source tool; platform as a service; service discovery; smart city; Intelligent sensors; Internet of things; Mobile communication; Protocols; Internet of Things; IoT development; Smart City; Smart Retail (ID#: 16-11246)


A. Saxena, V. Kaulgud and V. Sharma, “Application Layer Encryption for Cloud,” 2015 Asia-Pacific Software Engineering Conference (APSEC), New Delhi, India, 2015, pp. 377-384. doi: 10.1109/APSEC.2015.52
Abstract: As we move to the next generation of networks such as Internet of Things (IoT), the amount of data generated and stored on the cloud is going to increase by several orders of magnitude. Traditionally, storage or middleware layer encryption has been used for protecting data at rest. However, such mechanisms are not suitable for cloud databases. More sophisticated methods include user-layer-encryption (ULE) (where the encryption is performed at the end-user's browser) and application-layer-encryption (ALE) (where the encryption is done within the web-app). In this paper, we study security and functionality aspects of cloud encryption and present an ALE framework for Java called JADE that is designed to protect data in the event of a server compromise.
Keywords: Cloud computing; Databases; Encryption; Java; PaaS security; application layer encryption; cloud encryption; cloud security; database security (ID#: 16-11247)


P. Srivastava and N. Garg, “Secure and Optimized Data Storage for IoT through Cloud Framework,” Computing, Communication & Automation (ICCCA), 2015 International Conference on, Noida, 2015, pp. 720-723. doi: 10.1109/CCAA.2015.7148470
Abstract: Internet of Things (IoT) is the future. With increasing popularity of internet, soon internet in routine devices will be a common practice by people. Hence we are writing this paper to encourage IoT accomplishment using cloud computing features with it. Basic setback of IoT is management of the huge quantity of data. In this paper, we have suggested a framework with several data compression techniques to store this large amount of data on cloud acquiring lesser space and using AES encryption techniques we have also improved the security of this data. Framework also shows the interaction of data with reporting and analytic tools through cloud. At the end, we have concluded our paper with some of the future scopes and possible enhancements of our ideas.
Keywords: Internet of Things; cloud computing; cryptography; data compression; optimisation; storage management; AES encryption technique; Internet of Things; IoT; cloud computing feature; data compression technique; data storage optimization; data storage security; Cloud computing; Encryption; Image coding; Internet of things; Sensors; AES; IoT; actuators; compression; encryption; sensors; trigger (ID#: 16-11248)


K. Yasaki, H. Ito and K. Nimura, “Dynamic Reconfigurable Wireless Connection between Smartphone and Gateway,” Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, Taichung, 2015, pp. 228-233.
doi: 10.1109/COMPSAC.2015.234
Abstract: In a broad sense, the Internet of Things (IoT) includes devices that do not have Internet access capability but are aided by a gateway (such as a smartphone) that does have such access. The combination of a gateway and devices with a wireless connection can provide flexibility, but there are limitations to the network capability of each gateway in terms of how many network connections can be accommodated. It would be possible to get rid of the constraint and provide further flexibility and stability if we could deal with multiple gateways and balance the connections. Therefore, we propose a dynamic reconfigurable wireless connection system that can hand over the device connection between gateways by introducing a driver management framework that migrates the driver module handling the network connection. We have implemented a prototype using smartphones as gateways, Bluetooth low energy (BLE) sensors as devices, and a Web application that works on an extended Web runtime that can directly control a device from the application. The combination of these, composed by the user, can be migrated from the smartphone to other gateways (including the network connection) by dragging and dropping icons, after which the gateway and devices take over the combined task. We confirmed that the proposed architecture enables end users to utilize devices flexibly and can easily migrate the network connections of a particular service to another gateway.
Keywords: Internet; Internet of Things; internetworking; network servers; smart phones; Bluetooth low energy sensors; Internet access; Internet of Things; IoT; Web application; driver management framework; driver module handling; dynamic reconfigurable wireless connection system; extended Web runtime; multiple gateways; network connections; smartphone; Communication system security; IEEE 802.11 Standard; Logic gates; Protocols; Sensors; Wireless communication; Wireless sensor networks; Internet of Things; Javascript; dynamic reconfiguration; gateway; heterogeneity; mash-up; smartphone (ID#: 16-11249) 


T. F. J. M. Pasquier, J. Singh, J. Bacon and O. Hermant, “Managing Big Data with Information Flow Control,” 2015 IEEE 8th International Conference on Cloud Computing, New York City, NY, 2015, pp. 524-531. doi: 10.1109/CLOUD.2015.76
Abstract: Concern about data leakage is holding back more widespread adoption of cloud computing by companies and public institutions alike. To address this, cloud tenants/applications are traditionally isolated in virtual machines or containers. But an emerging requirement is for cross-application sharing of data, for example, when cloud services form part of an IoT architecture. Information Flow Control (IFC) is ideally suited to achieving both isolation and data sharing as required. IFC enhances traditional Access Control by providing continuous, data-centric, cross-application, end-to-end control of data flows. However, large-scale data processing is a major requirement of cloud computing and is infeasible under standard IFC. We present a novel, enhanced IFC model that subsumes standard models. Our IFC model supports 'Big Data' processing, while retaining the simplicity of standard IFC and enabling more concise, accurate and maintainable expression of policy.
Keywords: Big Data; Internet of Things; authorisation; cloud computing; Big Data management; IFC; IoT architecture; access control; cloud services; cloud tenants; containers; cross-application data sharing; data flows; data leakage; information flow control; large-scale data processing; virtual machines; Access control; Companies; Context; Data models; Hospitals; Standards; Data Management; Information Flow Control; Security (ID#: 16-11250)


A. J. Poulter, S. J. Johnston and S. J. Cox, “Using the MEAN Stack to Implement a RESTful Service for an Internet of Things Application,” Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, Milan, 2015, pp. 280-285.
doi: 10.1109/WF-IoT.2015.7389066
Abstract: This paper examines the components of the MEAN development stack (MongoDb, Express.js, Angular.js, & Node.js), and demonstrate their benefits and appropriateness to be used in implementing RESTful web-service APIs for Internet of Things (IoT) appliances. In particular, we show an end-to-end example of this stack and discuss in detail the various components required. The paper also describes an approach to establishing a secure mechanism for communicating with IoT devices, using pull-communications.
Keywords: Internet of Things; Web services; application program interfaces; security of data; software tools; Angular.js; Express.js; Internet of Things application; IoT devices; MEAN development stack; MongoDb; Node.js; RESTful Web-service API; pull-communications; secure mechanism; Databases; Hardware; Internet of things; Libraries; Logic gates; Servers; Software; IoT; MEAN; REST; web programming (ID#: 16-11251)


Z. Liu, Mianxiong Dong, Bo Gu, Cheng Zhang, Y. Ji and Y. Tanaka, “Inter-Domain Popularity-Aware Video Caching in Future Internet Architectures,” Heterogeneous Networking for Quality, Reliability, Security and Robustness (QSHINE), 2015 11th International Conference on, Taipei, 2015, pp. 404-409. doi: (not provided)
Abstract: Current TCP/IP based network is suffering from the usage of IP especially in the era of Internet of things (IoT). Recently Content Centric Network (CCN) is proposed as an alternative of the future network architecture. In CCN, data itself, which is authenticated and secured, is a name and can be directly requested at the network level instead of using IP and Domain Name System (DNS). Another difference between CCN and traditional networks is that the routers in CCN have the caching abilities. Then the end users can obtain the data from routers instead of from the remote server if the content has been stored in the router. Hence the overall network performance can be improved by reducing the required transmission hops and the advantage of the CCN caching has been shown in literature. In this paper, we design a new caching policy for the popularity-aware video caching in CCN to handle the 'redundancy' problem in the existing schemes, where the same content may be stored multiple times along the road from server to users, thus leading to a significant performance degradation. Simulations are conducted and we could observe that the proposed scheme performs better comparing with the existing caching policies.
Keywords: Internet; Internet of Things; CCN; DNS; Internet of things; TCP-IP based network; content centric network; domain name system; future Internet architecture; interdomain popularity-aware video caching; loT; redundancy problem; remote server; router; Artificial neural networks; Degradation; IP networks; Indexes; Redundancy; Servers; Topology (ID#: 16-11252)


P. Porambage, A. Braeken, A. Gurtov, M. Ylianttila and S. Spinsante, “Secure End-to-End Communication for Constrained Devices in IoT-Enabled Ambient Assisted Living Systems,” Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on, Milan, 2015, pp. 711-714. doi: 10.1109/WF-IoT.2015.7389141
Abstract: The Internet of Things (IoT) technologies interconnect broad ranges of network devices irrespective of their resource capabilities and local networks. In order to upgrade the standard of life of elderly people, Ambient Assisted Living (AAL) systems are also widely deployed in the context of IoT applications. To preserve user security and privacy in AAL systems, it is significant to ensure secure communication link establishment among the medical devices and the remote hosts or servers that are interested in accessing the critical health data. However, due to the limited resources available in such constrained devices, it is challenging to exploit expensive cryptographic operations in the conventional security protocols. Therefore, in this paper we propose a novel proxy-based authentication and key establishment protocol, which is lightweight and suitable to safeguard sensitive data generated by resource-constrained devices in IoT-enabled AAL systems.
Keywords: Internet of Things; assisted living; cryptographic protocols; data privacy; geriatrics; health care; medical computing; Internet of Things technology; IoT-enabled ambient assisted living system; constrained device; critical health data assessment; cryptographic operation; elderly people; key establishment protocol; medical device; proxy-based authentication protocol; remote host; remote server; secure end-to-end communication link; security protocol; user privacy; user security; Authentication; Cryptography; DH-HEMTs; Protocols; Senior citizens; Sensors; authentication; key establishment; proxy; resource-constrained device (ID#: 16-11253)


H. C. Pöhls, “JSON Sensor Signatures (JSS): End-to-End Integrity Protection from Constrained Device to IoT Application,” Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2015 9th International Conference on, Blumenau, 2015, pp. 306-312. doi: 10.1109/IMIS.2015.48
Abstract: Integrity of sensor readings or actuator commands is of paramount importance for a secure operation in the Internet-of-Things (IoT). Data from sensors might be stored, forwarded and processed by many different intermediate systems. In this paper we apply digital signatures to achieve end-to-end message level integrity for data in JSON. JSON has become very popular to represent data in the upper layers of the IoT domain. By signing JSON on the constrained device we extend the end-to-end integrity protection starting from the constrained device to any entity in the IoT data-processing chain. Just the JSON message's contents including the enveloped signature and the data must be preserved. We reached our design goal to keep the original data accessible by legacy parsers. Hence, signing does not break parsing. We implemented an elliptic curve based signature algorithm on a class 1 (following RFC 7228) constrained device (Zolertia Z1: 16-bit, MSP 430). Furthermore, we describe the challenges of end-to-end integrity when crossing from IoT to the Web and applications.
Keywords: Internet of Things; Java; data integrity; digital signatures; public key cryptography; Internet-of-Things; IoT data-processing chain; JSON sensor signatures; actuator commands; digital signatures; elliptic curve based signature algorithm; end-to-end integrity protection; end-to-end message level integrity; enveloped signature; legacy parsers; sensor readings integrity; Data structures; Digital signatures; Elliptic curve cryptography; NIST; Payloads; XML; ECDSA; IoT; JSON; integrity (ID#: 16-11254)


E. Z. Tragos et al., “An IoT Based Intelligent Building Management System for Ambient Assisted Living,” 2015 IEEE International Conference on Communication Workshop (ICCW), London, 2015, pp. 246-252. doi: 10.1109/ICCW.2015.7247186
Abstract: Ambient Assisted Living (AAL) describes an ICT based environment that exposes personalized and context-aware intelligent services, thus creating an appropriate experience to the end user to support independent living and improvement of the everyday quality of life of both healthy elderly and disabled people. The social and economic impact of AAL systems have boosted the research activities that combined with the advantages of enabling technologies such as Wireless Sensor Networks (WSNs) and Internet of Things (IoT) can greatly improve the performance and the efficiency of such systems. Sensors and actuators inside buildings can create an intelligent sensing environments that help gather realtime data for the patients, monitor their vital signs and identify abnormal situations that need medical attention. AAL applications might be life critical and therefore have very strict requirements for their performance with respect to the reliability of the devices, the ability of the system to gather data from heterogeneous devices, the timeliness of the data transfer and their trustworthiness. This work presents the functional architecture of SOrBet (Marie Curie IAPP project) that provides a framework for interconnecting efficiently smart devices, equipping them with intelligence that helps automating many of the everyday activities of the inhabitants. SOrBet is a paradigm shift of traditional AAL systems based on a hybrid architecture, including both distributed and centralized functionalities, extensible, self-organising, robust and secure, built on the concept of “reliability by design”, thus being capable of meeting the strict Quality of Service (QoS) requirements of demanding applications such as AAL.
Keywords: Internet of Things; assisted living; building management systems; patient monitoring; quality of service; wireless sensor networks; IoT based intelligent building management system; SOrBet; ambient assisted living; hybrid architecture; Artificial intelligence; Automation; Buildings; Quality of service; Reliability; Security; Sensors (ID#: 16-11255)


N. Pazos, M. Müller, M. Aeberli and N. Ouerhani, “ConnectOpen — Automatic Integration of IoT Devices,” Internet of Things
(WF-IoT), 2015 IEEE 2nd World Forum on, Milan,
2015, pp. 640-644. doi: 10.1109/WF-IoT.2015.7389129
Abstract: There exists, today, a wide consensus that Internet of Things (IoT) is creating a wide range of business opportunities for various industries and sectors like Manufacturing, Healthcare, Public infrastructure management, Telecommunications and many others. On the other hand, the technological evolution of IoT facing serious challenges. The fragmentation in terms of communication protocols and data formats at device level is one of these challenges. Vendor specific application architectures, proprietary communication protocols and lack of IoT standards are some reasons behind the IoT fragmentation. In this paper we propose a software enabled framework to address the fragmentation challenge. The framework is based on flexible communication agents that are deployed on a gateway and can be adapted to various devices communicating different data formats using different communication protocol. The communication agent is automatically generated based on specifications and automatically deployed on the Gateway in order to connect the devices to a central platform where data are consolidated and exposed via REST APIs to third party services. Security and scalability aspects are also addressed in this work.
Keywords: Internet of Things; application program interfaces; cloud computing; computer network security; internetworking; transport protocols; ConnectOpen; IoT fragmentation; REST API; automatic IoT device integration; central platform; communication agents; communication protocol; communication protocols; data formats; device level; scalability aspect; security aspect; software enabled framework; third party services; Business; Embedded systems; Logic gates; Protocols; Scalability; Security; Sensors; Communication Agent; End Device; Gateway; IoT; Kura; MQTT; OSGi (ID#: 16-11256)


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.