DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †

Daniel Díaz-Sánchez; Andrés Marín-Lopez; Florina Almenárez Mendoza; Patricia Arias Cabarcos

doi:10.3390/s19153292

DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †

Sensors ◽

10.3390/s19153292 ◽

2019 ◽

Vol 19 (15) ◽

pp. 3292 ◽

Cited By ~ 2

Author(s):

Daniel Díaz-Sánchez ◽

Andrés Marín-Lopez ◽

Florina Almenárez Mendoza ◽

Patricia Arias Cabarcos

Keyword(s):

Low Cost ◽

Fog Computing ◽

Time Data ◽

Property A ◽

Domain Name ◽

Core Networks ◽

Secure Information ◽

Nomadic Users ◽

Iot Devices ◽

Trapdoor Function

IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.

Download Full-text

DNS-Based Dynamic Authentication for Microservices in IoT

Proceedings ◽

10.3390/proceedings2191233 ◽

2018 ◽

Vol 2 (19) ◽

pp. 1233

Author(s):

Daniel Sánchez ◽

Andrés López ◽

Florina Mendoza ◽

Patricia Arias Cabarcos

Keyword(s):

Data Collection ◽

Ubiquitous Computing ◽

Real Time ◽

Low Cost ◽

Fog Computing ◽

Time Data ◽

Elapsed Time ◽

Real Time Data ◽

Nomadic Users ◽

Iot Devices

IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.

Download Full-text

Survey on DDoS Attacks and Defense Mechanisms in Cloud and Fog Computing

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018070104 ◽

2018 ◽

Vol 10 (3) ◽

pp. 61-83 ◽

Cited By ~ 10

Author(s):

Deepali Chaudhary ◽

Kriti Bhushan ◽

B.B. Gupta

Keyword(s):

Cloud Computing ◽

Defense Mechanisms ◽

Low Cost ◽

Fog Computing ◽

Smart Devices ◽

Cloud Environment ◽

Security Issue ◽

Process Data ◽

Ddos Attack ◽

Iot Devices

This article describes how cloud computing has emerged as a strong competitor against traditional IT platforms by offering low-cost and “pay-as-you-go” computing potential and on-demand provisioning of services. Governments, as well as organizations, have migrated their entire or most of the IT infrastructure to the cloud. With the emergence of IoT devices and big data, the amount of data forwarded to the cloud has increased to a huge extent. Therefore, the paradigm of cloud computing is no longer sufficient. Furthermore, with the growth of demand for IoT solutions in organizations, it has become essential to process data quickly, substantially and on-site. Hence, Fog computing is introduced to overcome these drawbacks of cloud computing by bringing intelligence to the edge of the network using smart devices. One major security issue related to the cloud is the DDoS attack. This article discusses in detail about the DDoS attack, cloud computing, fog computing, how DDoS affect cloud environment and how fog computing can be used in a cloud environment to solve a variety of problems.

Download Full-text

Survey on DDoS Attacks and Defense Mechanisms in Cloud and Fog Computing

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch095 ◽

2019 ◽

pp. 1927-1951

Author(s):

Deepali Chaudhary ◽

Kriti Bhushan ◽

B.B. Gupta

Keyword(s):

Cloud Computing ◽

Defense Mechanisms ◽

Low Cost ◽

Fog Computing ◽

Smart Devices ◽

Cloud Environment ◽

Security Issue ◽

Process Data ◽

Ddos Attack ◽

Iot Devices

Download Full-text

A Roadmap to Integrate Digital Twins for Small and Medium-Sized Enterprises

Applied Sciences ◽

10.3390/app11209479 ◽

2021 ◽

Vol 11 (20) ◽

pp. 9479

Author(s):

Alim Yasin ◽

Toh Yen Pang ◽

Chi-Tsun Cheng ◽

Miro Miletic

Keyword(s):

Data Storage ◽

Cyber Security ◽

3D Model ◽

Low Cost ◽

Sensor Data ◽

Time Data ◽

Communication Framework ◽

Temperature Detector ◽

Physical Asset ◽

Iot Devices

In the last decade, Australian SMEs are steadily becoming more digitally engaged, but they still face issues and barriers to fully adopt Industry 4.0 (I4.0). Among the tools that I4.0 encompasses, digital twin (DT) and digital thread (DTH) technologies hold significant interest and value. Some of the challenges are the lack of expertise in developing the communication framework required for data collection, processing, and storing; concerns about data and cyber security; lack of knowledge of the digitization and visualisation of data; and value generation for businesses from the data. This article aims to demonstrate the feasibility of DT implementation for small and medium-sized enterprises (SMEs) by developing a framework based on simple and low-cost solutions and providing insight and guidance to overcome technological barriers. To do so, this paper first outlines the theoretical framework and its components, and subsequently discusses a simplified and generalised DT model of a real-world physical asset that demonstrates how these components function, how they are integrated and how they interact with each other. An experimental scenario is presented to transform data harvested from a resistance temperature detector sensor connected with a WAGO 750-8102 Programmable Logic Controller for data storage and analysis, predictive simulation and modelling. Our results demonstrate that sensor data could be readily integrated from Internet-of-Things (IoT) devices and enabling DT technologies, where users could view real time data and key performance indicators (KPIs) in the form of a 3D model. Data from both the sensor and 3D model are viewable in a comprehensive history log through a database. Via this technological demonstration, we provide several recommendations on software, hardware, and expertise that SMEs may adopt to assist with their DT implementations.

Download Full-text

A Low-Cost Vehicular Traffic Monitoring System Using Fog Computing

Smart Cities ◽

10.3390/smartcities3010008 ◽

2020 ◽

Vol 3 (1) ◽

pp. 138-156 ◽

Cited By ~ 3

Author(s):

Spiridon Vergis ◽

Vasileios Komianos ◽

Georgios Tsoumanis ◽

Athanasios Tsipis ◽

Konstantinos Oikonomou

Keyword(s):

Monitoring System ◽

Tracking System ◽

Low Cost ◽

Fog Computing ◽

Traffic Monitoring ◽

Vehicular Traffic ◽

Taxi Drivers ◽

Mobile Tracking ◽

Iot Devices ◽

The Town

With the rapid increase of vehicles in use worldwide, the need for efficient traffic monitoring systems has arisen. This work proposes a low-cost vehicular traffic monitoring system using IoT devices and fog computing. The system is based on a three-tiered architecture which is composed of (i) the mobile tracking system that records the positions of the vehicles using GPS technologies; (ii) the information gathering system which gathers all the data collected by the mobile tracking system; and (iii) the fog devices that process the data collected and extract the information needed. The system is tested in the town of Corfu during a period of increased tourism when the traffic is considered to be relatively dense. The mobile tracking system devices are placed on taxis and with the help of professional taxi drivers the accuracy of the data collected is evaluated. The system is able to record the movement of the vehicles accurately using its own independent data. The results can be remotely accessed by utilizing fog and cloud computing infrastructure established to process the data and upload it on a server. The system is used to give a better understanding of the speed variance in the center of the town during different dates and hours. In conclusion the system presented in this study can be utilized to monitor the traffic and provide vital information about its behavior in relation to time.

Download Full-text

Secure Data Integrity Protocol for Fog Computing Environment

Advances in Computer and Electrical Engineering - Advancing Consumer-Centric Fog Computing Architectures ◽

10.4018/978-1-5225-7149-0.ch007 ◽

2019 ◽

pp. 126-144

Author(s):

Kashif Munir ◽

Lawan Ahmed Mohammed

Keyword(s):

Internet Of Things ◽

Low Cost ◽

Fog Computing ◽

Authentication Protocol ◽

Smart Device ◽

Computing Environment ◽

Authentication Protocols ◽

Iot Devices ◽

Secure Authentication ◽

Distributed Infrastructure

Fog computing is a distributed infrastructure in which certain application processes or services are managed at the edge of the network by a smart device. Fog systems are capable of processing large amounts of data locally, operate on-premise, are fully portable, and can be installed on heterogeneous hardware. These features make the fog platform highly suitable for time and location-sensitive applications. For example, internet of things (IoT) devices are required to quickly process a large amount of data. The significance of enterprise data and increased access rates from low-resource terminal devices demand reliable and low-cost authentication protocols. Lots of researchers have proposed authentication protocols with varied efficiencies. As a part of this chapter, the authors propose a secure authentication protocol that is strongly secure and best suited for the fog computing environment.

Download Full-text

Bringing Security to The Smallest Embedded Systems

10.34048/2017.1.f5 ◽

2017 ◽

Author(s):

JOSEPH YIU

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Low Cost ◽

Security Requirements ◽

The Internet ◽

Security Measures ◽

Significant Challenge ◽

Iot Devices

The increasing need for security in microcontrollers Security has long been a significant challenge in microcontroller applications(MCUs). Traditionally, many microcontroller systems did not have strong security measures against remote attacks as most of them are not connected to the Internet, and many microcontrollers are deemed to be cheap and simple. With the growth of IoT (Internet of Things), security in low cost microcontrollers moved toward the spotlight and the security requirements of these IoT devices are now just as critical as high-end systems due to:

Download Full-text

Drug Target Group Prediction with Multiple Drug Networks

Combinatorial Chemistry & High Throughput Screening ◽

10.2174/1386207322666190702103927 ◽

2020 ◽

Vol 23 (4) ◽

pp. 274-284 ◽

Cited By ~ 12

Author(s):

Jingang Che ◽

Lei Chen ◽

Zi-Han Guo ◽

Shuaiqun Wang ◽

Aorigele

Keyword(s):

Drug Target ◽

Low Cost ◽

Machine Learning Algorithms ◽

Classification Model ◽

Support Vector ◽

Multiple Drug ◽

Property A ◽

Multiple Networks ◽

Proposed Model ◽

The One

Background: Identification of drug-target interaction is essential in drug discovery. It is beneficial to predict unexpected therapeutic or adverse side effects of drugs. To date, several computational methods have been proposed to predict drug-target interactions because they are prompt and low-cost compared with traditional wet experiments. Methods: In this study, we investigated this problem in a different way. According to KEGG, drugs were classified into several groups based on their target proteins. A multi-label classification model was presented to assign drugs into correct target groups. To make full use of the known drug properties, five networks were constructed, each of which represented drug associations in one property. A powerful network embedding method, Mashup, was adopted to extract drug features from above-mentioned networks, based on which several machine learning algorithms, including RAndom k-labELsets (RAKEL) algorithm, Label Powerset (LP) algorithm and Support Vector Machine (SVM), were used to build the classification model. Results and Conclusion: Tenfold cross-validation yielded the accuracy of 0.839, exact match of 0.816 and hamming loss of 0.037, indicating good performance of the model. The contribution of each network was also analyzed. Furthermore, the network model with multiple networks was found to be superior to the one with a single network and classic model, indicating the superiority of the proposed model.

Download Full-text

Virtualizing AI at the Distributed Edge Towards Intelligent IoT Applications

Journal of Sensor and Actuator Networks ◽

10.3390/jsan10010013 ◽

2021 ◽

Vol 10 (1) ◽

pp. 13

Author(s):

Claudia Campolo ◽

Giacomo Genovese ◽

Antonio Iera ◽

Antonella Molinaro

Keyword(s):

Resource Constraints ◽

Smart Cities ◽

Traditional Approach ◽

Low Cost ◽

Iot Applications ◽

Software And Hardware ◽

Iot Devices ◽

Consumer Devices ◽

Hardware Platforms ◽

Smart Factories

Several Internet of Things (IoT) applications are booming which rely on advanced artificial intelligence (AI) and, in particular, machine learning (ML) algorithms to assist the users and make decisions on their behalf in a large variety of contexts, such as smart homes, smart cities, smart factories. Although the traditional approach is to deploy such compute-intensive algorithms into the centralized cloud, the recent proliferation of low-cost, AI-powered microcontrollers and consumer devices paves the way for having the intelligence pervasively spread along the cloud-to-things continuum. The take off of such a promising vision may be hurdled by the resource constraints of IoT devices and by the heterogeneity of (mostly proprietary) AI-embedded software and hardware platforms. In this paper, we propose a solution for the AI distributed deployment at the deep edge, which lays its foundation in the IoT virtualization concept. We design a virtualization layer hosted at the network edge that is in charge of the semantic description of AI-embedded IoT devices, and, hence, it can expose as well as augment their cognitive capabilities in order to feed intelligent IoT applications. The proposal has been mainly devised with the twofold aim of (i) relieving the pressure on constrained devices that are solicited by multiple parties interested in accessing their generated data and inference, and (ii) and targeting interoperability among AI-powered platforms. A Proof-of-Concept (PoC) is provided to showcase the viability and advantages of the proposed solution.

Download Full-text

Multi-Blockchain-Based IoT Data Processing Techniques to Ensure the Integrity of IoT Data in AIoT Edge Computing Environments

Sensors ◽

10.3390/s21103515 ◽

2021 ◽

Vol 21 (10) ◽

pp. 3515

Author(s):

Sung-Ho Sim ◽

Yoon-Su Jeong

Keyword(s):

Low Cost ◽

Third Party ◽

Monitoring And Control ◽

Constant Size ◽

Computing Environments ◽

Iot Devices ◽

Cloud Servers ◽

The Cost ◽

Processing Techniques ◽

And Control

As the development of IoT technologies has progressed rapidly recently, most IoT data are focused on monitoring and control to process IoT data, but the cost of collecting and linking various IoT data increases, requiring the ability to proactively integrate and analyze collected IoT data so that cloud servers (data centers) can process smartly. In this paper, we propose a blockchain-based IoT big data integrity verification technique to ensure the safety of the Third Party Auditor (TPA), which has a role in auditing the integrity of AIoT data. The proposed technique aims to minimize IoT information loss by multiple blockchain groupings of information and signature keys from IoT devices. The proposed technique allows IoT information to be effectively guaranteed the integrity of AIoT data by linking hash values designated as arbitrary, constant-size blocks with previous blocks in hierarchical chains. The proposed technique performs synchronization using location information between the central server and IoT devices to manage the cost of the integrity of IoT information at low cost. In order to easily control a large number of locations of IoT devices, we perform cross-distributed and blockchain linkage processing under constant rules to improve the load and throughput generated by IoT devices.

Download Full-text