Reconfigurable Security: Edge-Computing-Based Framework for IoT

In various scenarios, achieving security between IoT devices is challenging since the devices may have different dedicated communication standards and resource constraints as well as various applications. In this article, we first provide requirements and existing solutions for IoT security. We then introduce a new reconfigurable security framework based on edge computing, which utilizes a near-user edge device, that is, a security agent, to support security functions as IoT resources for the security requirements of all protocol layers including multiple applications on an IoT device. This framework is designed to overcome the challenges including high computation costs, low flexibility in key management, and low compatibility in deploying new security algorithms in IoT, especially when adopting advanced cryptographic primitives. We also provide the design principles of the reconfigurable security framework, the exemplary security protocols for anonymous authentication and secure data access control, and the performance analysis in terms of feasibility and usability. The reconfigurable security framework paves a new way to strengthen IoT security by edge computing.

[1]  Jim Sermersheim,et al.  Lightweight Directory Access Protocol (LDAP): The Protocol , 2006, RFC.

[2]  Weisong Shi,et al.  Edge Computing: Vision and Challenges , 2016, IEEE Internet of Things Journal.

[3]  Jui-Hung Yeh,et al.  sRAMP: secure reconfigurable architecture and mobility platform , 2011, Secur. Commun. Networks.

[4]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[5]  Chun-I Fan,et al.  Complete EAP Method: User Efficient and Forward Secure Authentication Protocol for IEEE 802.11 Wireless LANs , 2013, IEEE Transactions on Parallel and Distributed Systems.

[6]  Jyh-Cheng Chen,et al.  Extensible authentication protocol (EAP) and IEEE 802.1x: tutorial and empirical experience , 2005, IEEE Communications Magazine.

[7]  Ludwig Seitz,et al.  S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things , 2016, IEEE Transactions on Automation Science and Engineering.

[8]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[9]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[10]  Moti Yung,et al.  Group Signatures with Almost-for-Free Revocation , 2012, CRYPTO.

[11]  Roy H. Campbell,et al.  A lightweight reconfigurable security mechanism for 3G/4G mobile devices , 2002, IEEE Wirel. Commun..

[12]  Xiaolei Dong,et al.  TR-MABE: White-box traceable and revocable multi-authority attribute-based encryption and its applications to multi-level privacy-preserving e-healthcare cloud computing systems , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[13]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[14]  Hovav Shacham,et al.  Short Group Signatures , 2004, CRYPTO.